
U.S. Warns Of Spy Dangers Of Chinese-Made Drones - pseudolus
https://www.npr.org/2019/05/29/727612692/we-re-not-being-paranoid-u-s-warns-of-spy-dangers-of-chinese-made-drones
======
Someone1234
Why not publish a specific threat?

These vague "The Chinese are up to something but we cannot reveal what" isn't
really helpful, particularly given the current trade tensions (and political
motivations e.g. "bring jobs home").

I'm not really "siding" with the Chinese, they may be up to something, but the
US has really done themselves a great deal of damage when their own allies
don't really believe them.

Just publish technical information. It isn't hard. It would do huge damage to
the Chinese and reinforce the US's whole argument. But yet after over a year,
nada.

~~~
newaccoutnas
There have been instances whereby a robotic hoover (Xaomi(sp?) one?) have been
sending their generated floor maps back to servers in CN, so I don't think
it's unreasonable to assume drones could be doing the same thing.

~~~
Someone1234
We're talking national security. I hope nobody is running a Xiaomi robot
vacuum at a sensitive or classified site, or any other brand of robot vacuum
for that matter...

There's a difference between individual invasions of privacy and national
security. There's definitely Chinese apps that invade your privacy. There's
also Western apps that do too. The question is of national security however.

~~~
ptero
Observing private homes can help select your targets. By observing the inside
of the home you may learn if the owner has access to secrets (national
security or commercial), what kind and what level. From where you can switch
to traditional methods. My 2c.

~~~
Someone1234
It gives you the layout of homes, it doesn't allow you to observe their
occupants. It is a spinning laser.

~~~
InitialLastName
Add voice control ("Hey Robot, run a sweep") and WiFi and you have a very
capable spy system. Not to mention cameras and GPS which could all be
justified in terms of improving the performance of robot vacuums.

------
wybiral
It seems like they're just saying:

\- China makes most of the drones

\- A lot of them aren't very secure

Which isn't surprising to me considering the state of things like DVR cameras
(also mostly made by China, also plagued with security issues) and similar
tech.

The real problem is that consumers want cheap but quality and security aren't
cheap. The cost of security isn't obvious and consumers don't really know how
to evaluate it.

But, when things like drones and cameras start communicating over the 5G
backbone then we should maybe be concerned about who controls both of them.

~~~
gregmac
> start communicating over the 5G backbone

5G operates at OSI layer 1 (and maybe has some impact on layer 2). I've never
heard of any aspect of it changing higher layers, which is where the concerns
about control come in. Is there something I'm missing?

If not, 5G has nothing to do with application-level control (eg: controlling a
drone's movements, intercepting a camera feed, etc). We'll still use TCP/IP,
HTTPS, and everything else we use today. It may or may not be a concern right
now (due to inadequate security at the higher OSI layers), but 5G -- or any
other type of network topology -- does not change this. Please don't spread
this type of psuedo-technical nonsense by making statements like this,
especially with anything "5G" which is a current media fascination for some
reason (starting to get bored with "IoT" maybe?).

~~~
wybiral
That's not what I was suggesting at all.

If you control the cell infrastructure you absolutely can put cellular
capabilities into products that aren't explicitly advertised. That would be a
bigger risk for surveillance tech.

Your complaint ignores my original statement about controlling _both_
components (cellular and device). There is no need to tamper with someone
else's TLS-secured communications or anything, you can just plant cellular
capabilities into the devices.

~~~
gregmac
I didn't pick up that's what you meant by "both of them" so sorry for my
misunderstanding.

However I still don't think 5G is an important factor here. If you control
both ends at a higher layer of the stack (eg, it's your own software
connecting to your own servers) you can do whatever you'd like. If you have
OTA software updates, you can do whatever you like _at any point in the
future_. If this channel is properly secured with TLS no one can intercept or
fake it, and if you want, you can design the devices so it won't work without
this connectivity present (see: most cloud-based "smart home" devices on the
market today).

> If you control the cell infrastructure you absolutely can put cellular
> capabilities into products that aren't explicitly advertised. That would be
> a bigger risk for surveillance tech.

So many devices already have internet connectivity built-in, and if money is
not a concern you can already incorporate a GSM modem and pay for a link to
the existing cellular networks -- it's not like AT&T (or whoever) is going to
care what you are doing with the connection, so long as you're paying for it.
You can also use other short-range radio links.

I'll grant you that 5G introduces the possibility to have this link without
AT&T's knowledge -- at least assuming they don't have the ability to also
detect the traffic coming out the tower's uplink. The big downside of this
attack vector, aside from the immense cost and complexity of building this
into 5G carrier equipment and all these devices, is if detected and blocked at
the uplink all that effort is suddenly for nothing.

Basically, the 5G-specific attack vector is expensive and brittle, and thus
pretty unlikely. The attack vector at application level is easy and cheap (no
hardware-related costs), gets you almost all the same capabilities, and in
many cases can be done today on existing in-field products with OTA software
updates.

------
temp-dude-87844
Hmmm, it's almost like all this sensor-loaded, networked hardware, whose
signing keys are held abroad, could be realistically adapted for intelligence-
gathering by a push of a few buttons if a government the company couldn't blow
off compelled it so, but if a script kiddie hacked them for entertainment it
could still be pretty bad.

It's really not that different from the FUD about Kaspersky [1] or the still-
ongoing saga of Huawei. In the past, such capability had to be deliberately
planted at great effort, while these days we buy it voluntarily and spread it
in our homes and businesses, fly them above our cities, and put them in
networking closets to sit in the middle of all of our communication.

Sure it's FUD, but it's the government and military coming to terms with the
implications of what just happened, and trying to shape the future to lessen a
risk. This is orthogonal to whether they want the exact same capability for
friendly-made goods, or whether there's any industry of comparable domestic
goods left. Other countries, when they have a spare moment after dealing with
domestic needs, are also well within their rights to feel the same kind of
unease about Cisco, Juniper, Intel... hell, Tesla? Have you seen the number of
cameras on that thing, and the fact that it can drive on its own?

This is the evolution of 'loose lips sink ships', where the capability of
people to spread information has multiplied, but soon people won't even be
necessary for information to be disclosed. Their consumer goods will do it for
them.

[1]
[https://news.ycombinator.com/item?id=17193172#17193475](https://news.ycombinator.com/item?id=17193172#17193475)

------
thefounder
Isn't it the same with the US government? They can request info from any US
company using the well known NSA letters.

It looks like the US technology is a national security risk for any other
sovereign nation.

------
tehjoker
World: We're not being paranoid. US drones kill innocent civilians around the
world.

They're really beating the drum on China. Be intensely suspicious. China is a
trading partner that does some shitty things (e.g. in Xinjiang province), but
the nation focused on world domination is the one right here.

~~~
daenz
You're comparing apples and oranges. US drones aren't doing fully autonomous
killing, they're killing through policies of leaders you help elect. That's
the apples. The oranges is tech we purchase (drones in particular) having
backdoors. Why do you think these two are comparable?

~~~
8note
yeah, it's more comparable to Androids and iPhones.

the US government could deploy an update to turn any phone into a spy device
because both apple and Google are headquartered in the US

~~~
criddell
You say that like it's a settled issue and I don't think it is. If the
capability is there, companies can be compelled to use it. If the capability
doesn't exist, it isn't clear that companies can be compelled to invent it.

~~~
hulahoof
It's unfortunately a reality for us down under though - so it's not beyond the
realm of imagination

------
onemoresoop
The problem that US is facing is the loss of credibility over time. It reminds
me of The Boy Who Cried Wolf. US doesn't have the credibility to convince the
world anymore, even if the threat is real..

There is a lot of rebuilding the US has to do. First fix the politics which is
rife with petty interests, lobbying, political imbalance very skewed towards
corporations over citizens, extreme polarization, 2 party system,
hypocrisy,etc..

But all that, with great effort, can be fixed. A purge is needed, not just try
to shove the dirt under a carpet and pretend all is nice and dandy.

~~~
la_barba
The other thing that has happened is the internet and the free flow of
information. It is no longer the case of manipulating 3-4 media outlets.
People get their information at thousands of different places. I think its not
really a loss of credibility, but the normalization of credibility based on a
huge pool of information, rather than a restricted one.

~~~
onemoresoop
I was referring to past actions of the US that proved to be unjustified and
disastrous: WMDs in Iraq, Libya, Afghanistan, etc.. This is related to the
normalization of credibility based on information ubiquity, but I think it's
mainly US's actions speaking for themselves. After the WWII us has become a
policing force that more or less , with the exception of the Vietnam war,
wasn't as active in foreign wars as they've been recently. The Vietnam war
fuckup was largely forgotten or attributed to a different America that had
changed. But the recent wars were also pointless and proved otherwise.

Once again, US has the ability to change, but it will take a lot of effort to
do so and will have to start leading by example.

------
numbsafari
The solution to this problem are laws that require devices like this to
support self-hosted servers for OTA, data, or anything else. You should not be
required to use a vendor’s services AND the vendor should not be allowed to
implement permanent back-doors.

The problem, of course, is that runs afoul of US espionage and law enforcement
demands that they have access to such data themselves.

They want it both ways in a world where you literally, cannot have it both
ways. US cyber policy on this front has been a disaster.

~~~
noobiemcfoob
You don't need laws for that. You just need companies offering it and
consumers choosing it. Which won't happen until it's easy to do.

Consumers can change a lightbulb and little else. Make it that simple.

------
joshfraser
Says the country whose NSA scoops up on every piece of data and spies on
everyone, including their own citizens.

~~~
vectorrain
Why don't you learn more about "Prism Event"?

------
beefcafe
> DJI offered a bounty for researchers to uncover bugs in its drones

I'm not sure they understand how bug bounties are supposed to work...

[https://arstechnica.com/information-
technology/2017/11/dji-l...](https://arstechnica.com/information-
technology/2017/11/dji-left-private-keys-for-ssl-cloud-storage-in-public-view-
and-exposed-customers/)

------
ProAm
Isn't this the US's fault for letting manufacturing move to China in the
1980-present? Any large global migration of industry will have this same
threat eventually.

~~~
Aromasin
Lack of foresight is a collective trait of the human condition. It'd be
interesting to see who the protestors of said outsourcing in the 80s were, and
see what they say now. How did they foresee it in the first place? Is the
current outcome better or worse than they thought it'd be? What's their
current prediction for the state of things in another 40 years? A good article
topic for the journalists out there.

~~~
Theodores
Lots of people saw it. It was obvious if your job was being outsourced or if
your factory was being closed, quite apparent if no new machinery was being
invested in.

At the time Ronald Reagan and Margaret Thatcher were around and all of this
was discussed. The predicted decline happened. There are capitalist rent
seeker types that are okay with it, they also voted for the lunatic
politicians. The people not so happy about it don't get to write for the
capitalist newspapers giving the illusion to people with no skin in the game
that 'nobody predicted this calamity'.

So predictions for forty years hence? It does not work like that, does it?
Back in the 1980's you just knew that if manufacturing was gone that there
would be no market for locally made goods, no possibility of exporting quality
stuff on the world market and that we would not be able to drive prosperity on
the back of financial services forever.

If you push someone over a cliff you are not sure whether they will break
their neck, crack their head open or get impaled on a spike, all you know is
that the outcome will not be a good one.

Right now we are using far too much in the way of fossil fuels, the climate is
not right and it is getting worse. I don't know how ravaged the world will be
in forty years hence, all I do know is that carrying on as we do is not a good
idea.

~~~
mncharity
One concept that always struck me as bizarre, was "we'll move the
manufacturing overseas, but the manufacturing engineering will remain in the
US". Years later, I asked a Harvard economics professor about it. He said yes,
he'd taught that... "the ideas were in the air" (paraphrase - it's been
years).

So one problem I have with much analysis of Trump populism, is its failure to
recognize that subcultures doing group-think, believe absurdities, and
tolerating being lied to, are a broader problem, worthy of more fundamental
analysis, and an opportunity for broader remediation.

------
some_random
>"[If] you fly a drone above a pipeline, there's a pretty good chance someone
is gonna see it up there," he said, but "a spy satellite just takes a picture
from 120 miles up or whatever. Then, of course, no one's going to know what
happened."

You have to be kidding, no one is going to notice a white drone 3km[0] above
them, if there even is anyone around to notice. Sure, a spy sat is better, but
it's also orders of magnitude more expensive, can't loiter[1], and might still
have inferior imaging. This is just embarrassing.

[0]:
[https://en.wikipedia.org/wiki/DJI_(company)#Phantom](https://en.wikipedia.org/wiki/DJI_\(company\)#Phantom)
[1]: Spy satellites pretty much always orbit faster than the earth turns in
order to have better coverage.

------
andymoe
Security researchers in the field have been talking about this for several
years. DJI absolutely dominates the consumer/pro UAV market so this is a real
issue.

Source: I had a UAV related startup several years ago and got to know some of
the security folks.

~~~
tinza123
The real issue is security or the real issue is a non-US company dominating in
a tech field?

------
jacobwilliamroy
I remember having a conversation with my U.S. Army archaeologist friend about
using drones for remote sensing in restricted areas and he showed me the DJI
drone that's been sitting on their shelf for months because the folks upstairs
said they can't fly chinese anything in restricted areas.

Apparently the army does have drones that are sufficiently american to be
flown in restricted areas but my friend doesn't know who is making them or how
a civilian like myself could acquire one.

I would like to get one for my biologist friend who would like to use it to
detect invasive plant species.

~~~
mncharity
This[1] suggests "Parrot, Skydio, Altavian, Teal Drones, Vantage Robotics, and
Lumenier" might be companies to check.

[1] [https://www.globenewswire.com/news-
release/2019/05/28/185110...](https://www.globenewswire.com/news-
release/2019/05/28/1851104/0/en/Parrot-selected-by-U-S-Department-of-Defense-
to-take-part-in-the-development-of-the-next-generation-of-Short-Range-
Reconnaissance-drone-for-the-U-S-Army.html)

~~~
jacobwilliamroy
Thanks for the tip. I'll look into these companies and run my findings by my
government friends.

------
pishpash
"I'm not being paranoid": warns of propaganda mouthpiece dangers of twice a
day China threat articles on Hacker News. Yeah.

------
kryogen1c
Youre only paranoid if youre wrong.

~~~
siffland
paranoia, it is not just a social condition, it is also a defense
mechanism.......

------
bigato
"I'm not being paranoid", said every paranoid ever

~~~
the-dude
The fact you are paranoid does not mean they are not after you.

~~~
bigato
But makes it more likely that you'd be seeing stuff that isn't there. And
stating one is not paranoid does not convey any kind of useful information
since the most paranoid are usually the ones who will be more convinced they
aren't. Case in point, I don't know if US is being paranoid on this or not and
I couldn't care less. I was just pointing out the general case of how ironic
it is for someone to argue that they are not being paranoid.

------
legec
"Alexa, please ask NSA to provide me with the traces of network exchanges
initiated by my chinese drone"

------
AFascistWorld
[https://paleofuture.gizmodo.com/that-time-republicans-
smashe...](https://paleofuture.gizmodo.com/that-time-republicans-smashed-a-
boombox-with-sledgehamm-1775418875)

------
gooftop
I wonder how much of this becomes a self-fulfilling prophecy, aided in part by
ongoing weaponization of inter-nation trade discussions by targeting firms
from China (arrests of executives, bans, etc). Of course, I've seen it argued
that China has been targeting US firms for a decade in various ways - which
only makes the events this year yet another escalation of action.

------
happy-go-lucky
> "The Communist Party of China now has in their law the ability to interfere
> and take information from virtually every Chinese company,"

I think that not only the Communist Party of China but all the political
systems around the world have the ability to demand lawful access to
information from virtually every company that is supposed to comply with their
laws.

~~~
z0r
The problem (or a problem) is that the rule of law in China is apparently
capricious and unpredictable.

------
jrs235
Is this the whole Furby scare from 20 years ago[1]? Granted the tech is much
more advanced and it's more plausible today. All the fear mongering is
fatiguing.

[1] [https://www.cbsnews.com/news/talking-toy-or-
spy/](https://www.cbsnews.com/news/talking-toy-or-spy/)

------
mg794613
"We're not being paranoid"

No, but the amount of suggestive "Might" "Could" etc titles/articles now out
there shows a whole other picture. China is now the new enemy. And everybody
must know apparently.

Even respectable news outlets can't resist the temptation of completely
unfounded copying of the American media machine.

I'm not stating China is so innocent, but sorry there is only one country in
the world systematically spying, bombing and manipulating friend AND enemies
alike. And that's the USA.

So please, my dear Americans. Stop it yourself and we might lend you our ear
again. Sincerely, a fellow world citizen, located in Europe.

~~~
_iyig
>but sorry there is only one country in the world systematically spying,
bombing and manipulating friend AND enemies alike. And that's the USA.

*and Germany. Don’t forget, every U.S. (and Saudi) Abrams tank has a Rheinmetall cannon.

[https://spiegel.de/international/germany/german-
intelligence...](https://spiegel.de/international/germany/german-intelligence-
also-snooped-on-white-house-a-1153592.html)

[https://www.thelocal.de/20190311/germany-fourth-largest-
expo...](https://www.thelocal.de/20190311/germany-fourth-largest-exporter-of-
arms-in-world-report)

[https://www.euractiv.com/section/economy-
jobs/news/germany-e...](https://www.euractiv.com/section/economy-
jobs/news/germany-earned-2-9-billion-euros-from-greeces-debt-crisis/)

------
om3n
Something I've wondered- why hasn't Lenovo received the same flack that DJI
and Huawei received?

~~~
AFascistWorld
Lenovo does nothing more than assemblying, and their acts on PC can be easily
identified.

~~~
majia
No, assembling means more security risks, as it could temper more parts.

However, trump saying that Huawei could be part of the trade deal means
banning Chinese companies has nothing to do with security. The US didn’t go
after Lenovo simply because assembling isn’t a high value add process and
doesn’t threat US tech leadership. Huawei got banned because its tech is too
advanced.

------
libraryatnight
I just got a DJI Mavic Air to take pictures and videos when we go hiking. Now
I feel weird.

------
Tharkun
So I guess it's fine for the US to ship Intel hardware with suspected
backdoors in the ME. But it's somehow unacceptable for the Chinese to be
rumoured to do the same?

~~~
TomVDB
From the US point of view, that's a perfectly reasonable position to take.
(See also my reply here:
[https://news.ycombinator.com/item?id=19975483](https://news.ycombinator.com/item?id=19975483))

------
ENGNR
Now they know how everyone else feels

------
dillonmckay
Why not resolve the 737 MAX issues first, if we are worried about flying
things causing damage?

~~~
october_sky
This is not even the same Department. A government can and should have
multiple simultaneous priorities.

~~~
icxa
A government also can and should prioritize amongst multiple simultaneous
priorities.

~~~
october_sky
They do. That's why governments have different departments (DHS and DOT in
this case) and associated, prioritized budgets.

~~~
icxa
No I am talking about more directly. As an obvious example, in wartime
everything goes to support the defense of the nation and is shifted to support
that goal.

