Maiden Voyage of H+ NO GO Compass would not Calibrate

[PatR]

There are security risks with disks too. But if high security ops require disk-only upgrades, I imagine it wouldn't be too difficult to offer such a mod - leaving the other 99% of us with OTA.

Yuneec already meets the disc only update method through use of an SD card. They need only to terminate the OTA option for compliance.

Yes, security can be breeched using discs but to to that requires someone to intercept a disc, corrupt an update disc, or to download data to a disc for turn over to an unauthorized recipient. All of those are covered under espionage laws.

Yuneec’s SD card system is not perfect as updates are downloaded from the net by users so there is an avenue present for code corruption but terminating the OTA option eliminates the possibility of a maker or others from extracting data or sending malicious code that could impact operations or obtain infrastructure information. It’s precisely why the military has grounded all COTS drones.

 

[Tuna]

So how are IBM proposing real-time NFZ data pushing on the fly?

They're hoping that it gets passed into legislation, at which point every drone manufacturer will owe them money in patent licenses. What IBM hope will happen in the future does not affect what Yuneec are doing right now.

As it is, another means for the legislation to be enforced is that people use a mobile phone app to 'request permission' to fly - at which point NFZs can be notified to the pilot.

 

[Tuna]

Yuneec already meets the disc only update method through use of an SD card. They need only to terminate the OTA option for compliance.

I think Yuneec could fairly argue that the pilot can robustly terminate OTA updates (by not connecting to wifi), so they don't have to do it in software. The ST-16 does not enforce updates, nor require internet connection to work.

That would be the same logic that allows pilots to fly with NFZs disabled - safety of operation ultimately lies with the pilot, not the hardware.

 

[YuKay]

Yuneec already meets the disc only update method through use of an SD card. They need only to terminate the OTA option for compliance.

Yes, security can be breeched using discs but to to that requires someone to intercept a disc, corrupt an update disc, or to download data to a disc for turn over to an unauthorized recipient. All of those are covered under espionage laws.

Yuneec’s SD card system is not perfect as updates are downloaded from the net by users so there is an avenue present for code corruption but terminating the OTA option eliminates the possibility of a maker or others from extracting data or sending malicious code that could impact operations or obtain infrastructure information. It’s precisely why the military has grounded all COTS drones.

Yuneec must have ongoing dialogue with all relevant government/miliary channels so it should be safe to assume that they didn't introduce OTA updates blindly. The great majority of their business is with non-military customers and OTA seems to give them a way to appease the regulators and thereby safeguard the bulk of their business going forward.

Perhaps the real question is: why was the US military deploying over-the-counter tech in such a sensitive arena? The logical upshot would be that the military builds its own small drones - or adapts existing products to make them sufficiently secure. Given that only 300 US Army airworthiness certificates were allegedly involved in the grounding, it would surely be disproportionate to force military grade security measures on the 99% of drones that the US Army doesn't buy.

Have any commercial operators lost business as a consequence of the military clampdown? Even if they have, the number of commercial operators filming or inspecting military - or even sensitive government - property must be tiny so it would seem disproportionate to ban OTA for the masses when the proportionate response would be to make a suitably secure drone available to the minority.

But I'm new to this so maybe I've got it wrong.

 

[PatR]

I agree that limiting the consumers to benefit a small percentage of military users would seem unfair but we should remember that civil agencies that interact directly with military and government security agencies are being actively targeted by consumer drone manufacturers to buy their products. There are a great many Phantoms and Inspires in the hands of xivil agencies along with a few Typhoon H and 520’s.

Sure, requiring the user to actively enable a WiFi download sounds good on paper but who knows if that “switch” can be triggered remotely? One company professing their system could be easily isolated from the web was found to have a lot of hidden paths in their code that could and does bypass the owners ability to isolate the system from the web. That same outfit was found to have been receiving all the data collected from all of their drones, regardless of who was operating them. That data was not being transmitted to just a single server, but to several foreign recipients. That’s what triggered the current grounding, which has already impacted several civil agencies involved in joint military/DHS activities. It only requires the appearance of potential to make it a problem.

Toss in thousands of consumer drones bring flown across the country that could be remotely enabled to connect to the web to transmit data to a foreign server and you have a potentially disastrous espionage issue that sets the stage for a massive government response grounding all RC aviation in time of conflict. This is not a trivial thing and consumer inconvenience does not outweigh national security.

There’s also the revenue generated through government contract sales to consider. A consumer buys one drone, a civil agency buys several of each model, service contracts, and a training program. If there are payload options they obtain all of them. Then we have the liability insurance aspect. I don’t know if many have noticed but liability carriers were asking their covered clients and applicants how they are securing customer data, and if the policy holders had data security policies and programs in place. Your answers impact your rates, and some insurance have already developed separate insurance policies to cover drone data breeches. The situation is extremely complicated.

 

[YuKay]

I think the whole point of compulsory geofencing is to prevent consumer drones from gathering any data which they shouldn't, so any foreign bodies hacking in to Joe Public's drones are likely to be bored rigid by the data they collect - especially when they could get it from Google Earth with much less effort.

But geofencing would need to be compulsory - and compulsorily updated - and tamper-proof as well for that to be true…which is what I believe will happen.

Forced updates are presumably easy to do if your drone remote is permanently connected to the internet. But Yuneec's detached controller could be forced to check online at regular intervals for updates or maybe new craft will have the as-yet unannounced facility to connect to IBM's imaginary (?) NFZ data repository in real time.

 

[YuKay]

That would be the same logic that allows pilots to fly with NFZs disabled - safety of operation ultimately lies with the pilot, not the hardware.

While that will continue to be the case for professional pilots, it can't be allowed to prevail in the amateur world - at least, not unless they force all hobbyists to qualify as professional pilots, which would kill the industry.

 

[Tuna]

While that will continue to be the case for professional pilots, it can't be allowed to prevail in the amateur world - at least, not unless they force all hobbyists to qualify as professional pilots, which would kill the industry.

Some people are pushing for amateurs not to have access to drones in the class of the Typhoon H. They would prefer the only option to be sub 250 gram drones that connect over wifi with a range of less than 50m.

 

[robport]

Don't forget where this came from. This is just one article:

Homeland Security claims DJI drones are spying for China

I had a bunch of people tell me the issue was resolved and I should go ahead and buy one. I went to their store a few months back. I asked them what happened. I was expecting to hear that no, it was a misunderstanding. Instead, I was told, by their employee, that the FAA requires them to collect that data. I guess the FAA didn't tell anyone else in the Government.

It's a real concern.

 

[rdonson]

The FAA "requires" them to collect your flight data from a DHI drone? That's kind of far fetched.

I thought that DJI pilots could go to the DJI website and see all their data. My guess would be that the DJI "Go app" is sending all that data to DJI without any coercion from any US govt agency.

 

[PatR]

The FAA "requires" them to collect your flight data from a DHI drone? That's kind of far fetched.

It’s beyond farfetched, it’s absolutely false.

 

[YuKay]

Don't forget where this came from. This is just one article:

Homeland Security claims DJI drones are spying for China

I had a bunch of people tell me the issue was resolved and I should go ahead and buy one. I went to their store a few months back. I asked them what happened. I was expecting to hear that no, it was a misunderstanding. Instead, I was told, by their employee, that the FAA requires them to collect that data. I guess the FAA didn't tell anyone else in the Government.

It's a real concern.

That article links to the full memo which, with respect to all concerned is full of nonsense. Yes, it's better to be safe than sorry but that memo contains all kinds of unsubstantiated accusations and innuendos which I reckon a lot of people would call fake news. None of it sounded sinister or suspicious to me: the reported "threats" were no more serious than a drone company trying to sell as many of its products as possible to the most likely users of the technology. And the claimed fact that the Chinese government demanded access to UAV data collected over Chinese territory is hardly surprising. Other governments are probably demanding the same access to their national data, which is why drone buyers have to opt in to their data being shared with governments.

Imho, it's a non-story - probably stoked up by a competitor (or a former competitor) or a pal of the President. Next they'll be banning Chinese airlines from flying into US cities and all the wi-fi enabled sports and CCTV cameras imported from China - and all the Apple products manufactured in China.

 

[rdonson]

A bit of snooping around the interwebs and you'll see this article showing up a number of times over the last 2 years.

While Engadget is generally a reputable site I'm afraid that may have fallen for a falsehood that is Trumpian in scale.

 

[YuKay]

Some people are pushing for amateurs not to have access to drones in the class of the Typhoon H. They would prefer the only option to be sub 250 gram drones that connect over wifi with a range of less than 50m.

In which event, the Typhoon H would probably never have been built. Amateurs are the mass market and those are the sales which are driving the industry and funding innovation and development. Without them, you would be back to the dark days when your (inferior) video drone cost $10k+.

 

[robport]

The FAA "requires" them to collect your flight data from a DHI drone? That's kind of far fetched.

I thought that DJI pilots could go to the DJI website and see all their data. My guess would be that the DJI "Go app" is sending all that data to DJI without any coercion from any US govt agency.

That's what he told me, so he knew about the issue and had a canned answer for me, a potential customer.

By the way, that article made a jump in logic, but it is not fake news. It doesn't tell the whole story though, especially about what triggered them into looking into it in the first place and it then makes a leap in logic about what they are doing with the data. They have some other reasons to believe their motives in doing it are not pure though.

 

[PatR]

Let’s just say the investigation into DJI code initiated a little over three years ago by initially two, then shortly thereafter three,aerospace companies that were/are extremely involved in DoD UAS contracts. Where it went from there I can’t say as I retired from one of them. However, it was only last year one of the U.S. military agencies issued an order terminating use of DJI equipment due to severe cybersecurity issues that were proven factual. It was after that the memo from DHS was released. On May 23 this year the order from DoD prohibiting use of ANY COTS drone reached the general public. A copy of that document is in the General section of this forum.

I’m fairly sure the DoD, being the reckless, knee jerk, uninformed agency it is, has evidence of cyber security transgressions to cause them to issue orders terminating use. You are certainly welcome to request access to their research data to personally verify it. They don’t give a crap about brands, just facts and performance.

 

[YuKay]

The staggering thing is that the military bought off-the-shelf retail drones in the first place - not that they have since realised the error of their ways and grounded them. My research has thrown up no proof that any COTS drone was ever used for espionage by a foreign power. The grounding appears to be based only on assumed security risks (eg a COTS drone was found to be transmitting data to a remote server which the military was unable to identify).

The military will now presumably make, or design, their own small drones probably using a US manufacturer like InstantEye. But chances are that InstantEye are using Chinese components or code so there may be no such thing as a guaranteed secure military drone.

While they sort themselves out, the retail drone industry will grow, under an evolving regulatory regime which will, I'm sure, force mandatory NFZ updates on us all before long. Whether that is achieved OTA or on-the-fly or by crippling consumer drones which don't connect for regular updates remains to be seen but it must happen - whatever steps the military may take to protect their own drones from security risks.

 

[Tuna]

In which event, the Typhoon H would probably never have been built. Amateurs are the mass market and those are the sales which are driving the industry and funding innovation and development. Without them, you would be back to the dark days when your (inferior) video drone cost $10k+.

All this is talking about what legislation is going to be introduced - the future for the drone industry looks increasingly like it will be split into lightweight 'consumer' drones, and heavier 'commercial' units. This is one of the reasons why *** have introduced a series of lighter and lighter 'selfie' drones - they are mass market, whereas the heavier drones look like they're increasingly going to end up as niche devices. It's similar to what's happened to DSLR cameras - everyone uses their phone, and only serious hobbyists buy the 'pro-sumer' devices any more.

 

[rdonson]

For sure smart phones have become the camera of choice for hundreds of millions. They're ubiquitous and everyone has one with them at all times and they are all that a lot of people need for a camera.

DSLRs are dying out because of a technology advance in sensors which obviate the need for a mirror that flips up and down. Mirrorless cameras are taking over the prosumer market because of technology, size and weight advantages. There are a lot of other things going on in the camera market such as prosumer cameras now also do a great job with 4K video.

Technology marches on.

Side note: Kodak is reintroducing Ektachrome film so nostalgia sells as well.

 

[Eagle's Eye Video]

Cell phone cameras are the 21st century equivalent of the 126 Instamatic...