DJI insisted AeroScope signals were encrypted – now it admits that’s not the case

Last month, Ukrainian Deputy Prime Minister Mykhailo Fedorov accused DJI of helping Russia kill Ukrainian civilians in an unusual way – by allowing Russia to freely use a drone tracking system called DJI AeroScope to target the exact location of Ukrainian drone pilots and allegedly kill them with mortar attacks and missiles.

So we wrote a detailed explanation of what DJI AeroScope actually is, how it works, what it was designed for, and what, if anything, DJI could actually do to prevent people from being killed with its technology. But one hacker pointed out that DJI wasn’t honest with us on at least one point — and the company is now admitting it. The AeroScope signals sent by any modern DJI drone aren’t actually encrypted, DJI now says.

That means governments and others with technical skills may not need an AeroScope to see the exact position of every DJI drone and the exact location of every nearby pilot.

To be clear, both DJI spokesman Adam Lisberg and drone forensics expert David Kovar told us these signals were encrypted. And when hacker Kevin Finisterre suggested that this was wrong, we reached out to DJI once again. It was only after Finisterre repeated exposed the claim DJI has admitted to The edgealmost a month later that it wasn’t really true.

DJI’s Lisberg says it’s his fault, but also tells us that his R&D contacts in China repeatedly told him it was encrypted and that it took senior managers to step in and admit it wasn’t true.

Incidentally, it’s not entirely surprising that AeroScope signals are unencrypted: DJI originally envisioned Drone ID (now known as AeroScope) as a technology that other drone manufacturers would also use. And governments like the United States are already planning to do so Require your drone to broadcast your physical location by 2023 – it will not be optional, nor is it clear to me if these signals will be encrypted.

We pressed Lisberg for some of the other claims he made in the article as we want to make sure other information is correct. There are no other corrections at this time, but he admitted that while DJI could revoke an AeroScope certificate early to disable it, that would only affect stationary units connected to its own AWS servers — and that theoretically it would also be possible to see the GPS positions of these AeroScope receivers this way (although probably not the ones used by the Russian military, or the handheld ones that don’t connect to AWS at all).

Lisberg also says, “I’ve been told again that Sentinel and Supervisor don’t exist,” and refers to it an ominous sounding program that Finisterre has found during a DJI data breach in 2017. Finisterre has suggested that the program is proof that DJI is evaluating data about its users, at least in China, but DJI has flatly denied this The edge It was simply a suggestion of how DJI could theoretically do targeted advertising, but that never actually happened.

Finisterre also pointed this out DJI had a way to remotely turn off the AeroScope signals his drones are sending out that disables in later updates. It appears maybe there is another way Send commands to the drone to mask a pilot’s coordinates.

Yesterday, DJI announced that it would stop all product deliveries and customer service for both Russia and Ukraine. DJI insisted AeroScope signals were encrypted – now it admits that’s not the case

Fry Electronics Team

Fry is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Back to top button