The US Department of Homeland Security (DHS) has sent out a memo to US law enforcement and private businesses warning that Chinese drone maker Da-Jiang Innovations (DJI) has been spying on the US at the behest of China.

The DHS sent out the memo this summer, on August 9, 2017. In the memo, officials assessed  "with moderate confidence that Chinese-based company DJI Science and Technology is providing U.S. critical infrastructure and law enforcement data to the Chinese government."

DHS: DJI sends critical US data to Chinese servers

Officials say that DJI drones come with Android applications that collect information such as usernames, emails, full names, phone numbers, recorded images, recorded videos, facial recognition data, and other. The DHS has a problem with the fact that the apps automatically upload this data to servers located in Taiwan, China, and Hong Kong, "to which the Chinese government most likely has access."

Chinese laws force Chinese companies to collect data on Chinese citizens and provide the government with easy access to this data at any time. The DHS is worried that because this data is stored on Chinese servers, the Chinese government could abuse its influence over DJI and access the information collected from US customers.

The Agency believes troves of data detailing critical US infrastructure and operations has now been sent to China. The memo points out that several US companies and law enforcement agencies have bought DJI drones and have deployed them for various operations such as mapping land, inspecting infrastructure, conducting surveillance, and monitoring hazardous materials.

In addition, based on information the DHS has obtained, DJI drones have been used to "capture close-up imagery and GPS information on water systems, rail systems, hazardous material storage systems, first responders' activity, and construction of highways, bridges, and rails."

The US fears that the "Chinese government could use [this data] to conduct physical or cyber attacks against the United States and its population."

Furthermore, the US is afraid that China may also share the DJI-acquired data with "terrorist organizations, hostile non-state entities, or state-sponsored groups."

DHS: DJI intentionally going after high-value US targets

In addition, the Agency " further assesses with high confidence [that DJI] is selectively targeting government and privately owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data."

The memo claims that DJI has intentionally used an illegal practice called "dumping" to put its competition out of business. Dumping is "the illegal practice of exporting a product at a price lower than the cost to manufacture the product or lower than the price the manufacturer would charge in its own home market."

The DHS claims that after it drove some of its competition out of business, DJI has intentionally and aggressively targeted US businesses operating in critical infrastructure. Officials don't believe this was an accident and that DJI is targeting such entities on purpose.

"The Chinese government is using DJI UAS as an inexpensive, hard-to-trace method to collect on U.S. critical assets," the DHS alert reads.

The memo has a questionable source, not backed by any proof

The DHS says the memo is based "on information derived from open source reporting and a reliable source within the unmanned aerial systems (UAS) industry with first and secondhand access."

The DHS previously banned Kaspersky products on the DOD's network, accusing the company it was spying for the Russian government. Just like in the Kaspersky incident, the DHS has not released any technical report to back up its claims.

Because the DHS memo says the warning is based on "a reliable source within the unmanned aerial systems (UAS) industry," some experts have pointed out that a US drone manufacturer might have fed the DHS a load of crock in order to sabotage its main competition.

DJI: Report is based on "clearly false and misleading claims"

In two statements [1, 2] last week, DJI denounced all accusations and pointed out several inaccuracies regarding the report's assessing of its drones' technical capabilities and the company's pricing practices.

"The bulletin is based on clearly false and misleading claims from an unidentified source," the company says. "Several of the key claims made by this unnamed source show a fundamental lack of understanding of DJI, its technology and the drone market. Some of the claims made are easily refuted with a few minutes of research."

DJI says it only provides the Chinese government with data about drones that have been flown inside China's borders. "Otherwise, DJI provides no information about or data collected by the drone to the Chinese government," the company said.

Related Articles:

China's National Cybersecurity Standards Considered a Risk for Foreign Firms

CCleaner Disregarding Settings and Forcing Update to Latest 5.46 Version

Apple Removes Top Security App For Stealing Data and Sending it to China

Study of 17,260 Android Apps Doesn't Find Evidence of Secret Spying

CCleaner 5.46 Released With Improved Privacy Options