DJI takes its US ban to the Supreme Court, claiming the rulings 'violate the Constitution' - but it may be fighting a losing battle

By David Nield published 4 hours ago

DJI is still fighting

DJI has filed a petition with the US Supreme Court
It claims the recent FCC ban on its products is unlawful
New DJI products can no longer be launched in the US

A ban on new DJI products in the US kicked in last December, but the issue isn't closed yet: DJI has taken its case to the US Supreme Court, arguing that government authorities haven't actually found any evidence of security issues.

The ban came into force almost by default - not through any new discoveries about DJI, but because a security audit of the Chinese company wasn't carried out in advance of a December 23 deadline imposed by the US Federal Communications Commission (FCC).

Without getting fresh security clearance, DJI was automatically shunted to the FCC's Covered Entity List, a record of companies believed to pose "an unacceptable risk" to national security (it's the same list that Huawei is on). That course of events is unconstitutional and unlawful, DJI argues.

"Despite repeated efforts to engage with the government, DJI has never been given the chance to provide information to address or refute any concerns," the company said in a statement to the press. "These procedural and substantive deficiencies violate the Constitution and federal law."

Does DJI stand a chance?

As DJI points out in the petition that it has filed with the US Court of Appeals, for a company to be added to the Covered Entity List, the FCC needs to identify a national security threat from the company or the products it makes
- something that the FCC has so far failed to do with DJI.

From the side of the US authorities, there are concerns about allowing any Chinese company widespread access to telecommunications networks. DJI's drones spend a lot of time connecting to the internet, and capturing a lot of footage through cameras and microphones, and that's something the FCC is worried about.

While we wait for the US courts to decide what's next, new DJI launches in the US are in limbo. Existing DJI tech can continue to be used in the country however, and it may be that there are still new DJI products to come that got FCC approval before December, such as the rumored Osmo Pocket 4.

Unfortunately for US consumers wanting access to some of the best drones on the market, DJI could be fighting a losing battle here. Its requests to be audited before December fell on deaf ears, and it's unlikely that the FCC will suddenly become proactive now.


https://www.techradar.com/cameras/drones/dji-takes-its-us-ban-to-the-supreme-co urt-claiming-the-rulings-violate-the-constitution-but-it-may-be-fighting-a-losi ng-battle

$$
--- SBBSecho 3.28-Linux
* Origin: Capitol City Online (1:2320/105)

[something DJI maybe didn't need to deal with right now]

Tinkerer accidentally gets access to thousands of DJI Romo robot vacuums

By Efosa Udinmwen published 22 hours ago

Sensitive data, including floor plans and live video feeds, was exposed

One user accidentally gained access to thousands of DJI Romo vacuums worldwide
Sensitive data, including floor plans and live video feeds, was exposed online
Encryption of communications was intact, yet server storage remained completely unprotected

A hobbyist discovered that his DJI Romo vacuum unintentionally allowed access to thousands of other devices.

Sammy Azdoufal, an AI strategist, used reverse engineering to understand how the Romo communicated with DJI servers. He did not hack into DJI systems or bypass encryption, and he did not use brute force or other illicit methods.

He was attempting to control his own robot using a PlayStation controller when the protocol returned private tokens for additional vacuums, including more than 6,700 devices located across multiple regions, including the United States, Europe, and China.

Discovery and technical details

The core problem was that device data was stored in plain text on the server, which allowed anyone who gained access to read floor plans, live video feeds, and microphone input. The encryption protecting communications was not flawed, yet the data storage exposed sensitive information to anyone with access.

Azdoufal immediately reported the vulnerability to DJI, and the company issued updates to address several problems without requiring user intervention.

Some vulnerabilities remain, including the ability to stream video without a security PIN and another undisclosed issue because of its severity. These remaining problems indicate that server-side data storage and access control still need attention.

Unfortunately, this is not an isolated case - an engineer previously
discovered that his iLife A11 smart vacuum continuously sent logs and telemetry back to the manufacturer.

When he blocked reporting through his network, the company remotely disabled the device. Using technical adjustments, he restored local functionality, proving that cloud connectivity is not strictly necessary for proper device operation.

Many consumers purchase smart devices for convenience, but incidents like these show potential risks when ordinary users can accidentally access private data.

Using firewall software, careful monitoring, and endpoint protection for network activity can reduce exposure, and broader use of AI tools could also help identify unusual patterns, although this does not guarantee detection.

Users should be aware that even minor misconfigurations or design flaws can create major privacy risks. Live video, floor plans, and other information could be exposed if attackers exploit similar vulnerabilities.

The case of the DJI Romo vacuums indicates that IoT devices may prioritize convenience over strong data protection - as while this discovery was accidental and responsibly reported, the underlying design leaves sensitive personal information vulnerable.

This raises valid concerns about both unintended access and potential targeted attacks in the future.


Via Tom's Hardware https://www.tomshardware.com/tech-industry/cyber-security/us er-accidentally-gains-control-of-over-6-700-robot-vacuums-while-tinkering-with- their-own-device-to-enable-control-with-a-playstation-controller-security-flaw- reveals-floor-plans-and-live-video-feeds


https://www.techradar.com/pro/security/tinkerer-accidentally-gets-access-to-tho usands-of-dji-romo-robot-vacuums

$$
--- SBBSecho 3.28-Linux
* Origin: Capitol City Online (1:2320/105)