Here at BFD Systems we are hardware people. We build the aircraft using various different components depending on the mission type. We've used DJI flight controllers for a long time, back from the first ACE-One and WKM models. In short they are great because they are so easy to use and they fly like magic. But DJI has become the juggernaut of the industry and there are some concerns about their security vulnerabilities, their pricing structure, and their complete grasp on a multi billion dollar industry.
We're getting an increased number of customers who are looking for alternatives to DJI flight controllers. Last week it became public that the US military is no longer going to allow the use of DJI products due to cyber security vulnerabilities. Air and Space Magazine has a good article on DJI's bad week.
When flying a DJI product that uses the DJIGO app and DJI Controller (Lightbridge) the UAS is constantly connecting to a Cloud Server. This is a big plus for consumers or prosumers because you can access all your information from different mobile devices. You can turn this feature off if you'd like but the concern is that even if you turn it off that information is still being sent back to the mothership in China. This data is incredibly useful to DJI from a marketing perspective because they can learn how their customers are using their products and they have very useful data on crashes, battery performance or manufacturing failure rates. It's a gold mine of data for the company. The potential downside is data you might not want to share. For example if you are inspecting critical infrastructure or photographing sensitive trade secrets you may be unwillingly sending that information back to DJI's cloud servers. To be clear, I am not aware of anyone who has hard evidence of this, at least not that they are publically sharing.
DJI has a massive market share and many reputable businesses are completely reliant on the DJI brand, so there are many outspoken skeptics of this claim. One article that quotes a NOAA study says they found no evidence of DJI sending unsecure data although in my opinion they are misrepresenting the facts. In the 2016 study NOAA tested a DJI S1000 without using the Light Bridge or DJIGO APP
"The drone was being controlled with a third-party remote and independent ground station."
In reality, the heart of the DJI user experience (the Lightbridge controller and the App) are what seem to be the culprit. The App, with the help of all the data gathered from the lightbridge control system, is what connects the drone to the internet, constantly. If you buy a DJI flight controller to use with a third party remote controller such as a futaba you can choose to never connect to the internet again after the initial setup.
The same article that people are using to defend DJI against the military's ban also contains a paragraph most people are skimming over that supports the US government's accusation.
"... a computer programmer at NOAA and one of the authors of the study, confirmed to The Verge that their tests on the S-1000 found it wasn’t sending any unusual traffic back to DJI. He did say, however, that he ran similar tests on his personal unit, a Phantom 3 professional, during his spare time. His software found that unit was sending encrypted data back to DJI and servers whose location he could not determine."
This is a perfect example, the DJI Phantom 3 uses the DJIGO app, and if you're using the app, your drone may or may not be phoning home. We don't think the good people at the Verge know the difference between the various control methods and the vulnerabilities associated with each type.
Now that the military has made this decision we've seen a lot of companies who don't want to be seen as falling behind or not taking this threat seriously. We see this as a good thing for the industry. Not because We don't have anything against DJI, they are incredible, but because the industry has become completely reliant on DJI products. Monopolies don't work out well and expose the industry as a whole to a vulnerability. If DJI was to disappear today from the face of the earth the industry would be set back quite a bit.
At BFD Systems we've been experimenting with a number of flight controllers that have been really fantastic for our systems. The challenge for the consumer is these flight controllers are not packaged and ready off the shelf as a DJI. What we are doing is integrating these systems into our aircraft so our customers don't have to think about it with an increased lean on automation. The added benefit of working outside the DJI box is we've been able to do an insane amount of customization on the flight controller side. Adding Lidar collision avoidance, radar or laser altitude holding, completely redundant power systems with incredible telemetry and black box recording.
So should you be worried about this DJI business? For many applications perhaps not, but this is a great time and great opportunity to explore other options now to help diversify your fleet or help your business stand out amongst the competition by offering a different and more capable aircraft. Stay tuned for more on that, or if you just can't wait to hear more about these other options email us at Info@bfdsystems.com