The Aeroscope Radio Frequency (RF) based drone detection solution is a product of Da Jiang Innovation (DJI), a popular drone manufacturer headquartered in Shenzhen, China.
DJI as a company faces much controversy in the US dating back several years. In August 2017, the US Immigration and Customs Enforcement agency said it suspected DJI was “providing US critical infrastructure and law enforcement data to the Chinese government.” That same month the US Army banned its troops from using DJI drones due to cybersecurity concerns. Over the years more bans and warnings on DJI drones from federal agencies followed.
US critical infrastructure sites who have deployed China’s Aeroscope attempt to reduce their cyber-risk in various ways we will explore in this article.
How does the Aeroscope work?
The Aeroscope decodes and demodulates RF signals in the area and reads the drone’s signal content. Communications between specific DJI model drones and their controllers are reported to the end user via the User Interface (UI).
Information such as serial number, GPS location, and altitude of the drone are read directly from the signal and rely on the accuracy of the drone in order to be accurate. The demodulation approach violates federal surveillance laws.
What do vendors mean when they say they “replace” Aeroscope software?
Detection systems contain two software layer types: 1) detection/location functions and 2) UI/alerts.
Many Aeroscope resellers in the market customize the Aeroscope UI to give a different user experience to end customers than what they would see on an Aeroscope purchased from a different reseller.
When a vendor “replaces” Aeroscope software, they replace the UI layer and leave key components written by DJI untouched, such as the detectors and the code that reads signal content.
If the detector code is modified by the reseller, that modification will likely violate any privacy agreement between the drone pilot and DJI that resellers claim excludes them from legal action for reading private communications without authorization.
Frankly, if the reseller can write drone detection code, why do they require Chinese hardware to demodulate the signals rather than readily available hardware from non-adversarial countries?
Before deploying an Aeroscope, it would be wise to involve your legal team since DJI directly states on their website, “Drone identification technologies are nascent and may be subject to various laws and regulations that continue to evolve. It is the customer’s responsibility to comply with any applicable laws concerning the use of Aeroscope within the jurisdiction(s) of operation.”
How accurately does AeroScope track drones?
Aeroscope tracking accuracy varies significantly from none available to very accurate tracking information depending upon the drone and the flight environment in question. Aeroscope requires a few criteria to be met before it can provide the location of a drone.
The drone must:
- Be made by DJI
- Be equipped with a GPS
- Have a stable GPS signal lock
- Be continuously transmitting its GPS coordinates
There are a few problems with these criteria, respectively:
- DJI’s market share continues to decline in favor of brands like Autel and Skydio, especially in the US.
- The locationing capabilities of the system rely on the drone’s GPS accuracy. If the drone does not have a GPS, Aeroscope cannot track it.
- GPS signal lock is required for the drone to know where it is. Aeroscope defaults to lat/long of 0/0 which places devices just off the Nigerian coast.
- The drone must continuously transmit its GPS coordinates for Aeroscope to track it. Many things affect the GPS accuracy on the drone such as the physical environment, hardware and current RF noise. Additionally, it’s not difficult to stop or modify the transmitted GPS location of the drone which presents disinformation to the end user.
Are the signals encrypted?
In the midst of controversy about Aeroscope use in the Ukraine-Russia war, a DJI spokesperson revealed that Aeroscope signals aren’t actually encrypted.
The spokesperson said his research and development contacts in China repeatedly told him the signals were encrypted, but when he pressed DJI senior managers, they admitted the signals are not actually encrypted. DJI has since halted shipments of all products to Russia and Ukraine.
How can an Aeroscope be defeated?
The simplest way to defeat an Aeroscope is to fly any drone that isn’t manufactured by DJI. With the recent media attention surrounding the use of Aeroscope in the Ukraine-Russia war, there is a heightened awareness that the Aeroscope only detects DJI drones. The title of an article on DroneDJ’s website says it all - Could Russian use of Aeroscope drive Ukraine pilots from DJI drones?
What about nefarious drone pilots in the US? Well, AeroDefense sees delivery pilots choose drones like Autel when they think or know a correctional facility installed an Aeroscope. Never underestimate a bad actor.
To defeat Aeroscope’s DJI drone detection, pilots can disable their GPS transmission to adjust the drone location transmission to default location to GPS location in Africa. Pilots can also change their drone signal’s protocols/encryption which can completely avoid detection since the Aeroscope relies on reading signal content in order to determine if a drone is in the area.
Aeroscope is also susceptible to the worst kind of defeat, disinformation, where the pilot actively misleads the Aeroscope end user. Pilots can make their drone appear to be in one location while actually flying in a different location.
For example, a pilot can fly in from the south of a facility and have their GPS appear to be in the north. This may trigger a security response to the north, reducing the security personnel in the actual target area.
Aeroscope can also be easily spoofed to report false detections when there aren’t any drones in the area. Security responses for detecting many drones at once may overwhelm, confuse, or distract security personnel creating an opening for attack by another vector.
Aside from the potential cybersecurity concerns at critical infrastructure sites, the Aeroscope system only detects one drone manufacturer, is subject to spoofing and manipulation, uses a detection and location method that violates federal wiretapping laws, and struggles in high RF environments like cities and stadiums. But people buy it because like DJI drones, it’s relatively cheap.
You must ask yourself if accepting all of these risks is worth the lower cost. The answer will be clear when (not if) a non-DJI drone causes a major catastrophe in the US.
Disclaimer: AeroDefense is not an expert on Aeroscope technology, and we are not legal experts. This article is based on research, industry experience and knowledge, and information gained from government supervised head-to-head testing and evaluation where AeroDefense’s AirWarden system and the Aeroscope system were both present.