Drone Security White Paper
The white paper outlines key systems in our drones and the security measures DJI has implemented to bolster security, enhance privacy controls, and protect the integrity of user data. It has been updated to reflect additional security improvements and new product developments, in line with our longstanding commitment to drone safety and security.
The paper covers the following components of a DJI drone system:
1. Device security:
Employment of Trusted Execution Environment (TEE) and FIPS-certified DJI Core Crypto Engine for strong chip and hardware security.
2. Application security:
Introduces DJI’s approach to securing the flight applications that operate the drones, as well as covers SDK and open source information.
3. Data security & privacy controls:
DJI believes users should have control over their data. As such, we continuously enhance and expand the security protocols and privacy controls built into our drones. For example, any personal information provided by users (such as names or email addresses for account registration) is secured with AES-256 encryption while in storage. Operators can activate “Local Data Mode,” which disconnects the flight app from the internet entirely. They also have the option to operate and update their drone offline and can add a non-decryptable security code for an added layer of protection.
4. Communication security:
Lists the protocols and security considerations for device interconnection between the drone, its remote controller, cloud infrastructure and mobile device (where applicable).
5. Cloud security:
Outlines DJI’s options for storing and managing data on different types of cloud architecture. This includes DJI FlightHub 2 On-Premises version which offers enterprise operators with a private cloud solution for self-managed data control, allowing independent deployment within their own networks while preserving all core functionalities.
6. Security audits & certifications:
Summarizes third-party audits conducted in the U.S. and Europe, and lists key certifications including FIPS 140-2 and ISO 27001. Since the last edition of this white paper, DJI has undergone two additional notable assessments: a 2024 security audit conducted by FTI Consulting and an ISO 27701 certification for DJI FlightHub 2 in 2025.
7. Bug Bounty Program:
DJI is the first drone maker to introduce a Bug Bounty Program to encourage security researchers to contribute to our data security efforts by responsibly detecting and reporting potential vulnerabilities. The program has been running since 2017, with rewards for qualifying bugs ranging from $50 USD to $30,000 USD, based on DJI's risk assessment of the potential impact of any discovered vulnerabilities.