First it was Huawei phones. Now it’s Chinese drones. The US Department of Homeland Security has issued a warning that our little spies in the sky may be double-agents.

It says they are being used to deliver ‘spyware’ to networks and redirect sensitive data.

An overnight alert from DHS’s Cybersecurity and Infrastructure Security Agency states drones are a “potential risk to an organisation’s information” because they can “contain components that can compromise your data and share your information on a server accessed beyond the company itself.”

Unlike black-listed Chinese phone and telecommunications company Huawei, no specific manufacturer has been named. But China is the world’s largest manufacturer of hobbyist, commercial — and military — drones.

Foreign intelligence agencies could identify drones operating in sensitive areas, experts warn. The cameras on these drones — be they nearby hobbyists, security services or even maintenance assessors — can be accessed. But they could also be used to deliver ‘spyware’ into sensitive networks.

“The United States government has strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data or otherwise abuses that access,” the alert says.

“Those concerns apply with equal force to certain Chinese-made (unmanned aircraft systems)-connected devices capable of collecting and transferring potentially revealing data about their operations and the individuals and entities operating them, as China imposes unusually stringent obligations on its citizens to support national intelligence activities.”


Just how ‘loyal’ will Australian Air Force AI drones be?

Now the US wants to put armed drone satellites in space

The alert warns: “They can contain components that can compromise your data and share your information on a server accessed beyond the company itself. Other concerns are that an organisation is susceptible to data theft if the drone is transmitting unencrypted data or, more broadly, that a drone could increase the risk of a network being breached.”

The DHS has ordered drone users — particularly those who provide services that may affect ‘critical national functions’ — to “be cautious when purchasing” drones from China, and to take precautionary steps like turning off the device’s internet connection and removing secure digital cards”. It also warns users to “understand how to properly operate and limit your device’s access to networks (and prevent) theft of information.”

It’s not the first time high-tech equipment has been accused of redirecting senstive material back to the government of its manufacturers. In 2017, Norway accused the US of accessing flight data collected by its newly delivered F-35 strike fighters.

It’s also not the first time the US has issued an alert about Chinese drones.

In 2017, the US Army ordered all Chinese-made drones be recalled from its ranks to be destroyed. It alleged they had provided the means for intelligence operatives to access infrastructure and operational data.

According to Reuters, the Chinese firm DJI has issued a statement saying “the security of our technology has been independently verified by the US government and leading US businesses.” It also says users have control over how data is collected, stored and transmitted.