The process of encrypting DJI DroneID has commenced

If you are unaware, DJI Aeroscope is a drone detection system developed by Da-Jiang Innovations (DJI), a leading drone manufacturer based in China.  Aeroscope is designed for drone detection and identification, providing a solution for authorities and organisations to detect, track and identify drone activities in a given airspace.

Aeroscope is provided in two form factors, a portable version for instant and spontaneous deployments and a static version for more permanent monitoring. Aeroscope portable comes complete in a Peli style case, with integrated batteries and a 7″ touch screen providing the user interface.

Since it’s formal introduction in 2017, all DJI manufactured drones transmits what is known as a DroneID. Currently, Aeroscope supports the detection of 67 individual DJI aircraft models. In fact, DJI was the first to introduce what is commonly known as a RemoteID, albeit it was under their own proprietary protocol. DroneID contains packet data transmitted from the aircraft and contains data such as aircraft longitude, latitude and altitude, the pilots location and other telemetry related data which would be beneficial to tracking the location of the aircraft.

It is this DroneID which the proprietary Aeroscope system detects, processes and displays on the user interface.

In recent years, various online articles, controversies and academic papers have surfaced concerning DJI DroneID (see below links), specifically addressing concerns about the unencrypted nature of the broadcasted data, making it potentially susceptible to interception and spoofing. While it is accurate that the data is not encrypted, capturing it is not a straightforward task, especially for the general public.

1. The Verge – DJI insisted AeroScope signals were encrypted
2. Wired.com – This Hacker Tool Can Pinpoint a DJI Drone Operator’s Exact Location
3. DroneXL – DJI Drones transmit location date unencrypted; ‘Open source’ Aeroscope in the making
4. arxiv.org (research paper) – DJI drone IDs are not encrypted

As the DroneID protocol was unencrypted, a number of CUAS manufacturers have reverse engineered the Aeroscope frames to integrate the detection of DJI devices into their systems, a logical step naturally. However, it is likely that DJI does not appreciate this hacked use of its tool at all, particularly when they produced an SDK for the Aeroscope hardware.

The hardware decryption dongle is available in two form factors to suit both the portable and static Aeroscope variants.

The hardware itself is essentially a USB passthrough hub which includes the actual USB decryption dongle containing the key.

Below are external and internal images of the portable Aeroscope dongle variant.

The Aeroscope update dongle serves as a mechanism for DJI to assert authority over Aeroscope and potentially discourage third-party manufacturers from exploiting their proprietary DroneID – the very purpose for which Aeroscope was created.  As a result, Aeroscope units (whether portable or static) that are not updated will be unable to detect upcoming DJI drones, preventing unauthorised use of the DroneID protocol.  Moreover, attempts by alternative tools relying on reverse-engineering methods may be rendered ineffective, thereby thwarting certain manufacturers of CUAS equipment from detecting Aeroscope frames of certain current and “future devices from DJI.”

If you are involved in UK Law Enforcement or Counter-Uncrewed Aircraft Systems (CUAS) and wish to gain further insights into DJI’s recent development, please feel free to contact Aerial Defence Ltd at enquiries@aerial-defence.com. We possess extensive expertise in both the operational and technical aspects of the Aeroscope system at the hardware level, dating back to its inception in 2017.