DJI Spark Selfie Drone

DJI Spark Selfie Drone

Review date: 11/01/2018

Who doesn't need a mini-drone that can follow you around and take pretty pictures? This little drone sounds a bit like a puppy--it follows hands commands such as away, follow, beckon, selfie, and record. It even recognizes your face and will launch directly from your palm and hover there waiting for you to tell it what to do. Throw in a nice camera and you can take the coolest pics on your block. Just one thing, these drones have a history of being easily hacked.

What could happen if something goes wrong

DJI drones have been easily hacked in the past. In 2017, the US Military issued a ban on using this company's drones for military purposes. Owning an insecure flying camera could present some problems for civilians too, so buyer beware.

Privacy

Can it snoop on me?

Camera

Device: Yes

App: Yes

Microphone

Device: Yes

App: Yes

Tracks Location

Device: Yes

App: Yes

What is required to sign up?

What data does it collect?

How does it use this data?

How can you control your data?

What is the company’s known track record for protecting users’ data?

Average

Can this product be used offline?

Unknown

User friendly privacy information?

No

Links to privacy information

Security

Does this product meet our Minimum Security Standards?

No

Encryption

No

Strong password

No

Security updates

Yes

Manages vulnerabilities

Yes

Information security researchers have complained that the bug bounty program is ineffective.

Privacy policy

Yes

Artificial Intelligence

Does the product use AI?

Unknown

Does the AI use your personal data to make decisions about you?

Unknown

Does the company allow users to see how the AI works?

Unknown

Company contact info

Phone Number

(818) 235 0789

Live Chat

No

Twitter

DJIGlobal

Updates

DJI's Spark drones to be bricked by September 1 unless firmware updated
The Register
Hackers have boasted that DJI's latest Spark drone firmware update was bypassed in mere hours – including downtime to enjoy the recent solar eclipse.
Man gets threats—not bug bounty—after finding DJI customer data in public view
Ars Technica
DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.
Security flaw in DJI’s website and apps exposed accounts to hackers and drone live feeds
TechCrunch
It took about six months for popular consumer drone maker DJI to fix a security vulnerability across its website and apps, which if exploited could have given an attacker unfettered access to a drone owner’s account. The vulnerability, revealed Thursday by researchers at security firm Check Point, would have given an attacker complete access to a DJI user’s cloud stored data, including drone logs, maps, any still or video footage — and live feed footage through FlightHub, the company’s fleet management system — without the user’s knowledge.

Related products