Custom Event Setup

×

Click on the elements you want to track as custom events. Selected elements will appear in the list below.

Selected Elements (0)
    website Skip to content

    ACCOUNT

    ACCOUNT

     0

    CART

    Trustpilot

    Search Products

    Next Day UK Delivery

    0% Interest Finance

    30 Day Returns

    Price Match Guarantee

    What DJI's Independent Security Assessment Means For UK Pilots

    What DJI's Independent Security Assessment Means For UK Pilots

    • by Stefan Gandhi

    DJI has published the findings of the most thorough independent security review it has ever commissioned, carried out by the US cybersecurity firm OnDefend across five months of adversarial testing. The assessment covered the consumer DJI Air 3S and the enterprise DJI Matrice 4E, and it returned zero critical, high, or medium-risk findings. For UK pilots weighing up their next drone, the results turn a long-running debate about DJI drone security into something far more useful, hard technical data.

    Why This DJI Drone Security Report Matters

    DJI drones sit at the centre of a years-long argument about data handling and trust. For UK operators in surveying, inspection, public safety, agriculture and media production, that argument is not abstract. It shapes procurement decisions, client confidence, and how teams document the equipment they rely on every day. An independent technical assessment shifts the conversation away from speculation and towards evidence that buyers can actually point to.

    The review was authorised by DJI but conducted independently. To keep the test honest, OnDefend bought consumer units from retail shelves without telling DJI in advance, and sourced enterprise units from existing dealer stock. Every device reflected standard market distribution rather than hand-picked samples, which matters because it means the testers examined the same hardware a customer would receive.

    What OnDefend Actually Tested

    The engagement ran from October 2025 to March 2026 and focused on three concerns, data sovereignty, hardware vulnerabilities, and the risk of a drone being taken over remotely. OnDefend's team includes professionals with deep experience in security testing, and the firm used proprietary teardown and silicon-level analysis to look for problems that standard cybersecurity checks usually miss.

    On the software side, OnDefend ran static and dynamic testing of the DJI Fly and Pilot 2 applications, analysed all network traffic in both standard and local data modes, and simulated attacks including meddler-in-the-middle interception, certificate bypass, privilege escalation and jailbreak attempts.

    On the hardware side, the team carried out full radio frequency scanning from 1 MHz to 6 GHz, stripped the circuit boards down for component analysis, checked the supply chain for tampering, and attempted replay, jamming and signal injection attacks against the radio link.

    The Headline Findings On DJI Drone Security

    The assessment produced zero critical, high, and medium-risk findings. The four results that will reassure most operators are clear.

    • No evidence of data transmission outside the United States was found. All observed connections from DJI's flight control apps resolved to US-based infrastructure.
    • No backdoors or unauthorised remote access mechanisms were found, and the controllers resisted every jailbreak and firmware modification attempt.
    • No unexplained radio frequency emissions were detected. Every signal traced back to a known system function rather than a hidden channel.
    • No supply chain tampering or unauthorised hardware modifications were detected.

    OnDefend did record ten low-risk findings and thirteen observations, all in line with industry norms for complex mobile and embedded systems. They related to application security configuration, session handling and wireless hardening, and none presented a realistic risk to safe flight or to wide exposure of confidential information. DJI says it worked with OnDefend on fixes during the engagement and is addressing the remaining items in future software releases.

    What The Results Mean For UK Buyers

    The assessment was framed around the US market and DJI's appeal against its FCC Covered List designation, but the technical conclusions travel well across the Atlantic. A UK surveyor capturing client sites, a public safety team handling sensitive footage, or a media company protecting unreleased content all care about the same questions the testers set out to answer.

    The practical takeaway is that the products UK operators already use day to day stood up to sustained, expert attack. That gives buyers something concrete to share with clients and compliance teams who ask how drone data is handled. It does not remove the operator's own responsibility, but it does replace rumour with a documented baseline.

    How To Keep Your Own Drone Data Secure

    A clean assessment is a strong foundation, and good operating habits build on it. Keep firmware and apps updated so you benefit from the fixes DJI rolls out. Use Local Data Mode when flying sensitive sites, as it stops the app from exchanging data with the internet during the mission. Control who has access to your DJI account and flight records, and store exported footage on managed, encrypted storage rather than loose memory cards.

    FAQs

    Are DJI drones safe to use?

    The OnDefend assessment found zero critical, high, or medium-risk issues across the DJI Air 3S and Matrice 4E after five months of adversarial testing. Combined with sensible operating practice, such as keeping firmware updated and using Local Data Mode, DJI drones remain a dependable choice for commercial work.

    Do DJI drones send data to China?

    In this independent assessment, OnDefend found no evidence of data being transmitted outside the United States, with all observed connections resolving to US-based infrastructure. Operators handling sensitive sites can also enable Local Data Mode to prevent the flight app from exchanging data online during a mission.

    What is the DJI Air 3S used for?

    The DJI Air 3S is a compact dual-camera drone built for travel, landscape and content work. It pairs a 1-inch main sensor with a telephoto camera, making it a popular all-round choice for creators and small commercial operators.

    Is the DJI Matrice 4E suitable for enterprise work?

    Yes. The DJI Matrice 4E is an enterprise mapping and inspection platform with a multi-camera payload and centimetre-level accuracy options. It is widely used in surveying, construction and infrastructure work where precise, repeatable data capture matters.

    Final Thoughts

    Independent testing will not end every debate about drone security, but it does give UK pilots something they did not have before, a detailed third-party look inside two of DJI's current platforms. With zero critical findings and only minor items to tidy up, the report is a strong reference point for anyone who needs to justify their kit to a client or a procurement team.

    Explore the independently tested DJI Air 3S and the enterprise-ready DJI Matrice 4E, along with the wider DJI range, at the Coptrz official online store.

    Previous    
    Back to The Drone Pilot's Journal
    Woman in a light blue jacket standing in a forest with DJI Neo drone hovering over her hand

    Not Sure Where To Start?

    Take our drone quiz for specialist recommendations.
    Start Now

    Join The Coptrz Community

    Plus, be the first to hear about exclusive deals, new arrivals and tips from real drone experts.

    By signing up, you agree to the terms set out in the Privacy Policy.

    Add Special instructions for your order
    Coupon Code