The U.S. Army, according to an August 2nd memo, has ordered units to stop using consumer drones developed by Chinese manufacturer DJI. “Cease all use, uninstall all DJI applications, remove all batteries/storage media from devices, and secure equipment for follow on direction,” read the memo from Lt. Gen. Joseph H. Anderson, the Army’s deputy chief of staff for plans and operations. The memo cited “increased awareness of cyber vulnerabilities associated with DJI products.”
On May 22, DJI ordered users to register their drones with the company, noting those who fail to comply would suffer cuts to speed and range, as well as the ability to stream video. DJI claimed the order was part of a plan to upgrade its geolocation data to make UAVs safer, but as Defense One notes, the two references cited in the Army memo- one a classified Army study – were produced days after DJI’s May 22 order; a month before that, DJI included areas in Iraq and Syria onto its geofence system. “There are U.S. special operators in Syria using DJI products,” said Brett Velicovich, a former Army intelligence soldier who now runs Expert Drones, a consumer drone firm in Alexandria, Va. “So I get it. I’m glad [the Army is] finally doing something about this.”
DJI has developed the world’s most popular consumer drones, accounting for at least 65 percent of the commercial drone market, according Drone Industry Insights’ Q3 2016 Top20 Drone Company Ranking. In addition to concerns about developer-enabled backdoors, the Army may be concerned about cyber vulnerabilities from hackers. Earlier this year, hackers broke into DJI’s Phantom series and manipulated the drone’s GPS software, disrupting geofences meant to keep drones out of no-fly zones.
In response to the Army’s decision, DJI said in a statement “We are surprised and disappointed to read reports of the U.S. Army’s unprompted restriction on DJI drones as we were not consulted during their decision. We’ll be reaching out to the U.S. Army to confirm the memo and to understand what is specifically meant by ‘cyber vulnerabilities.’”