The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) warned in a Monday alert that drones made in China might be transmitting flight data back to their makers that the Chinese government can access.
Noting the drones “contain components that can compromise your data and share your information on a server accessed beyond the company itself,” CISA said, "The United States government has strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data or otherwise
abuses that access."
The concerns extend “with equal force to certain Chinese-made (unmanned aircraft systems)-connected devices capable of collecting and transferring potentially revealing data about their operations and the individuals and entities operating them, as China imposes unusually stringent obligations on its citizens to support national intelligence activities," the alert said.
The warning comes a week after President Trump declared a national emergency that banned U.S. telecommunications companies from using equipment from foreign firms that could threaten national security.
Finding "that foreign adversaries are increasingly creating and exploiting vulnerabilities in information and communications technology and services, which store and communicate vast amounts of sensitive information, facilitate the digital economy, and support critical infrastructure and vital emergency services, in order to commit malicious cyber-enabled actions, including economic and industrial espionage against the United States and its people," Trump's order prohibits "any acquisition, importation, transfer, installation, dealing in, or use of any information and communications technology or service...where the transaction involves any property in which any foreign country or a national thereof has any interest" and has been determined to be detrimental to the U.S.
The Commerce Department followed up immediately by placing Huawei Technologies and 70 affiliates on the Bureau of Industry and Security (BIS) Entity List to “prevent American technology from being used by foreign owned entities in ways that potentially undermine U.S. national security or foreign policy interests,” Commerce Secretary Wilbur Ross said in a statement.
Nearly 80 percent of the Chinese drones sold in the U.S. and Canada are made by Shenzen-based DJI.
“Just yesterday, the Department of Commerce required Google to pull rights to use Google Play and apps on Android from Huawei. Today, we are hearing about risks of Chinese made drones,
which the primary manufacturer is DJI based in China,” said Chris Morales, head of security analytics
“The overall theme is that a third-party manufacturer could be using personal data for malicious
intent,” said Morales, who called for the theme to be expanded “beyond just a specific nation state actor. This is a real concern for any device that is collecting data on a user, regardless of where they are based.”
Morales was quick to point out that “doesn’t mean everyone is bad, though. Most organizations are
in the business of making money and are not intentionally causing harm to consumers.” He explained that he doesn’t “even like enabling features, such as location services, on my personal device that gives even American companies too much data about me and my own personal habits.”