DJI Releases Findings of the Most Comprehensive Independent Security Assessment of Its Drone Systems to Date

Zero Critical, High, or Medium-Risk Findings Identified Across Five Months of Adversarial Testing by U.S. Cybersecurity Firm OnDefend of the DJI Air 3S and Matrice 4E

SHENZHEN, China, May 28, 2026 /PRNewswire/ -- DJI, the world's leading drone manufacturer, today released the findings of an independent security assessment conducted by

OnDefend, a U.S.-based cybersecurity firm trusted by national security stakeholders and enterprise leaders. The assessment covered the DJI Air 3S with RC 2 controller and the DJI Matrice 4E with RC Plus 2 Enterprise controller, subjecting both systems to advanced adversarial testing across software, hardware, and radio frequency domains.

The assessment was authorized by DJI but conducted independently. To preserve the integrity of the evaluation, consumer units were procured directly from retail outlets without pre-notification to DJI, and enterprise units were sourced from existing dealer stock. All tested devices reflect standard U.S. market distribution.Key FindingsThe assessment produced zero critical, high, and medium-risk findings. Specifically:Low-Risk Findings and RemediationTen low-risk findings and thirteen observations were identified, consistent with industry norms for complex mobile and embedded systems. They were primarily related to application security configurations, session handling, and wireless hardening. None presented a realistic risk to safe drone operation or to widespread exposure of confidential information. DJI collaborated with OnDefend on potential remediation during the engagement and is working to address remaining items in subsequent software releases."During the window of testing, OnDefend's assessment of the Air 3S and Matrice 4E drone systems identified no clear evidence of hidden backdoors, no data transmissions outside the United States, and no viable pathways for hijacking or weaponization. No critical or high-risk findings were observed. To maintain national security assurance, ongoing testing of firmware, software updates, and verification of hardware and chip integrity are recommended for continuous and ongoing validation." — OnDefend 2026 DJI Security Assessment"This is the most comprehensive independent security assessment ever undertaken on our products," said Adam Welsh, Head of Global Policy at DJI. "These findings confirm what DJI has consistently maintained: our products are secure, our data practices are transparent, and the concerns underlying our FCC Covered List designation are not supported by technical evidence. We commissioned this independent assessment because we believe facts should inform policy decisions. We are calling on the FCC to consider these findings carefully as part of our ongoing appeal, and we remain committed to engaging constructively with relevant authorities."What Was Tested and HowThe engagement ran from October 2025 through March 2026 and was structured around three national security concerns: data sovereignty, hardware vulnerabilities, and drone manipulation risks.As part of the independent assessment, OnDefend conducted hardware and firmware testing that extended far beyond conventional cybersecurity validation. Leveraging its proprietary hardware testing technology and capabilities to perform advanced teardown, RF, and silicon-level analysis designed to identify unauthorized transmission pathways, covert RF channels, counterfeit components, undocumented modifications, hidden antennas, and broader supply chain integrity risks.On the software side, OnDefend conducted static and dynamic application security testing of the DJI Fly and Pilot 2 applications, full network traffic analysis across standard and local data mode operation, and adversary simulation including meddler-in-the-middle attacks, certificate bypass, privilege escalation, and jailbreak attempts.On the hardware side, the OnDefend team, enabled by their proprietary hardware testing technology, performed full-spectrum radio frequency scanning from 1 MHz to 6 GHz, PCB-level hardware teardown and component analysis, supply chain integrity verification, and RF exploitation testing including replay, jamming, and injection attacks.Why OnDefend Was Selected as the Independent Security Inspector