UK MOD restricts use of Drones on UK establishments

[George Templeman]

Hi all,

Recently we have been involved in some survey and mapping projects on UK MOD sites and we do have one current approved for a UASF site from 17th Jan as part of a building condition survey.

However, I was advised on Friday that no further Surveys by Drone would be allowed on MOD sites due to the perceived issue with data transmission to the DJI servers.

Now I am not an expert in the perceived issue, but transmitting 200 or so high res photos via a 3/4g data connection in real time is, I would suggest impossible, they probably know where he drone is, and can look at google earth of similar to pin point the location., but until the photos are synced, DJI can not see the images, correct?

Anyone out there can give me some ammunition to challenge this?

I note the Pilot app on Crystalsky has a local data mode, but that is not much good for autonomous mapping missions

The potential upcoming projects we have are not in any way sensitive, roof inspections and the like, all of which can be purchased in 12.5cm resolution from sites such as Get Mapping so if DJI want to look at any UK MOD site the data is there, but obviously not a detailed as 1.5cm resolution

Comments / advice welcome please

Thanks

Aerial and Laser Suveys

 

[Mad_angler1]

Is this ban all drones or just DJI, I suspect the MOD and others have just woke up to the fact that these things are being used with little thought on how the data that is collected is stored and used, I worked on some sites a few years ago and taking mobile phone pics was banned let alone using a flying camera.

Regardless of what anyone was or was not doing I suspect there will be a complete revaluation of the use of uas and the procedures around data handling.

If it’s DJI specific ban then you may have to wait for the dust to settle, DJI have just released a statement on what they are doing with your data and more importantly what they are not doing and have enlisted a 3rd party company to investigate the app and craft to prove this and confirm but we have to take a dose of reality here, DJI are a Chinese company, regardless of if they are doing exactly and I believe they are being open on this stuff governments in the west will get uneasy over some of this just because they can just like they did with Hawaii ect.

 

[George Templeman]

I think you are right, let the dust settle and see what DJI come up with to defend their corner.

You are right about normal photos, but permission can be gained for this, using the correct procedure, hopefully This can be applied to UAV’s in the future, I will keep applying gentle polite pressure to keep the issue alive.

Thank for the reply

 

[giumick]

The reality is no-one truly understands Dji's systems well enough to class them as safe i think on a national security level. Honestly i do not blame them. Dji are very secretive and potentially linked to the Chinese government so from our governments point of view that is dangerous.

It would not be hard to hide some software that sends info in the App at all. No-one is allowed near it, even repair centers etc may only get limited access to small parts of it at best for specialist projects.

Fear of the unknown

 

[Casey53]

I could see an issue if a DJI drone was used in someplace like Area 51 and aliens were spotted running around the place and subsequently appeared in a Chinese newspaper courtesy of DJI.

 

[NickU]

doubt you'll get anywhere with them, they're too stupid to argue with. They don't understand the systems, and until someone higher up the food chain says it's ok they won't dare risk doing anything sensible.

There are very easy ways to airgap and secure the flight and data so that nothing goes back to DJI or, for that matter, to anyone else, but rather than apply a bit of (un)common sense, its easier for them to join in the hysterics and look for a witch to burn.

You basically have 4 security risks:
- flight telemetry in the App (Dji or anyone else's).
- black box flight data inside the drone.
- mission data in the form of video and photographs.
- mapping processing system.

Flight telemetry:
...is easy to secure. Simply ensure that all wifi and mobile services are disconnected before commencing flights, and that the flight logs and any caches are deleted from the app before reconnecting comms services, you can go as far as deleting the app from the tablet as that will remove all data associated with the app. In fact, if they want to be doubly secure, they provide you with a tablet that they have provisioned with the flight app, and they then take that tablet back at the end of the mission and wipe the tablet memory. No data leaves the tablet full stop. This isn't just a DJI thing, litchi and other flight control/planning apps log their missions too.

Drone Black box flight data:
not a lot that they can do with this as it is only overwritten when the black box sd card is filled up. The cards are permanently fixed within the flight controller - the drone has to be opened up to get at the card, it can't just be ejected. The cards I've seen are typically around 2-4gb in size. Data is accrued at quite a high rate, so the log files are quite large. Someone else may be able to tell you how long/far you have to fly before you overwrite a previous mission. The data from these logs has to be deliberately downloaded though, and it needs a cabled connection to the drone, it doesn't have any magic connection with the flight control app. So, if they want the ultimate security, they make you fly in circles for a few hours, or keep the drone locked up.

Mission data:
Stored on the removeable microSD card. Can be physically secured by removing from the drone and locking up. Card can also be easily securely wiped after use. Low res preview versions of the mission data may also be recorded by the flight control app in a cache on the tablet. See the first item for how to deal with those.

Mapping systems:
The security risk here is basically down to what is done with the images and video. If they are held and processed locally on a secure pc that never leaves the site, then they're secure. If the card leaves the site with you for processing later, then it's not secure. If it's uploaded for processing to a cloud based system, the data's not secure (it's on someone else's server ffs!) For best security, they have a secured pc which is running processing software locally and they don't let you take it or the mission data off-site.

See how you can begin to secure things....it's all about how secure you want or need to be, is some security good enough, or is it anally retentive security that's needed?

Anyone else got any more thoughts..?

 

[Mad_angler1]

doubt you'll get anywhere with them, they're too stupid to argue with. They don't understand the systems, and until someone higher up the food chain says it's ok they won't dare risk doing anything sensible.

There are very easy ways to airgap and secure the flight and data so that nothing goes back to DJI or, for that matter, to anyone else, but rather than apply a bit of (un)common sense, its easier for them to join in the hysterics and look for a witch to burn.

You basically have 4 security risks:
- flight telemetry in the App (Dji or anyone else's).
- black box flight data inside the drone.
- mission data in the form of video and photographs.
- mapping processing system.

Flight telemetry:
...is easy to secure. Simply ensure that all wifi and mobile services are disconnected before commencing flights, and that the flight logs and any caches are deleted from the app before reconnecting comms services, you can go as far as deleting the app from the tablet as that will remove all data associated with the app. In fact, if they want to be doubly secure, they provide you with a tablet that they have provisioned with the flight app, and they then take that tablet back at the end of the mission and wipe the tablet memory. No data leaves the tablet full stop. This isn't just a DJI thing, litchi and other flight control/planning apps log their missions too.

Drone Black box flight data:
not a lot that they can do with this as it is only overwritten when the black box sd card is filled up. The cards are permanently fixed within the flight controller - the drone has to be opened up to get at the card, it can't just be ejected. The cards I've seen are typically around 2-4gb in size. Data is accrued at quite a high rate, so the log files are quite large. Someone else may be able to tell you how long/far you have to fly before you overwrite a previous mission. The data from these logs has to be deliberately downloaded though, and it needs a cabled connection to the drone, it doesn't have any magic connection with the flight control app. So, if they want the ultimate security, they make you fly in circles for a few hours, or keep the drone locked up.

Mission data:
Stored on the removeable microSD card. Can be physically secured by removing from the drone and locking up. Card can also be easily securely wiped after use. Low res preview versions of the mission data may also be recorded by the flight control app in a cache on the tablet. See the first item for how to deal with those.

Mapping systems:
The security risk here is basically down to what is done with the images and video. If they are held and processed locally on a secure pc that never leaves the site, then they're secure. If the card leaves the site with you for processing later, then it's not secure. If it's uploaded for processing to a cloud based system, the data's not secure (it's on someone else's server ffs!) For best security, they have a secured pc which is running processing software locally and they don't let you take it or the mission data off-site.

See how you can begin to secure things....it's all about how secure you want or need to be, is some security good enough, or is it anally retentive security that's needed?

Anyone else got any more thoughts..?

Great post and as you say it’s all about taking steps and precautions, it’s actually a shame DJI removed the wipe black box log option from the craft, I can see 100% why they did it as they were getting warranty claims with craft with no logs but it would be handy on the professional models like the I2 to be able to actually turn off all black box logging Roche onboard memory.

You simply could also factory reset the device after flight, tbh because of testing I have been resetting my CrystalSky a few times a week and it’s really no issue once you get used to it, any setting going back to default would be sorted as part of pre flight anyway.

This whole thing actually from the start is a perceived issue that people want to stand back and demand changes when very little changes are needed and you ect get completely secure very easily, you don’t need a off like version of Go or a total lock down, a fresh smart devices that’s connected online to install Go and download maps then is put into flight mode, then factory reset the device after flight, very quick and easy.

As you say the only one that’s difficult is the onboard logs currently.

 

[George Templeman]

Chaps, all very much appreciated, very helpful info. The survey I have lined up for next week, the client has taken a common sense approach, and agreed to review the mapping photos captured. At this site it’s not the building that are sensitive, it what goes on inside them. The only restriction they imposed was no to use a thermal camera. I will let you know how it all goes.

Thanks again

 

[The Editor]

doubt you'll get anywhere with them, they're too stupid to argue with. They don't understand the systems, and until someone higher up the food chain says it's ok they won't dare risk doing anything sensible.

There are very easy ways to airgap and secure the flight and data so that nothing goes back to DJI or, for that matter, to anyone else, but rather than apply a bit of (un)common sense, its easier for them to join in the hysterics and look for a witch to burn.

You basically have 4 security risks:
- flight telemetry in the App (Dji or anyone else's).
- black box flight data inside the drone.
- mission data in the form of video and photographs.
- mapping processing system.

Flight telemetry:
...is easy to secure. Simply ensure that all wifi and mobile services are disconnected before commencing flights, and that the flight logs and any caches are deleted from the app before reconnecting comms services, you can go as far as deleting the app from the tablet as that will remove all data associated with the app. In fact, if they want to be doubly secure, they provide you with a tablet that they have provisioned with the flight app, and they then take that tablet back at the end of the mission and wipe the tablet memory. No data leaves the tablet full stop. This isn't just a DJI thing, litchi and other flight control/planning apps log their missions too.

Drone Black box flight data:
not a lot that they can do with this as it is only overwritten when the black box sd card is filled up. The cards are permanently fixed within the flight controller - the drone has to be opened up to get at the card, it can't just be ejected. The cards I've seen are typically around 2-4gb in size. Data is accrued at quite a high rate, so the log files are quite large. Someone else may be able to tell you how long/far you have to fly before you overwrite a previous mission. The data from these logs has to be deliberately downloaded though, and it needs a cabled connection to the drone, it doesn't have any magic connection with the flight control app. So, if they want the ultimate security, they make you fly in circles for a few hours, or keep the drone locked up.

Mission data:
Stored on the removeable microSD card. Can be physically secured by removing from the drone and locking up. Card can also be easily securely wiped after use. Low res preview versions of the mission data may also be recorded by the flight control app in a cache on the tablet. See the first item for how to deal with those.

Mapping systems:
The security risk here is basically down to what is done with the images and video. If they are held and processed locally on a secure pc that never leaves the site, then they're secure. If the card leaves the site with you for processing later, then it's not secure. If it's uploaded for processing to a cloud based system, the data's not secure (it's on someone else's server ffs!) For best security, they have a secured pc which is running processing software locally and they don't let you take it or the mission data off-site.

See how you can begin to secure things....it's all about how secure you want or need to be, is some security good enough, or is it anally retentive security that's needed?

Anyone else got any more thoughts..?

Spot on - Although you could have saved yourself a lengthy post and stopped at "they are too stupid to argue with" and "they don't understand the systems"

Nuff said.....

 

[The Editor]

Hi all,

Recently we have been involved in some survey and mapping projects on UK MOD sites and we do have one current approved for a UASF site from 17th Jan as part of a building condition survey.

However, I was advised on Friday that no further Surveys by Drone would be allowed on MOD sites due to the perceived issue with data transmission to the DJI servers.

Now I am not an expert in the perceived issue, but transmitting 200 or so high res photos via a 3/4g data connection in real time is, I would suggest impossible, they probably know where he drone is, and can look at google earth of similar to pin point the location., but until the photos are synced, DJI can not see the images, correct?

Anyone out there can give me some ammunition to challenge this?

I note the Pilot app on Crystalsky has a local data mode, but that is not much good for autonomous mapping missions

The potential upcoming projects we have are not in any way sensitive, roof inspections and the like, all of which can be purchased in 12.5cm resolution from sites such as Get Mapping so if DJI want to look at any UK MOD site the data is there, but obviously not a detailed as 1.5cm resolution

Comments / advice welcome please

Thanks

Aerial and Laser Suveys

George, I think Nick has already hit the nail squarely on the head when he said the MOD are too stupid to argue with. Everyone is too frightened of their own backside and will not make a decision on whether to use semi skimmed or full fat milk in their tea without asking their superior or having a meeting round a table with 30 other people! God forbid they need to make a 'proper' desicion - would take years and by the time they have a result the technology they have debated is out of date!

Anyway, for your information, these are all the connections the app makes, or attempts to behind the scenes (outside of those you need for maps).

•mydjiflight.dji.com
•newrelic.com - app analytics
•djistatic.com
•flurry.com - Mobile analytics company
•conf.international.baidu.com
•baidu.com
•qbox.me (via qbox.wscdns.com) •upgrade.dj2006.net
•pingma.qq.com
•u.dji.com
•acbe.aasky.net -type this one in a browser for a nice scare.
•tpns.qq.com
•dds.dji.com
•pilotv2.djivideos.com
•active.dji.com
•m.dji.com
•djicdn.com
•www.skypixel.com
•djiexplore.com
•flysafe-api.dji.com

This, I believe is what's making the US and now the UK authorities nervous. Although all versions of the app has polled/communicated with these sites since day one of the app appearing some three years ago.

Have moved this thread to the Certified UAV section as it will not affect non PfCO holders since they will not be flying over or on MOD land! (Well, one would hope not! )

 

[NickU]

Yeah! I did almost just leave it at the rant, but George asked for help and I'm fed up of this stupid fake news and FUD that the Americans have kicked off with this whole thing.

George, If they're worried about what's in the buildings, then that's a basic security thing and should be able to be taken care of easily, or with a tiny bit of forethought on their part. Stuff like closing blinds, turning off monitors etc

Beats me why the techies at GCHQ and/or whatever passes for RSRE (is it Qinetiq?) these days haven't come up with a set of basic procedures for them to follow with all drones, it's not rocket science after all!

 

[giumick]

I can well imagine MOD legislation Etc is slow and lumped into one category for all incorrectly.

But the real ultimate risk in all of this is back door software you wont see surely?

Correct me if i am wrong here but no-one gets access to Dji's software as far as im aware and even high level repair centers only get so much access. Does that not leave big scope for hidden software etc in the assembly of their package?

Its not like it can beam info via the drone of course but surely any device that was used with the app that connects to the internet at some point has a associated risk in this situation.

A tablet that never sees the light of wifi would solve all this however in theory, especially with a reset after use. There is ways around it but im not going to be naive and think the rumors didn't emerge for a reason. I wouldn't trust Dji as far as i could throw them.

Mick

 

[NickU]

If the tablet and systems are 'air gapped' properly, then data can't be sureptiously passed of them. Back door systems can be present, but if they can't offload their heist before everything is cleaned out because there's no external comma link, then they're useless.

Thing is, this isn't just DJI, it's all sorts of different software and systems and they're all leaky as heck. Did you know that there are apps for android and iOS which, even when they're not being used, listen in to the onboard mic and send a low level stream back to the web... the stream is designed for the apps to listen out to what TV programs you've been watching and then to feed you web adverts based on your TV viewing. Similar idea to the recognition system in Shazam. If they do that for advertising, then just think what the likes of gchq and NSA get up to.

So, if security is needed, then airgap everything while in use, then wipe and reinstall afterwards.

Of course it really is all about how secure you want things to be... versus the utility you want.

The bit of the Dji (and any remote system) that is most open to eavesdropping is the rc link and video downlink. Think about it, it's effectively broadcast over several miles range... that's why the downlink & c2 needs to be encrypted, then no one can hijack your drone and no one can listen in to the downlink data. As far as I'm aware, no one has yet broken in to the recent Dji data links.... yet.

 

[Red90]

I fly fairly regularly in MOD airspace for various different reasons. Due to fly our I1 Pro again on Tuesday for very senior members and have had no guidelines advising against. Have been using DJI platforms for the last two years so they have all the info in my risk assessments.

The last time I was on Salisbury Plain, the only reason I couldn’t fly was because there were two Apaches overhead at 100 ft AGL - I didn’t fancy taking them on!!

 

[eColumbia_449]

Regarding the list of sites that DJI apps connect to - where did you get this list from? Did you use a internet sniffer program to look at all the sites that the DJI GO app contacted? Also, in addition to the internet sites, is there a list to show what information is being relayed? To me this is the security issue. While we can agree on that clients have unfounded fears that full size pics and/or videos are being uploaded to the cloud without explicit permission - there is other information that can and is being sent which clients will not want transferred outside their control.

 

[heliraptor]

I also fly (or used to) on MOD land and have a regular client who is not MOD bit has land adjacent to it. I always sought permission from MOD as it's very close and I overfly it a very small amount but on the most recent occasion received the following:

"Unfortunately, we cannot provide approval for the use of A Ground Cricket Pitch in respect to the operation of a UAS. On the 21st Nov 17 the MOD placed a blanket ban on the use of UAS by Contractors and/or 3rd Parties on the complete Defence Estate".

The client still wants the shoot to go ahead and we have recently received permission from a school that sits within the boundary of the MOD land (school is owned by the local council).

My intention would be to take off and reman within the boundaries of the school playing field at all times so as not to overfly the MOD land.

They haven't been very specific with why they have banned all UAS activity. Technically speaking I'm not taking off on their land, or overflying it., and its not clear if the ban is in relation to taking off and landing or overflying.

Does anyone see any issue with the above scenario?

 

[licensed pilot]

Hi all,

Recently we have been involved in some survey and mapping projects on UK MOD sites and we do have one current approved for a UASF site from 17th Jan as part of a building condition survey.

However, I was advised on Friday that no further Surveys by Drone would be allowed on MOD sites due to the perceived issue with data transmission to the DJI servers.

Now I am not an expert in the perceived issue, but transmitting 200 or so high res photos via a 3/4g data connection in real time is, I would suggest impossible, they probably know where he drone is, and can look at google earth of similar to pin point the location., but until the photos are synced, DJI can not see the images, correct?

Anyone out there can give me some ammunition to challenge this?

I note the Pilot app on Crystalsky has a local data mode, but that is not much good for autonomous mapping missions

The potential upcoming projects we have are not in any way sensitive, roof inspections and the like, all of which can be purchased in 12.5cm resolution from sites such as Get Mapping so if DJI want to look at any UK MOD site the data is there, but obviously not a detailed as 1.5cm resolution

Comments / advice welcome please

Thanks

Aerial and Laser Suveys

The MOD apparently is doing the old monkey see, monkey do, in the footsteps of the US DOD. Reckon the Chinese must have an intelligence interest in UK military roofs, for their new anti-roof ballistic missile, and their budget does not include purchasing high resolutions images from US based providers.

 

[George Templeman]

Spot on!

 

[licensed pilot]

I just attended a UAV Law Enforcement Workshop and what do you think the number 1 question was...the Chinese.

 

[The Editor]

Yup - not the sharpest tools in the box this MOD lot.