DJI Spark Owners Must Update Firmware By September, Or Their Machines Will Be Bricked

garymortimer shares a report from sUAS News: News has arrived of a mandatory firmware update from DJI. Owners of DJI's latest and smallest quadcopter must update their firmware by September the 1st or their machines will automatically ground themselves. The Firmware update apparently is to stop in flight shutdowns that have been occurring. So no bad thing to fix, a safety issue. Perhaps questionable is DJI's ability to brick other peoples property if required. The "Kill Switch" option is already causing consternation in user groups.

Kill switch?

They're just begging to get hacked and have their firmware code leaked.

Re:Kill switch?

[cb88]

No, the Military has banned their use... well the army at least. https://www.wired.com/story/army-dji-drone-ban/

Now is the time

[Snotnose]

To ensure your firmware can't be updated without your explicit permission. See also, Win 10.

Re:Now is the time

[somenickname]

Come on, man. You bought it so, what? You think you own it? That's totally 90s thinking. You just rented it until we decided you can't use it anymore.

I have that Stallman manifesto around here somewhere...

Re:Now is the time

[amiga3D]

Sadly, you may be joking but these companies now seem to think just like that.

Re:Now is the time

[ckatko]

SaaS is a super dangerous concept that he majority of computer users have no idea of what's going to happen.

  1 - Consolidation of services from standard capitalism. (I'm not arguing against capitalism.) As far as I can tell in my reading of history and experiences in life, all economies eventually end up as monopolies because users prefer simplicity.

  2 - You don't own your products.

  3 - What happens when the company goes out of business? We're basically banking our entire ownership of media on one thing. Either the owners of our current products will NEVER GO OUT OF BUSINESS (yeah, we're all using AOL--the last big tech company--right?) . Or 2), that somehow, through the "goodness of their hearts" all businesses will magically assume they might go out of business and have in their contract that your content must be transfered over. Except when they declare bankrupcy... what happens then? And what happens if people don't want to RUN the servers anymore? (Think of 90% of great FPS games from the 90's and 2000's that need dedicated, proprietary servers that were shut down.)

The ONLY thing that can save us is either moving away from SaaS, or, a law (good luck!) that stipulates that user content must be storable on the user's machine if no equivalent service is instantiated by the next company. And what if the next company has your stuff... but doesn't give a shit about your privacy and dumps adware into the old products? It's not like any company took someone else's products and bundled adware with it... ::cough::sourceforge::cough::

We are heading for a disaster and nobody even realizes it. What happens when we hit the next major recession / tech bubble burst? It's not like we're living in an era of super-hyper-valuation of unicorn startups with no viable income strategy yet. .. Oh... shit.

Re:Now is the time

[Anonymous+Brave+Guy]

We are heading for a disaster and nobody even realizes it.

Plenty of us in the tech community realize it. Unfortunately, most people outside the tech community don't understand the implications, and there are a lot more of them than us.

Re:Now is the time

[JaredOfEuropa]

"As a service" really means "at someone else's mercy"

Re:Now is the time

[Zocalo]

Some of us, including many in the tech media, definitely realise it and are taking the necessary steps but collectively you're right, of course. The comparative few that only store copies of their data in the cloud, or don't use it at all, in order to prevent data loss, refuse to use subscription software like Adobe's Creative Cloud, avoid hardware vendors like DJI that require Internet access to work, still buy physical media so they can rip their own DRM free copies, and so on are so few in number that it's not going to make much difference. The majority of the general public are almost certainly going to get burnt sooner or later when one of the Whatever-as-a-Service cloud providers they use has a serious data loss incident, goes bust, or whatever, and this is despite the warning signs of several smaller incidents already. It's not the the cloud is inherently bad - it's incredibly useful - but like any tool, you need to use it responsibly, and that's the concept that people are failing to understand at present.

Perhaps it would be for the best if a fairly popular service - like SoundCloud for instance, since they're already on the ropes - went under and got some mainstream coverage before the main bubble bursts. If that wakes up a few more people to the potential risks they are taking with their data and services and gets them to start spreading the word amongst others it might not turn out to be as major a disaster as it's got the potential to be. Then again, perhaps not. I'm pretty sure we all know someone who's response to losing some data when some random cloud service pulled the plug was to simply start over with another random cloud service, but there's just no helping some people - you've just got to do the best you can and, ultimately, make sure you and yours are covered.

So what is the kill mechanism?

[fuzzyfuzzyfungus]

Anyone know how the kill is implemented? Was the original firmware set with an expiration date, in anticipation of it receiving an exciting and mandatory upgrade; so the deadline was baked in from day one? Did some earlier, smaller, update quietly add this 'feature' to be announced at a later time? Is there no change whatsoever in the drone's behavior; but some companion app does a version check before it issues any flight commands; and will be updated to refuse to talk to the older version?

Regardless of implementation, this is a fine testament to the advantages of products that spend their entire lives phoning home to the vendor; but some implementations are even worse than others.

Re:So what is the kill mechanism?

[ShanghaiBill]

Anyone know how the kill is implemented?

I have DJI Mavic, not a Spark. Mine uses a smartphone as the controller GUI. When I connect my phone to the drone controller, the app will sometimes, but not always, check for updates. If an update is available, it is downloaded and installed, without any opportunity for opting out. Some of the downloads may be legally required, such as data for restricted airspace. Others, as in this case, are safety issues, so I don't see why anyone would want to opt out, or why anyone should be allowed to, since they may be endangering other people.

Nitpick: The headlines use of the work "brick" is misleading. The drone cannot be flown until it is updated, but it is not "bricked". As any true nerd knows, when something is "bricked" it is permanently and irrevocably disabled, which is not what this is.

Re:So what is the kill mechanism?

[freeze128]

Any mechanism based on a certain date will require the flight controller to keep track of time. If it can keep track of time, I bet the time can be changed to allow longer use of the old firmware... Not that you would want to in this case.

Re:So what is the kill mechanism?

[ColdWetDog]

And the easy way to get around the problem is the same way the Army could get around the lets-send-everything-China issue. You don't connect the thing to the Internet. Ever.

All my DJI drones are either on the original firmware or one that has been carefully vetted. The iPad they work off of never gets to talk to the rest of the world without adult supervision. It's possible that DJI put a timer in the software but that would be working very differently that they have. Their most recent ploy was to limit the Mavics to something like a 50 meter range until you logged in to DJI-world at least once. They certainly COULD put an honest to goodness timer in the software, but that would be a bigger dick move than usual.

DJI is really in a no win situation (of their own creation). As long as they sell (mostly) to Compleat Idiots they have to try to make their software idiot proof. A fool's errand if there ever was one.

Re:And the Army is really buying these things?

[ShanghaiBill]

What is the alternative? The DJI drones are a generation ahead of anything else on the market ... and with an 85-90% market share, they have enough revenue to extend their lead.

Disclaimer: I have a DJI Mavic Pro. It is very nice.

Re:Serious question

[andydread]

see here

Re:And the Army is really buying these things?

[fustakrakich]

What is the alternative?

Best drone ever... single motor, caged prop so you can safely bump into things, spherical shape so it can upright itself or even roll along the ground. Unfortunately the market has spoken, so there are very few of them.

Re:And the Army is really buying these things?

[ShanghaiBill]

Being the military, they can build (or contract out) their own.

The F-35 took 26 years to go from contract to production, and will cost a trillion dollars. But drones are props rather than jets, so maybe the V-22 Osprey is a better comparison. It took 32 years, and cost $36 billion.

Unless they have an unlimited budget and are building it for their great grandchildren, they need to go COTS.

Re:That's a good point, NEVER BUY FROM DJI

[110010001000]

No need to brag about living in a manor. We just have houses here.

no more DJI

[AndyKron]

I've pretty much had it with DJI and their anus sniffing techniques. The Mavic is my last DJI product. After that it's Fuck DJI and Fuck Apple forever!

Re:LOL, bricked

[ArchieBunker]

There is a good Defcon talk about this. The software keeps track with a database file and you can edit the file on your phone and override any no fly settings.

Think drone == aircraft

Imagine you had bought a full-fledged aircraft. If the manufacturer finds a dangerous flaw, the FAA can ground the entire fleet; no recourse. I am not pleased with society's over-reaction to drones (getting hard to find places to fly them), but I do believe in making them safer (and limiting the ability of idiots to give drones an even worse reputation).
As for the "bricking" headline, I suggest the original poster stop hyperventilating. Requiring you to update the firmware before flying again is nothing at all like bricking your device. Get a grip!

Re:And the Army is really buying these things?

[_Sharp'r_]

The army already builds (contracts out the building of) their own drones.

The micro-UAVs, the ones closest to a DJI ~(4.5 lbs), cost the Army (These are the inexpensive ones) $35,000 each for a Raven RQ-11B. A complete system (controller, spare parts, and three UAVs) costs $250,000 for the Raven and over $400,000 for Puma (6 lbs, heavier battery, flies longer).

So yeah, for the price of one Raven, you could only afford to buy 25 DJI Phantom 4 Pro drones. The Raven can go farther faster, the Phantom has a better camera and can avoid obstacles on it's own and circle/follow a target on its own, so they have complementary uses, but one is obviously way cheaper than the other.

Re:Brick it, how, exactly?

[BlueStrat]

Does it get bricked remotely, or is there an expiry date built into the existing firmware?

They're controlled/flown by a smartphone app. The app checks the firmware's software hash against a hash the app gets from DJI using your phone. If the hashes don't match, the controller-app won't let the drone take off.

Not entirely clear on whether or not the app will let the drone fly if there's no cell/'net service to be able to check current authorized hashes. Likely there's a 'window' of time (24 hours? 72 hours?) where no cell/'net service is not an issue and the app will allow takeoff, because if it follows most updating patterns, it probably only has to check once every so-many hours (24?). It can get time stamps from the GPS it uses.

I'm sure someone here more familiar with DJI-brand quadcopters in particular can provide more/better information.

Strat

Re:And the Army is really buying these things?

[segedunum]

I'm afraid your argument, whatever it is, makes absolutely no sense. The F-35 has been in constant development for a quarter of a century and there is no sign whatsoever that it will ever be fully combat ready in any way shape or form. Certainly not in a way that meets its requirements. We're now into territory where you're looking at it being cancelled if some serious progress is not shown within a very short period of time.

Lockheed has desperately tried to get it combat ready with a list of caveats as long as your arm because the programme would otherwise be in serious jeopardy of getting cancelled. There are always software updates on the horizon so that the plane can complete this mission or that mission, at some point in the future. The planes are constantly flown with a whole load of capabilities turned off or severely restricted. But hey, it's flying so things must be fine!

Just the tip of the iceberg.

[CptLoRes]

The hacking community have been pulling apart DJI drone software and firmwares for a while now. And the more they learn, the worst it gets. For example both the iOS and Android versions of the DJI GO 4 app have built in hot patch functionality (Tencent Tinker / JSPatch), then enables DJI to make unrestricted app modifications outside of the users control. This is in direct violation of app developer policies on both platforms. And after the community found out, DJI has been scrambling hard to avoid getting their apps banned. It is also speculated this is one of the primary reasons why DJI drones recently was banned from US military usage.

Re:That's a good point, NEVER BUY FROM DJI

[thegarbz]

But the very fact that the maker of your product can now KILL IT via remote software? How is this NOT a major strike against this company?

Probably because it's not true and media reporting is going down the shitter making everyone angry for no reason.

The DJI drones frequently need to check for updates to the no-fly zones or they don't take off. Updates are mandatory and this will be pushed like every other one. Aside that it is in the media this is just situation normal for owners of DJI drones (which need mobile phones to fly anyway).

Second thoughts

[jenningsthecat]

While my first response to this situation was outrage, sober second thoughts have prevailed, and I now see some sense in DJI's actions. They have a moral obligation to the public, (and a fiduciary obligation to their shareholders - I don't give a shit about that, but some people do), to ensure that the products they sell remain both safe, and compliant with changing regulations. The problem here is not in their ability to enforce updates that correct safety shortcomings and allow for changes in legal requirements, no-fly zones, etc. The problem is the lack of a regulatory framework with teeth - one that would ensure continued functioning of the products if the company folds, and would also forbid them from charging for post-purchase updates, stop them from force-updating random shit in order to siphon more money, data, or whatever out of the buyer, etc.. (We'll likely never see that regulation, because the gubmint pays allegiance to the corps, not the voters - but that's a whole 'nother topic).

In the old days of amateur radio, when home-built transmitters could screw up TV reception, aircraft communication, and emergency services more easily than they can now, the technical barriers to entry were such that by the time most people knew enough to build such a transmitter, they also knew enough to build it correctly and use it responsibly. Today, in the case of drones, any fuckwit can buy one and wreak all kinds of havoc. In short, irresponsible people who would use drones unsafely or illegally, are the reason we can't have drones that we truly own. Unless we make 'em ourselves... ;)

Re:Now is the timen -- WII

[fish_in_the_c]

Anybody tried to use the app store on their wii lately?
When Netflix updates there codex Netflix will no longer work because there is no way to update on the wii.

Sure purchased games still work but the device has certainly lost some of it's functionality, including the ability of most games to network. That is a company that didn't even go out of business. Just stopped supporting their own product.

Re:And the Army is really buying these things?

[neilo_1701D]

The F-35 has been in constant development for a quarter of a century and there is no sign whatsoever that it will ever be fully combat ready in any way shape or form. Certainly not in a way that meets its requirements. We're now into territory where you're looking at it being cancelled if some serious progress is not shown within a very short period of time.

For real? What government has the balls to back out of the F-35 now? Australia has pretty much decided not to buy anything else, so the existing fleet is getting older and older. The US (from what I can see) has gone the same way: if it's not F-35 then it's obsolete. Heck; look at the stink when the A-10's where being considered for mothballing.

In my personal, armchair general view of the fighters, the F-35 program is so far into escalation-of-commitment group-think territory the only way out is to cancel the fighter and dismiss every single person involved with the aircraft where ever they are in whatever capacity they serve. Well, maybe not dismiss; maybe reassign. But whatever. The "we can't start again because we're too far behind" argument must be drowned out by "you're so far behind the opposition is almost a generation ahead" at some point. But that's not going to happen.

Re:And the Army is really buying these things?

[Khyber]

A Delta Fan isn't a quad. It's a fucking jet turbine masquerading as a computer cooling fan.