CISPA researchers presented the results of their work at this week’s Network and Distributed Systems Security Symposium (NDSS) in San Diego. For their research, experts chose devices from the Chinese company DJI, one of the market leaders in drones, drones and video stabilization equipment.

What the researchers discovered

These devices are increasingly in demand in the war zone, as their operators can conduct high-altitude surveillance, reconnaissance and even be used as weapons, while hiding several kilometers from the drone.

But It turns out that a person’s whereabouts are not such a big secret.. In fact, anyone with simple and inexpensive radio equipment can capture the drone signals and decode them, thereby obtaining the coordinates of the person flying the drone.

Background: DJI and Ukraine

It is worth noting that the software part of these drones was already criticized last spring. Later, the Ukrainian authorities criticized the company as follows: The Russian military uses DJI drones to guide the missiles, and also uses the radio signals of Ukrainian DJI drones to locate their operators..

In response to the criticism, DJI declared that the use of consumer drones for military purposes was unacceptable, and subsequently completely stopped sales of its devices in both Russia and Ukraine. The manufacturer vehemently denied all suspicions, stating that the DroneID is encrypted and therefore inaccessible to those without an Aeroscope device – it simply cannot be bought.

German scientists disagree

German scientists proved in their report that: drone signals can indeed be decoded and read without any Aeroscope. They decoded the DroneID radio protocol and found that it was transmitting not only the GPS coordinates and the drone’s unique identifier, but also the GPS coordinates of its operator.

DroneID was originally designed to enable governments, regulators and law enforcement to monitor drones and prevent their misuse. But what are hackers and information security researchers talking about for so long? DroneID is not encrypted and is open to anyone who can receive radio signals..

Thanks to the drone’s firmware, the researchers developed a tool that can receive DroneID signals in real-time (i.e. without delay). Moreover, it costs only a few hundred dollars, which is very cheap compared to analogues.

The average drone user has absolutely no idea that his location is being broadcast over the radio, and anyone with a cheap receiver can see it in real time. I don’t know if they deliberately advertised Aeroscope in such a way as to give the impression that the only way to block DroneID is with this device. but not so
– says University of Tulsa expert Conner Bender.

The researchers note that although they only tested blocking at a distance of 4.5 to 7.5 meters, they did not even try to increase the distance, as it can be easily extended with additional technical solutions.

No official statement was received from DJI on this matter.

The company has already agreed.

In 2022, the company still admitted it. At first they stressed that DroneID is encrypted and therefore cannot be used by those without an Aeroscope device. Eventually, however, a DJI representative admitted in a conversation with The Verge reporters that the transmissions were not actually encrypted.

Now, Brendan Shulman, former DJI vice president of policy and legal affairs, told Wired that he led the development of DroneID in 2017. U.S. government requirements to create a drone tracking system. According to him, DroneID it was never intended as an encrypted system. At the time, the Federal Aviation Administration, intelligence agencies, and Congress were pushing for a system for public safety that would allow anyone to locate any drone and its operator. Moreover, it was proposed to do this not with the help of hacking tools or DJI’s own developments, but with the help of ordinary smartphones and tablets that would allow “civil viewing”.

Cyber ​​experts and journalists now believe that regardless of DJI’s motivations to create DroneID and promote the Aeroscop as the only device that can capture signals, drone operator location information is available and that data can be easily captured by third-party devices. will seriously affect quadcopter use in war zones.