DJI Spark Selfie Drone
DJI Technology $399

DJI Spark Selfie Drone

Review Date 11/01/18

Who doesn't need a mini-drone that can follow you around and take pretty pictures? This little drone sounds a bit like a puppy--it follows hands commands such as away, follow, beckon, selfie, and record. It even recognizes your face and will launch directly from your palm and hover there waiting for you to tell it what to do. Throw in a nice camera and you can take the coolest pics on your block. Just one thing, these drones have a history of being easily hacked.

Minimum Security Standards

Five basic steps every company should take to protect consumer privacy. Learn more.

Overall Security Rating
3/5 star
Encryption
No
Security updates
Yes
Strong password
No
Manages vulnerabilities
Yes
Information security researchers have complained that the bug bounty program is ineffective.
Privacy policy
Yes

Can it snoop on me?

Camera
Device: Yes | App: Yes
Microphone
Device: Yes | App: Yes
Tracks Location
Device: Yes | App: Yes

How does it handle privacy?

How does it share data?
May share or sell user data with advertisers and/or third party businesses.
Can you delete your data?
Yes
Parental controls?
No
Collects biometrics data?
Unknown
User friendly privacy info?
No
Links to privacy information
😮

What could happen if something went wrong

DJI drones have been easily hacked in the past. In 2017, the US Military issued a ban on using this company's drones for military purposes. Owning an insecure flying camera could present some problems for civilians too, so buyer beware.

How to contact the company

Phone Number (818) 235 0789
Live Chat No
Twitter DJIGlobal

Updates

DJI's Spark drones to be bricked by September 1 unless firmware updated
The Register
Hackers have boasted that DJI's latest Spark drone firmware update was bypassed in mere hours – including downtime to enjoy the recent solar eclipse.
Man gets threats—not bug bounty—after finding DJI customer data in public view
Ars Technica
DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.
Security flaw in DJI’s website and apps exposed accounts to hackers and drone live feeds
TechCrunch
It took about six months for popular consumer drone maker DJI to fix a security vulnerability across its website and apps, which if exploited could have given an attacker unfettered access to a drone owner’s account. The vulnerability, revealed Thursday by researchers at security firm Check Point, would have given an attacker complete access to a DJI user’s cloud stored data, including drone logs, maps, any still or video footage — and live feed footage through FlightHub, the company’s fleet management system — without the user’s knowledge.

Compare products