Independent cyber audit finds zero malware or backdoors in DJI drones — U.S. firm's hardware analysis challenges FCC ban amid ongoing $1.56 billion legal battle | Tom's Hardware
Skip to main content
Unlock world-class roadmaps & trusted Bench data. See More
× Unparalleled insights. Industry analysis. Insider access. Tom's Hardware Premium equips you with world-class coverage and detailed insights into the evolving hardware landscape.
✓Full access to our trusted Bench database: Access granular performance data instantly. ✓Exclusive hardware roadmaps: Peer into the future of the hardware industry. ✓Daily news analysis: Dive deep into the biggest stories.
Subscribe to our annual plan for just $29
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Contact me with news and offers from other Future brands
Receive email from us on behalf of our trusted partners or sponsors
By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
You are now subscribed Your newsletter sign-up was successful
An account already exists for this email address, please log in.
(Image credit: Shutterstock)
Copy link
X
Share this article
4
Join the conversation
Follow us
Add us as a preferred source on Google
Newsletter
Subscribe to our newsletter
DJI has published the results of an independent security assessment by U.S. cybersecurity firm OnDefend, which tested the DJI Air 3S consumer drone and Matrice 4E enterprise drone over five months and reported zero critical, high, or medium-risk findings. OnDefend also found no evidence of data being transmitted outside the U.S., no hidden backdoors, and no successful attempts to hack or tamper with either aircraft. The audit comes as DJI pursues a Ninth Circuit lawsuit against the FCC over the agency's decision last December to ban all new foreign-made drones from receiving U.S. equipment authorization, a move DJI claims will cost it $1.56 billion this year.The ban took effect after a government-mandated national security review of DJI's products failed to begin before the December 2025 deadline; DJI initiated the OnDefend engagement in October on its own, whose team includes former U.S. military and government cybersecurity professionals.The firm tested both drones across software, hardware, firmware, and radio frequency, including man-in-the-middle attack simulations and physical teardowns. OnDefend bought the test units independently: the Air 3S from a retail channel and the Matrice 4E from dealer inventory, both without DJI's involvement in the selection process.Latest Videos FromThe assessment identified 10 low-risk findings, including weak TLS protocols in the companion app and authentication tokens in URLs. OnDefend described these as consistent with standard practices for complex embedded systems, and DJI said it’s addressing them through firmware updates. OnDefend also recommended ongoing testing of future firmware, software updates, and hardware revisions, acknowledging that the audit represents a snapshot of two products at one point in time.OnDefend is one of the independent security inspectors appointed by TikTok's U.S. Data Security division in June 2024 to perform continuous penetration testing of that platform. The audit of DJI means the firm has now inspected two Chinese-owned technology companies facing active U.S. national security proceedings.While DJI maintains that the OnDefend audit was conducted independently, DJI did authorize and pay for it, and the overall arrangement differs from a government-directed review, which would have been conducted under federal oversight with no financial relationship to the subject.DJI sued the FCC back in February, arguing the Covered List designation violated the U.S. Constitution. In an April court filing, DJI disclosed that the FCC had revoked authorizations for 14 existing products and that 25 planned 2026 launches can’t reach the U.S. market. Chinese customs data reported by Nikkei Asia show monthly civilian drone exports to the U.S. have fallen 60% to 70% year-on-year since December.Stay On the Cutting Edge: Get the Tom's Hardware NewsletterGet Tom's Hardware's best news and in-depth reviews, straight to your inbox.Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.
See all comments (4)
Luke JamesContributorLuke James is a freelance writer and journalist. Although his background is in legal, he has a personal interest in all things tech, especially hardware and microelectronics, and anything regulatory.
4 Comments
Comment from the forums
Makes you wonder what research or evidence our government relied on when declaring this product (and others) a "National Security Threat".
Reply
PEnns said:Makes you wonder what research or evidence our government relied on when declaring this product (and others) a "National Security Threat".Obviously none at all. Top down vibes based governance from the current administration in all things as per usual.
Reply
PEnns said:Makes you wonder what research or evidence our government relied on when declaring this product (and others) a "National Security Threat".DJI was called a threat by default, because the government never actually did the audit required by law within the necessary timeframe. Presumably they were worried it wouldn't turn up whatever they were looking for.
Reply
I'm not saying there's a pattern, but usually some rich guy will complain to the white house, and a few days later said things get banned. be it DJI, routers, or a cross-border bridge.
Reply
View All 4 Comments