DHS warns of ‘strong concerns’ that Chinese-made drones are stealing data

Daily News Article   —   Posted on May 23, 2019

(by David Shortell, CNN) Washington, D.C.– Chinese-made drones may be sending sensitive flight data to their manufacturers in China, where it can be accessed by the government there, the US Department of Homeland Security (DHS) warned in an alert issued Monday obtained by CNN.

The drones are a “potential risk to an organization’s information,” the alert from DHS’s Cybersecurity and Infrastructure Security Agency states. The products “contain components that can compromise your data and share your information on a server accessed beyond the company itself.”

The report does not name any specific manufacturers, but nearly 80% of the drones used in the US and Canada come from Chinese company DJI, which is headquartered in Shenzhen, China, according to one industry analysis. US local law enforcement organizations and infrastructure operators have grown to rely on drones in recent years.

“The United States government has strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data or otherwise abuses that access,” the Homeland Security alert says.

“Those concerns apply with equal force to certain Chinese-made (unmanned aircraft systems)-connected devices capable of collecting and transferring potentially revealing data about their operations and the individuals and entities operating them, as China imposes unusually stringent obligations on its citizens to support [the Communist government’s] national intelligence activities,” the alert adds. [In other words, DHS is saying that Chinese-made drones have the ability to share information and data to a server that isn’t exclusively controlled by the drone manufacturer – implying that the Communist Chinese government has access.]

The warning from DHS follows an executive order signed by President Donald Trump last week that effectively banned US firms from using telecommunications equipment made by the Chinese company Huawei, which has drawn similar national security concerns of Chinese communist government spying.

The US and China are currently locked in a trade war that has frayed the two countries’ relationship as it deteriorated in recent weeks. [On May 3, following months of trade negotiations, Chinese officials reneged on the commitments they had just made to change laws in China to resolve core issues that caused the Trump administration to launch a trade war, including: theft of U.S. intellectual property and trade secrets; forced technology transfers from U.S. companies to China; China’s policy of stifling competition; access to financial services; and China’s currency manipulation.]

US officials have raised national security concerns about Chinese-made drones in the past. In 2017, the US Army issued a ban on the use of Chinese DJI drones, alleging in a memo that the company shared critical infrastructure and law enforcement data with the Chinese government. [As part of a 2017 Chinese national-intelligence law, China requires its citizens and companies to support its “national-intelligence” activities. The DHS alert reportedly suggests that Chinese drone companies could share — or be forced to share — data collected from their drones abroad, including from people in the US.]

Also that year, an internal report from an intelligence division of the Immigration and Customs Enforcement (ICE) agency in Los Angeles assessed that China’s DJI was “selectively targeting government and privately owned entities within (the US. critical infrastructure and law enforcement sectors) to expand its ability to collect and exploit sensitive US data.”

Users are warned to “be cautious when purchasing” drones from China, and to take precautionary steps like turning off the device’s internet connection and removing secure digital cards.

The alert also warns users to “understand how to properly operate and limit your device’s access to networks” to avoid “theft of information.”

“Organizations that conduct operations impacting national security or the Nation’s critical functions must remain especially vigilant as they may be at greater risk of espionage and theft of proprietary information,” the alert states.

In a statement, DJI said that it gives customers “full and complete control over how their data is collected, stored, and transmitted,” adding that “customers can enable all the precautions DHS recommends.”

“At DJI, safety is at the core of everything we do, and the security of our technology has been independently verified by the U.S. government and leading U.S. businesses,” DJI said.

“For government and critical infrastructure customers that require additional assurances, we provide drones that do not transfer data to DJI or via the internet, and our customers can enable all the precautions DHS recommends. Every day, American businesses, first responders, and U.S. government agencies trust DJI drones to help save lives, promote worker safety, and support vital operations, and we take that responsibility very seriously,” DJI said. …

Published at CNN .com. Reprinted here for educational purposes only. May not be reproduced on other websites without permission from CNN.