DJI Drones Just Passed the Most Rigorous Independent Security Test Ever — Here’s What It Means for Your Ag Spraying Business

The reason DJI is "banned" from the USA is because they might steal our data. Or collect data. Or just do something really bad with all those drones. 

If you heard this story... well you part of the story. Congress has tried for years to ban DJI and on December 23rd 2025, they did... along with all other non domestic drones. And, for years DJI has been trying to prove that there is nothing nefarious going on.  

DJI recently released the results of the most comprehensive independent cybersecurity assessment ever performed on their enterprise drones. Conducted by U.S.-based firm OnDefend, the audit delivered outstanding results: zero critical, high, or medium-risk findings. This is excellent news for agricultural applicators who want to operate with confidence using proven, secure technology alongside tools like our DroneTrax software.

Here's what DJI says: 

DJI has released the findings of the most comprehensive independent security assessment ever conducted on our products. OnDefend, a U.S.-based cybersecurity firm trusted by national security stakeholders and enterprise leaders, audited the DJI Matrice 4E with RC Plus 2 Enterprise controller and the DJI Air 3S with RC 2 controller, subjecting both systems to advanced adversarial testing across software, hardware, and radio frequency domains.

The assessment was authorized by DJI but conducted independently. To preserve the integrity of the evaluation, enterprise units were sourced from existing dealer stock and consumer units were procured directly from retail outlets without pre-notification to DJI. All tested devices reflect standard U.S. market distribution.

Key Findings

The assessment produced zero critical, high, and medium-risk findings. Specifically:

• No evidence of data transmission outside the United States was identified. All observed connections from DJI flight control applications resolved to U.S.-based infrastructure.
  
  

• No backdoors or unauthorized remote access mechanisms were found. Controllers resisted all jailbreak and firmware modification attempts.
  
  

• No unexplained radio frequency emissions were identified. All detected signals were traced to known system functions. Emissions not previously documented in FCC filings were confirmed to be standard artifacts of signal generation methods, not covert channels.
  
  

• No supply chain tampering or unauthorized hardware modifications were detected.

Low-Risk Findings and Remediation

Ten low-risk findings and thirteen observations were identified, consistent with industry norms for complex mobile and embedded systems. They were primarily related to application security configurations, session handling, and wireless hardening. None presented a realistic risk to safe drone operation or to widespread exposure of confidential information. DJI collaborated with OnDefend on potential remediation during the engagement and is working to address remaining items in subsequent software releases.

“During the window of testing, OnDefend’s assessment of the Air 3S and Matrice 4E drone systems identified no clear evidence of hidden backdoors, no data transmissions outside the United States, and no viable pathways for hijacking or weaponization. No critical or high-risk findings were observed. To maintain national security assurance, ongoing testing of firmware, software updates, and verification of hardware and chip integrity are recommended for continuous and ongoing validation.”

  — OnDefend 2026 DJI Security Assessment

What Was Tested and How

The engagement ran from October 2025 through March 2026 and was structured around three national security concerns: data sovereignty, hardware vulnerabilities, and drone manipulation risks.

Software. Static and dynamic application security testing of the DJI Fly and Pilot 2 applications; full network traffic analysis across standard and local data mode operation; and adversary simulation including meddler-in-the-middle attacks, certificate bypass, privilege escalation, and jailbreak attempts.

Hardware. Full-spectrum radio frequency scanning from 1 MHz to 6 GHz; PCB-level hardware teardown and component analysis; supply chain integrity verification; and RF exploitation testing including replay, jamming, and injection attacks.

“This is the most comprehensive independent security assessment ever undertaken on our products. These findings confirm what DJI has consistently maintained: our products are secure, our data practices are transparent, and the concerns underlying our FCC Covered List designation are not supported by technical evidence. We commissioned this independent assessment because we believe facts should inform policy decisions. We are calling on the FCC to consider these findings carefully as part of our ongoing appeal, and we remain committed to engaging constructively with relevant authorities.”

  — Adam Welsh, Head of Global Policy, DJI

Why OnDefend

OnDefend’s offensive security team includes former U.S. military and government professionals with deep operational experience in national security. Its proprietary testing technology uses AI-driven imaging and silicon-level analysis to identify unauthorized transmission pathways, counterfeit components, and undocumented hardware modifications — testing capabilities typically not part of standard hardware security assessments.

DJI’s inclusion on the FCC Covered List in December 2025 was not accompanied by the identification of a specific, documented security vulnerability. DJI has appealed this designation and has consistently requested a transparent, evidence-based technical review.

DJI drones are widely used across public safety, agriculture, infrastructure, and creative industries in the United States:

• More than 80% of the 1,800-plus state and local law enforcement agencies that use drones rely on DJI for search and rescue, accident reconstruction, crime scene documentation, and tactical overwatch.¹

• 43% of drone business users believe they would face an extremely negative or business-ending impact from DJI restrictions.²

• DJI is the industry standard for aerial cinematography, news gathering, and documentary production.

Want to see the findings? Read the executive summary