Data security is a major part to all drone operations with the large amount of important and confidential data being captured. DJI has worked for years on its own data security systems, equalling over 300,000 hours and some important security features built into the DJI Matrice 300 RTK (M300) and its other drones.
DJI designs and builds hardware and software, so you never have to share your data — not with us, and not with anyone else. DJI is not a data company — it just makes drones. And with the M300 V3 firmware update, DJI has made features, enjoyed by government users more easily accessible than ever before on its flagship commercial drone. From Local Data Mode to U.S.-based cloud storage and up-to-date encryption, the M300 is now even more data privacy-focused.
Bolstering cybersecurity for 15 years
Over the last 15 years, DJI has continually improved data security protections to reflect the increasingly important tasks that its customers tackle with its products. From DJI's earliest days building systems for tinkerers and hobbyists, DJI has bolstered its systems with robust encryption, data controls, and privacy settings to meet the expectations of its most demanding customers. Now, with M300 V3, DJI has completely redesigned its security framework with privacy at the forefront.
As a technology company with a global clientele, DJI understands that data security will come under scrutiny from its users and others. That’s why DJI is pleased to see so many independent evaluations from U.S. government agencies, as well as respected private cybersecurity firms, that have validated the security protections in its drones, payloads, software and apps. These repeated validations have disproven the unfounded claims about some of DJI's systems, and show that its customers have control over the flight logs, photos and videos they generate with its products.
In 2020, two major independent audits validated the security of DJI’s drone platforms. One study from the global consulting firm Booz Allen Hamilton found no evidence of data transmission connections with DJI or any other unexpected party. The report also found no evidence of security leaks. Later that year, FTI Consulting analyzed DJI hardware and software, including a source code review of DJI applications and a hardware cybersecurity review of devices. The FTI audit found that when Local Data Mode was enabled, no data generated by the drone or application was sent externally to infrastructure operated by any third party, including DJI, validating DJI’s assertions about the utility and function of the feature. FTI’s assessment also confirmed that DJI employs various security best practices.
These reports followed earlier successful reviews of the security features on DJI products which DJI has discussed before.
In addition to helping prove DJI data security bona fides, years of independent review have helped DJI to correct problems where they existed and find areas for improvement. For example, Booz Allen Hamilton’s review found that an older form of encryption used in some drones made local radio signals susceptible to interception. While the drone still met the Department of Defense’s standards, DJI's team went ahead and made adjustments on all new and future enterprise products. The result of all of this hard work comes to you in the form of the newest version of the M300.
Continuing the commitment to data security
While DJI products have always been secure, the company never stops strengthening DJI protocols. The updated M300 takes security features that were previously only available in DJI’s high-security Government Edition drones and makes them accessible to the public. Now you can enjoy the same kind of drone data security setup that just passed multiple rounds of independent testing.
Key features of the M300 V3 firmware update
This firmware version addresses data security concerns at every step, from capture to storage to deletion. It provides options for you to choose enhanced data security options for sensitive missions, or to allow some beneficial connections on missions with no security restrictions. For example, the V3 update allows you to fly the M300 without logging into your DJI account. You can also update firmware for the M300 drone, remote control and payload with a microSD card, so you can stay offline during updates. The M300 V3 firmware lets you choose to opt out of all anonymized performance data collection, or to opt in only partially to help improve future products. Other network security modes and 256-bit encryption mean you can feel safe knowing that all of your personal data and imagery will only be viewed by those you choose to transmit it to.
Local Data Mode
The M300 V3 update offers DJI’s rigorously tested Local Data Mode, an easy-to-use option that disconnects your equipment from the internet entirely, ensuring that data stays exactly where it started. If your organization chooses to use cloud-based data storage, the M300 V3 update allows encrypted flight log storage on a U.S-based AWS Server. (Organizations with higher-level security needs can continue to use a private cloud option to keep their data completely separate from DJI infrastructure.) To learn more about Local Data Mode, click here.
SD card AES encryption
DJI's emphasis on data security goes beyond the cloud. When you store your photos, videos and flight logs on a microSD card, the M300 V3 firmware update ensures each card is protected by a security code as well as AES encryption.
Clear All Device Data
Once your data is securely transferred from the drone to your preferred storage method, the update makes it possible to delete internal logs of your activity from the drone, the remote controller and even the H20 payload, as well as to completely revert your drone back to factory settings. If you have hosted your company’s data on DJI servers in the past, DJI will delete it upon request at any time. Each step in the process is designed to give you the most autonomy possible over your data.
300,000 hours of work spent on data security
Where did DJI get this number, three hundred thousand hours? For over 5 years DJI has had a team of 30 devoted entirely to work on the privacy and data security features of DJI products, across DJI apps, DJI servers, DJI chipsets, and firmware. With 30 people working for 5 years, assuming a year has ~250 work days, and one work day is 9-6, 300,000 hours is a conservative estimate.
Overall, whether you’re flying the M300 or another of DJI drones, it’s important to know:
- Your location data is never collected
- You can choose not to sync your flight logs, photos, or videos with DJI services
- Drone GPS log data is never collected
- DJI does not collect mobile data
- User experience information can be kept private by simply opting out of data collection
The M300 V3 Firmware update is DJI's strongest effort yet to offer the most transparency and flexibility possible to its users. DJI is always looking to improve its products and are constantly working to mitigate any security concerns and any risk to your data.
Source: DJI Enterprise