Comment by jijijijij

4 months ago

I very much assume, involved militaries are aware of this possibility and are not blindly trusting Chinese consumer drones right off the shelves, have soldiers in every unit install random sideloaded apps. Lol.

They likely flash verified firmware and use a verified app version, not the latest one from DJI's website... Maybe they have their own code, by now. Especially with reconnaissance drones. The Ukrainians probably need to do this, not just because of the obvious possibility of a "backdoor", but RF adaptability in the EM warfare situation.

I would worry more about contractor John Doe bringing a compromised private phone to a government or industrial facility. Not sure a highres video feed from a drone could be easily exfiltrated unnoticed, anyway, since they usually don't come with WWAN hardware built-in. But the phone itself would be able do all sorts of reconnaissance and become an attack vector in a sensitive context. Then again, this is not specific to drone (software), but all untrusted software people install.