Independent Audit Finds No Security Basis for Restricting DJI in the USA
An independent cybersecurity analysis has concluded that there are no legitimate security concerns warranting the prohibition of DJI products within the United States. This rigorous assessment, undertaken by a U.S.-based cybersecurity firm, scrutinized various DJI drone models and found them to be free of critical vulnerabilities. The findings challenge existing restrictions and underscore DJI's commitment to transparency, particularly in light of ongoing regulatory disputes. The comprehensive nature of the audit, involving advanced adversarial testing across multiple domains, aims to provide an evidence-based foundation for policy discussions concerning drone technology and national security.
This detailed report emerges amidst a contentious regulatory environment where DJI has faced bans in the U.S. due to an unfulfilled government audit. The company has consistently advocated for a technical review, asserting the security of its products. The independent assessment by OnDefend, an organization known for its expertise in national security and operational technology testing, provides substantial evidence to support DJI's claims. The firm's methodology, which included independently sourcing products and employing AI-driven analysis, reinforces the credibility of its findings, potentially influencing future policy decisions regarding drone imports and sales in the U.S.
Independent Security Assessment Clears DJI Drones
A recent independent cybersecurity audit, conducted by the U.S. firm OnDefend, has concluded that there are no security-related grounds to prevent the importation and sale of DJI drone products in the United States. This assessment, commissioned by DJI but performed with a strong emphasis on independence, examined consumer and enterprise-level drones, including the DJI Air 3S with RC 2 controller and the DJI Matrice 4E with RC Plus 2 Enterprise controller. The auditors performed "advanced adversarial testing" across software, hardware, and radio frequency domains, utilizing devices procured independently to ensure they reflected standard U.S. market distribution. The findings revealed no critical, high, or medium-risk security issues, backdoors, unauthorized remote access, or data transmission outside the U.S., thereby challenging the existing governmental restrictions on DJI products.
OnDefend's comprehensive security assessment meticulously analyzed DJI's drone systems, including their hardware, software, and communication protocols. The firm, comprising U.S. military and government professionals, employed proprietary AI-driven imaging and silicon-level analysis to detect potential unauthorized transmission pathways, counterfeit components, and undocumented hardware modifications. This in-depth scrutiny confirmed that all observed connections from DJI flight control applications were routed through U.S.-based infrastructure. Furthermore, controllers demonstrated resilience against jailbreak and firmware modification attempts, and all detected radio frequency emissions were traced to known system functions, ruling out covert channels. While the audit identified 10 low-risk findings and thirteen observations, which are deemed consistent with industry norms for complex mobile systems, these issues were primarily related to application security configurations and session handling, posing no realistic risk to drone operation or widespread exposure of confidential information. DJI has indicated plans to address these minor points in future software updates, reinforcing their commitment to continuous security enhancement.
Implications for DJI's U.S. Market Presence Amidst FCC Scrutiny
The findings of this independent security audit carry significant implications for DJI's ongoing struggle to maintain its presence in the U.S. market. The company has faced an automatic ban due to the U.S. government's failure to conduct a congressionally mandated audit in 2024, leading to its inclusion on the FCC Covered List. This ban has prevented the importation of various DJI products, including popular series like the Osmo Pocket. DJI has consistently called for a transparent, evidence-based technical review, arguing that its FCC designation was not based on documented security vulnerabilities. The current audit serves as a direct response to this lack of official scrutiny, providing a factual basis for reconsideration and potentially influencing the FCC's decision on DJI's appeal, which has already garnered substantial public comment.
Adam Welsh, Head of Global Policy at DJI, emphasized that these audit results confirm DJI's long-held position regarding the security and data privacy practices of its products. He reiterated that the concerns underlying the FCC's designation are not supported by technical evidence, advocating for policy decisions to be informed by facts. The company is actively appealing its FCC designation and has engaged constructively with relevant authorities, urging them to carefully consider the new findings. The public appeal process for the FCC's decision has seen an unprecedented level of engagement, with thousands of comments filed, indicating the widespread interest and impact of this issue. This independent assessment, therefore, provides crucial technical evidence that could reshape the regulatory landscape for DJI in the U.S., potentially leading to a reversal of the ban and allowing consumers access to their products once again.