Data Security With DJI Enterprise Drones

Data Security With DJI Enterprise Drones

A guide to data security on DJI's most advanced enterprise drones, which are bolstered with a robust suite of features to protect user data. This includes Network Security Mode to give users control over their data, AES-256 video transmission encryption, Cloud API, and SD Card AES Encryption.

Last updated: Dec 15, 2022
Published on: Nov 09, 2022

12 minute read

DJI has robust data security protocols on its enterprise drones.

  • DJI's latest enterprise drones have a robust security suite to keep sensitive data safe and secure;
  • Features include Network Security Mode, including Local Data Mode which enables a user's device to be operated completely offline;
  • Other security measures include AES-256 video transmission encryption and one-tap clear all device data;
  • This blog explores these data security features, explaining how to activate them and how they protect drone data. 

Data security is a crucial consideration for enterprise drone operators, considering the unique role that UAS play as a data capture tool.

DJI's latest commercial drones are bolstered with a comprehensive suite of features to ensure users have control over the data they generate and that sensitive information is protected from hijackers. 

 

 

As such, operators of the M30 Series, M300 RTK, and Mavic 3 Enterprise Series can utilise this robust architecture to secure their data. 

These features include:

  • Network Security Mode, including Local Data Mode
  • One-tap Clear All Device Data 
  • AES-256 Video Transmission Encryption
  • Cloud API
  • SD Card AES Encryption

This blog explores these features, including how they are activated and how they improve the security and integrity of sensitive data.

Keeping User Data Safe: Network Security Mode

DJI says it will not access any user data unless given permission to do so.

Operators can grant or revoke permissions at anytime through Network Security Mode, found within the DJI Pilot ecosystem and accessed via the remote controller.

 

 

Permissions that can be activated or deactivated include access to device information; flight records; device logs; and whether DJI can share device location with third-party map service providers in order to display your location on the map.

There are three modes to choose from within Network Security Mode, offering different levels of customisation and permissions. These modes are: 

1: Standard Mode

DJI Pilot will connect to the internet and work normally. The features and functions within Standard Mode can be turned on or off. 

 

 

2: Restricted Network Mode

To protect operator data, many of DJI Pilot's features and functions are disabled and cannot be activated, with the exception of Map Service, Network RTK, and Third-party Cloud Services, which can be enabled or disabled.

If operators want to use a map without activating Map Service in Restricted Network Mode, they can use the MapTiler offline map to continue with a mapping service. This will prevent information being sent to third-party map service providers.

 

 

MapTiler's HQ is in Switzerland. Its maps contain no spy code, and IP addresses of MapTiler Cloud visitors are stored in memory only for a limited time needed for security checks; a maximum is 20 minutes, and then automatically destroyed. For more details, click here.

DJI has also used American-based Mapbox for this extra-secure method of accessing maps.

Other apps on a smartphone or tablet are not affected by the use of Restricted Network Mode.  

3: Local Data Mode

Local Data Mode provides government and commercial customers with additional assurance that data generated during drone operations is effectively protected.

It is an internet connection 'kill switch' feature within DJI’s command and control mobile applications that, when enabled, prevents the app from sending or receiving any data over the internet.

The app will close all data services and will not send any network requests to protect data. The features and functions within this mode will be disabled, with no option to enable them.

 

 

Local Data Mode enables a user's device to be operated completely offline. In this case, there is no requirement for users to log into their DJI account.

With Local Data Mode activated, drone operators can easily and effectively cut off all network connections from DJI’s mobile applications and prevent any data from being transferred to DJI or other parties. 

Turning on Local Data Mode - which is similar to Airplane Mode on smartphones and other mobile devices - should help to assure drone operators that all data remains local and entirely within their control.

To use maps in Local Data Mode, first download the map in Standard Mode, and then switch to Local Data Mode.

Network Security Mode: Features In More Detail

The table below highlights the purpose of each Network Security Mode feature and how these are impacted by switching between Standard Mode, Restricted Network Mode, and Local Data Mode. 

 

Feature Purpose Standard Mode Restricted Network Mode Local Data Mode
Map Service Displays the location of your mobile device and DJI devices on the map in real-time while your aircraft is in flight.

Enabling Map Service allows third-party map service providers to access the location information of your mobile device and DJI devices.
Toggle on or off Toggle on or off Off
Network RTK Provides RTK data to your DJI devices from a third-party RTK service provider.

Network RTK helps you use your DJI devices with high-accuracy positioning data.

Third-party RTK service providers will gain access to your devices' location information only when you are using Network RTK service. 

Your DJI devices' location information will be used for requesting data from nearby RTK base stations.
Toggle on or off Toggle on or off Off
Third-party Cloud Services Supports GB28181 protocol, RTMP, RTSP and DJI IoT API. 

Only when you choose Third-party Cloud Services will DJI Pilot sync DJI device serial numbers, GPS location information, flight speed, real-time image transmission, aircraft attitude, camera attitude, sensor data, and livestream protocol to DJI servers in accordance with livestream protocol.
Toggle on or off Toggle on or off Off
Device Update Includes checking for updates and downloading update packages for your DJI devices and DJI apps.

Keeping your DJI devices and apps updated helps ensure optimal user experience.

Enabling Device Update allows DJI Pilot to sync the following information for checking updates and downloading update packages: Account information, DJI devices firmware versions, and DJI apps versions.
Toggle on or off Off Off
Sync Logs A convenient tool for uploading DJI device logs. 

DJI Pilot will sync your account information and DJI device logs to DJI servers only when you choose to upload them.

The logs contain various DJI device status information, including, but not limited to, the DJI device serial number, flight trajectory, flight speed, and sensor data.

This information will only be used to help DJI Support locate issues with the device.
Toggle on or off Off Off
Sync Flight Records A convenient tool for syncing DJI device flight records.

DJI Pilot will sync your account information, DJI device serial numbers, location information, flight trajectory, flight speed, and sensor data to DJI servers only when you choose to update them.
Toggle on or off Off Off
FlightHub 2 Cloud Platform Only after DJI Pilot users log in to FlightHub 2 will Pilot sync data such as account, device, GPS location, aircraft speed and attitude, and real-time image transmission data to FlightHub 2.

Sharing data with team members through FlightHub 2 can increase team efficiency.
Toggle on or off Off Off
DJI Product Improvement Project DJI would like you help to improve the quality and performance of its products by collecting and sending device diagnostics and usage data.

No DJI account details or personal information will be collected for this purpose.
Toggle on or off Off Off
Fly Safe

Includes update checks and downloads for the Precise Fly Safe Database and unlocking licence synchronisation.

It increases flight safety by providing more accurate geo-zone information and is also a convenient and efficient way to unlock licences from DJI.

 

Enabling Fly Safe allows DJI Pilot to sync your DJI device information, the Precise Fly Safe Database version information, and GPS fuzzy location information to DJI servers for checking for and downloading updates and for updating temporary geo-zone data.

DJI Pilot only syncs your account information and DJI device serial number with DJI servers to unlock licence when you use the licence syncronisation function.

Toggle on or off Off Off

 

Network Security Mode: Enabling And Disabling Features 

The below screen shots show how this plays out within DJI Pilot 2 - the most recent DJI Pilot app.

For instance, the next set of images show Network Security Mode's Map Service and Network RTK features, and how Standard Mode, Restricted Network Mode, and Local Data Mode impact their usability.

In Standard Mode, users can choose to enable or disable Map Service and Network RTK...   

 

 

  

 

...which is also the same in Restricted Network Mode...

  

 

...but in Local Data Mode, Map Service and Network RTK are off by default and there is no option to activate them. 

 

DJI Data Security - Local Data Mode

 

This next set of images shows how other features within Network Security Mode - in this case, Device Update - can continue to be switched on and off in Standard Mode...  

 

 

...but are now deactivated, with no option to activate, in Restricted Network Mode...

 

 

...as well as in Local Data Mode.

 

 

How To Access Network Security Mode 

So, how do you choose your preferred Network Security Mode settings?

Again, taking DJI Pilot 2 as the example, click on the shield at the top left of the screen on the remote controller... 

 

 

...to bring up this menu within the Data and Privacy section. Click on the Standard Mode box on the right to activate a drop down to choose between this mode, Restricted Network Mode and Local Data Mode.  

 

 

  

AES-256 Video Transmission Encryption For Enhanced Security

Data transmitted between the drone and the remote controller on the ground is protected by the AES-256 encryption algorithm.

The communication between the DJI Pilot app and the server is also protected by HTTPS or WebSockets over SSL/TLS (WSS) protocol to prevent hijacking by third-parties and protect against man-in-the-middle attacks.

 

 

How AES-256 Encryption Works To Protect Your DJI Drone Data

AES encryption has become the industry standard for data security. AES comes in 128-bit, 192-bit, and 256-bit implementations, with AES-256 being the most secure.

The three types of AES also vary by the number of rounds of encryption. AES-128 uses 10 rounds, AES-192 uses 12 rounds, and AES-256 uses 14 rounds. The more rounds there are, the safer the encryption.

This is why AES-256 - which is utilised by DJI - is considered the safest encryption there is.   

SD Card Encryption - Secure Device Media Storage

Setting a security code helps to ensure the secure use of media files. This can be done via the Data and Privacy page on the remote controller within the Pilot app.

 

 

When the password function is enabled, data stored in the SD card or onboard storage can be accessed only after the user-defined password is provided.

The security code will be required when accessing content on the SD card via DJI Pilot and DJI Pilot 2.

It is interesting to note the following:

  1. Security code is neither saved on device nor accessible by DJI. This means that the password cannot be retrieved if it is forgotten by the user. 
  2. It is not possible to reset security code. If security code is lost, format the memory card for reuse.
  3. Memory card will be formatted if security code is disabled.

Security code settings are only available for Zenmuse H20 series, Matrice M30, and Mavic 3 Enterprise Series cameras. Other cameras, such as Zenmuse L1 and P1, as well as third-party payloads, are currently not supported.

Erasable Data - One-tap Clear All Device Data 

Users can choose to erase any data generated during their use of DJI devices. To erase your data, go to the DJI Pilot or DJI Pilot 2 app to clear the logs and cache on your device and the app.

Press the Clear All Device Data button via the Clear DJI Device Log tab.

This resets the remote controller operating system and will clear flight records, brief flight records, app logs, and local media data, flight route files, and other data. 

 

DJI Data Security: One-tap Clear All Device Data.

 

The cache can be removed by pressing the DJI Pilot Cache tab.

 

DJI Data Security: Clear All Cache Data

 

 

 

If you decide not to use DJI’s services anymore, email support@dji.com to ask DJI to delete all the data associated with your account. 

Cloud Data Storage Security

DJI's data centres are built on Amazon Web Services (AWS) and Alibaba Cloud. Alibaba Cloud is used only for customers in Mainland China. Amazon Web Services is used for all other regions.

Both are known for their security qualification and high reliability. AWS has certification for compliance with ISO 27001/27017/27018, and Alibaba Cloud has certification for compliance with ISO 27001, CSA STAR certification, and SOC (Service Organisational Control) independent audits.   

 

 

Amazon Web Services describes itself as the most secure cloud computing environment available today and a network architected to protect information, identities, applications, and devices. For more details about AWS, visit the official website.

DJI users are not required to store any data with DJI. If they choose to do so, their data is kept in DJI's data centres which are equipped with a multi-layer protection mechanism.

DJI says that it will not transmit users' personal information or data across data centres or share any data with third parties. Sensitive information, such as email addresses, mobile numbers, and location information, is given additional AES-256-CBC encryption. 

Cloud API

The launch of the Cloud API mainly solves the problem of developers reinventing the wheel.

For developers who do not need in-depth customisation of the app, they can directly use DJI Pilot 2 to communicate with the third-party cloud platform, and developers can focus on the development and implementation of cloud service interfaces.

Based on the common standard protocols such as MQTT, HTTPS and Websocket, DJI Cloud API abstracts the function set sufficiently and isolates the complex hardware operations logic in the drone, and makes it possible for DJI's developers to focus on their own business without caring about the underlying flight logic.

What's more, DJI Cloud API can adapt to any network as long as the DJI Pilot 2 or DJI Dock is allowed to access the third-party platform server.

 

DJI Cloud API overview.

 

DJI Security Features: Summary

DJI drones are a great data collection tool, but it is crucial that operators feel confident about the integrity and security of this information.

Recognising this, and utilising the DJI Pilot app ecosystem, DJI's most advanced enterprise platforms feature robust processes to ensure users have control over the data they generate and that it is encrypted and protected from hijackers.

And DJI's security architecture is sure to evolve in the coming months and years to provide operators with even greater protection and reassurance about their drone data.   

The heliguy™ enterprise team is available to discuss data security with your operations and security teams. Contact us for more information. 


Leave a comment

Please note, comments must be approved before they are published

If you have a question or require urgent assistance, please contact us to ensure your query is dealt with quickly.

Please note, this hidden field is to prevent bot submissions and entering data will result in your comment being discarded without moderation.