Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Software Hardware Technology

DJI Spark Owners Must Update Firmware By September, Or Their Machines Will Be Bricked (suasnews.com) 182

garymortimer shares a report from sUAS News: News has arrived of a mandatory firmware update from DJI. Owners of DJI's latest and smallest quadcopter must update their firmware by September the 1st or their machines will automatically ground themselves. The Firmware update apparently is to stop in flight shutdowns that have been occurring. So no bad thing to fix, a safety issue. Perhaps questionable is DJI's ability to brick other peoples property if required. The "Kill Switch" option is already causing consternation in user groups.
This discussion has been archived. No new comments can be posted.

DJI Spark Owners Must Update Firmware By September, Or Their Machines Will Be Bricked

Comments Filter:
  • Kill switch? (Score:2, Insightful)

    by Anonymous Coward

    They're just begging to get hacked and have their firmware code leaked.

  • by Snotnose ( 212196 ) on Monday August 21, 2017 @09:05PM (#55060617)
    To ensure your firmware can't be updated without your explicit permission. See also, Win 10.
    • by somenickname ( 1270442 ) on Monday August 21, 2017 @10:46PM (#55060975)

      Come on, man. You bought it so, what? You think you own it? That's totally 90s thinking. You just rented it until we decided you can't use it anymore.

      I have that Stallman manifesto around here somewhere...

      • Re:Now is the time (Score:5, Insightful)

        by amiga3D ( 567632 ) on Monday August 21, 2017 @11:00PM (#55061029)

        Sadly, you may be joking but these companies now seem to think just like that.

      • Re:Now is the time (Score:5, Interesting)

        by Chris Katko ( 2923353 ) on Monday August 21, 2017 @11:39PM (#55061141)

        SaaS is a super dangerous concept that he majority of computer users have no idea of what's going to happen.

          1 - Consolidation of services from standard capitalism. (I'm not arguing against capitalism.) As far as I can tell in my reading of history and experiences in life, all economies eventually end up as monopolies because users prefer simplicity.

          2 - You don't own your products.

          3 - What happens when the company goes out of business? We're basically banking our entire ownership of media on one thing. Either the owners of our current products will NEVER GO OUT OF BUSINESS (yeah, we're all using AOL--the last big tech company--right?) . Or 2), that somehow, through the "goodness of their hearts" all businesses will magically assume they might go out of business and have in their contract that your content must be transfered over. Except when they declare bankrupcy... what happens then? And what happens if people don't want to RUN the servers anymore? (Think of 90% of great FPS games from the 90's and 2000's that need dedicated, proprietary servers that were shut down.)

        The ONLY thing that can save us is either moving away from SaaS, or, a law (good luck!) that stipulates that user content must be storable on the user's machine if no equivalent service is instantiated by the next company. And what if the next company has your stuff... but doesn't give a shit about your privacy and dumps adware into the old products? It's not like any company took someone else's products and bundled adware with it... ::cough::sourceforge::cough::

        We are heading for a disaster and nobody even realizes it. What happens when we hit the next major recession / tech bubble burst? It's not like we're living in an era of super-hyper-valuation of unicorn startups with no viable income strategy yet. .. Oh... shit.

        • We are heading for a disaster and nobody even realizes it.

          Plenty of us in the tech community realize it. Unfortunately, most people outside the tech community don't understand the implications, and there are a lot more of them than us.

        • "As a service" really means "at someone else's mercy"
        • by Zocalo ( 252965 )
          Some of us, including many in the tech media, definitely realise it and are taking the necessary steps but collectively you're right, of course. The comparative few that only store copies of their data in the cloud, or don't use it at all, in order to prevent data loss, refuse to use subscription software like Adobe's Creative Cloud, avoid hardware vendors like DJI that require Internet access to work, still buy physical media so they can rip their own DRM free copies, and so on are so few in number that i
        • by Kjella ( 173770 )

          1 - Consolidation of services from standard capitalism. (I'm not arguing against capitalism.) As far as I can tell in my reading of history and experiences in life, all economies eventually end up as monopolies because users prefer simplicity.

          Hardly. But there are strong incentives for profit-seeking companies to corner markets and extract profit. Capitalism loves competition, the companies in a capitalistic society hate it. And because consumers are individuals we tend to grab our personal short term gain to the deteriment of the long term market.

          2 - You don't own your products.

          No, but most people figure that if something turns to shit they can find something else. They can't control what Microsoft is doing with Windows but they can get a Mac. Sure in a perfect world but...

          3 - What happens when the company goes out of business?

          Bi

        • There's several things driving this, not least of which is C'level's have been convinced that hiring on site tech workers is a bad thing and they can hold you hostage. (sky high salaries, HR problems, open positions... etc)
          I have literally had different CEO's from different companies in different States say "I don't want to be held hostage by a developers" as a reason not to hire on site programmers. No irony there.....
          So shoving your life blood into something that looks like the "internet" that always
        • We are heading for a disaster and nobody even realizes it.

          Plenty of us do realize it, but you're right -- plenty don't. Even here, when I express my concern about and mitigation measures against these sorts of things, people sometimes accuse me of paranoia.

  • by fuzzyfuzzyfungus ( 1223518 ) on Monday August 21, 2017 @09:14PM (#55060647) Journal
    Anyone know how the kill is implemented? Was the original firmware set with an expiration date, in anticipation of it receiving an exciting and mandatory upgrade; so the deadline was baked in from day one? Did some earlier, smaller, update quietly add this 'feature' to be announced at a later time? Is there no change whatsoever in the drone's behavior; but some companion app does a version check before it issues any flight commands; and will be updated to refuse to talk to the older version?

    Regardless of implementation, this is a fine testament to the advantages of products that spend their entire lives phoning home to the vendor; but some implementations are even worse than others.
    • by ShanghaiBill ( 739463 ) on Monday August 21, 2017 @09:30PM (#55060707)

      Anyone know how the kill is implemented?

      I have DJI Mavic, not a Spark. Mine uses a smartphone as the controller GUI. When I connect my phone to the drone controller, the app will sometimes, but not always, check for updates. If an update is available, it is downloaded and installed, without any opportunity for opting out. Some of the downloads may be legally required, such as data for restricted airspace. Others, as in this case, are safety issues, so I don't see why anyone would want to opt out, or why anyone should be allowed to, since they may be endangering other people.

      Nitpick: The headlines use of the work "brick" is misleading. The drone cannot be flown until it is updated, but it is not "bricked". As any true nerd knows, when something is "bricked" it is permanently and irrevocably disabled, which is not what this is.

      • To "brick" a device is to make it worth nothing more than a brick, it just sits there and does nothing. That's totally accurate and appropriate for the article. This one simply happens to come with a ceveat that reverts the brick status.
      • by AmiMoJo ( 196126 )

        I wonder what happens if you firewall that app so it can't check for updates. If you are on Android and want to try there are loads of free firewall apps.

        • It works just fine. That's what most advanced users that are annoyed with DJI do.

          Don't talk to momma.

        • If you are on Android and want to try there are loads of free firewall apps.

          Some are better than others, but yes. This is what I do -- for all apps. By default, every app is firewalled off so that it can't talk through the WiFi or cell network at all. I selectively allow a few specific apps net access, but mostly -- nobody gets to talk.

          This is for two reasons: so that I don't have to worry as much about what data apps are sending home, and so I can minimize the number of apps that auto-update.

      • As any true nerd knows, when something is "bricked" it is permanently and irrevocably disabled, which is not what this is.

        Disagreed. In the first place, a device which even a 'true nerd' considers bricked, may be repairable by someone with greater knowledge, more skill, or access to special parts, documentation, or software. So the definition of 'bricked' is situational. Secondly, if the owner doesn't consent to the update, (and ANY reason for not consenting is perfectly valid, from the standpoint of a true owner), then the craft is bricked, unless and until there is a third-party workaround. So the definition of 'bricked' is

      • I also have a Mavic, and I don't know what you're doing, but I can choose to skip any update that comes out. I've never been forced to install any update, either on my phone or on the drone itself. It has always been my choice to install the updates.

      • And the easy way to get around the problem is the same way the Army could get around the lets-send-everything-China issue. You don't connect the thing to the Internet. Ever.

        All my DJI drones are either on the original firmware or one that has been carefully vetted. The iPad they work off of never gets to talk to the rest of the world without adult supervision. It's possible that DJI put a timer in the software but that would be working very differently that they have. Their most recent ploy was to limi

      • The headlines use of the work "brick" is misleading. The drone cannot be flown until it is updated, but it is not "bricked".

        If one doesn't want the update (for whatever reason) his/her drone is bricked. Your nitpick is pointless.

      • I don't see why anyone would want to opt out, or why anyone should be allowed to

        Why they'd want to is unimportant. The important issue is -- do they own the thing or not? If so, then it makes zero sense to force any change to the product on them, no matter how desirable it may be. If it's that desirable, then people will voluntarily make the change.

    • Any mechanism based on a certain date will require the flight controller to keep track of time. If it can keep track of time, I bet the time can be changed to allow longer use of the old firmware... Not that you would want to in this case.
      • I bet the time can be changed to allow longer use of the old firmware...

        It uses a smartphone as the GUI for the controller, so it can pull the time from the cellular network.

        The drone also has a GPS receiver, and can get a timestamp from the GPS satellites, accurate to within 40 nanoseconds.

      • by AmiMoJo ( 196126 )

        It probably gets the time from the GPS receiver. Most GPS receivers still use RS232 signalling (at 3.3V level), and most use the simple NMEA protocol. It would not be at all difficult to program a microcontroller to man-in-the-middle the data and change the date. The main difficulty would be physically installing it.

        • MOST users of the DJI consumer quads have problems following the 4 step directions to update the firmware. Hacking the GPS data stream would be well beyond the vast majority of them and DJI couldn't give a rat's ass about the hundred or so folks so inclined.

          We;re in consumerville here.

    • by JustNiz ( 692889 )

      >> this is a fine testament to the advantages of products that spend their entire lives phoning home to the vendor

      I think you mean disadvantages

    • by AHuxley ( 892839 )
      A big walk in faraday cage to work on setting the date to 1984?
  • Where are the FOSS firmwares for these things, from the likes of which routers have benefited for many years?

    • Re:Serious question (Score:4, Informative)

      by andydread ( 758754 ) on Monday August 21, 2017 @09:20PM (#55060679)
      see here [dronin.org]
    • Getting root on DJI drones seems trivial usually having SSH open with a default password, unfortunately the firmware is signed so full modification of firmware is problematic without the key, though I have an idea about that. Unfortunately I don't have a DJI drone accessible to test my theory at the moment.

    • by caseih ( 160668 )

      Pretty much everywhere, honestly. Except for DJI, nearly all drones are flown with open-source controllers. ArduPilot was one of the earlier successful ones. There are dozens of drone platforms to choose from, some of which are very capable.

      None of them are as slick and polished as DJI's project, though.

  • Personally I have never been into ANYTHING that can connect to a cell phone in this manor for a lot of reasons.. But the very fact that the maker of your product can now KILL IT via remote software? How is this NOT a major strike against this company? I mean, of all the ways you could have done this you just flat out remote kill it?

    Well I tell you what DJI. You just earned yourself a permanent 'no sale' from me on any product you make. But hey, to be honest you got a hard no sale on the drone from the

    • by 110010001000 ( 697113 ) on Monday August 21, 2017 @10:20PM (#55060889) Homepage Journal
      No need to brag about living in a manor. We just have houses here.
    • by SeaFox ( 739806 )

      Personally I have never been into ANYTHING that can connect to a cell phone in this manor for a lot of reasons.. But the very fact that the maker of your product can now KILL IT via remote software?

      Is it really remote software? Maybe the firmware simply has a built in expiration date so you have to keep it up to date to keep the product flying.

    • But the very fact that the maker of your product can now KILL IT via remote software? How is this NOT a major strike against this company?

      Probably because it's not true and media reporting is going down the shitter making everyone angry for no reason.

      The DJI drones frequently need to check for updates to the no-fly zones or they don't take off. Updates are mandatory and this will be pushed like every other one. Aside that it is in the media this is just situation normal for owners of DJI drones (which need mobile phones to fly anyway).

      • Toe-may-toe, toe-mah-toe.

        • Remote brick is not the same as a recognised requirement to update firmware periodically. Not even remotely (pun intended).

          • If updates are mandatory, and they use an update to intentionally brick your device, then the end result is identical to having a kill switch.

            Yes, the mechanisms are different, but for this sort of issue, it's a distinction without a difference.

            • it's a distinction without a difference.

              No it's not. Remote brick implies someone has remote access to your device. Putting them in the same category is utterly asinine.

    • DJI is doing this for liability reasons and I have absolutely no problem with it as the owner of a Mavic Pro.

      If you don't like it, go buy your gear somewhere else.

  • Government mandated "kill" switch to remotely ground them? Government mandated "kill" switch if they fly too high/too close where they aren't? Nice...you WILL install this update, or we'll BRICK your device. Sorry, I would never buy a product, that they say, you install this update, or we'll destroy property that you purchased.
  • by AndyKron ( 937105 ) on Monday August 21, 2017 @10:27PM (#55060911)
    I've pretty much had it with DJI and their anus sniffing techniques. The Mavic is my last DJI product. After that it's Fuck DJI and Fuck Apple forever!
  • that you don't really own it. . . . it's more of a subscription plan type thing :D

    They allow you to play with their shiny new toy ( for a fee of course ) but you'll play with it as you're told. If you don't, we'll take it away.
    And - there - is - nothing - you - can - do - about - it ( except not buy the damn thing in the first place )

    I just love that feeling. . . . don't you ?

    ( It's like Microsoft. . . . or Adobe. . . or Autodesk . . . or Cable TV . . . or . . . damn this is pretty common these days huh ?

  • ...country. C'mon! What did you expect?!? Ever since we (America) gave all of our manufacturing (and engineering, design, etc.) to Communist China, we've been transferring our Sovereignty to them. And I include Apple, etc. in that category axs they caved so easily in their "Privacy" concerns in exchange for Chinese $$$.
  • So it won't fly if you don't upgrade the firmware. That isn't the same as "bricked."

    Bricked is when it won't do anything. As in, it's a brick. Won't boot / communicate / etc... Usually recovering something that's bricked involves re-flashing firmware offline somehow, or running some sort of emergency recovery utility and spoon-feeding it a bootloader over USB/serial/I2C/whatever.

    DJI set up the app so it won't let the drone take off.

    It's as if there's one person who writes how characters talk about computers

  • by Anonymous Coward

    Imagine you had bought a full-fledged aircraft. If the manufacturer finds a dangerous flaw, the FAA can ground the entire fleet; no recourse. I am not pleased with society's over-reaction to drones (getting hard to find places to fly them), but I do believe in making them safer (and limiting the ability of idiots to give drones an even worse reputation).
    As for the "bricking" headline, I suggest the original poster stop hyperventilating. Requiring you to update the firmware before flying again is nothing

    • That's still legal grounding, not technical. I can still take off with that plane if I so please, provided I'm willing to risk my license and very likely freedom.

      But I fuckin' CAN!

      • So walk the software back a couple of versions. DJI even keeps the old version in around in case the upgrade screws up. You can download all sorts of firmware versions on the DJI website. Of course, it's a cat and mouse game to some extent. DJI has recently only allowed you to go back on version instead of to an arbitrary set.

        Progress?

        • Not really. Forcing me to use a certain version, or just disallowing me to use a certain version, is not acceptable.

      • So don't buy a damn DJI quadcopter if you don't like their restrictions!
    • DJI is not a legal authority. This is child's logic.
  • Does it get bricked remotely, or is there an expiry date built into the existing firmware? I'm pretty darn sure that if it's the former, but the only way I can see that being enforceable is if they also required the 'copter to have an internet connection either before or during each flight.
    • Does it get bricked remotely, or is there an expiry date built into the existing firmware?

      They're controlled/flown by a smartphone app. The app checks the firmware's software hash against a hash the app gets from DJI using your phone. If the hashes don't match, the controller-app won't let the drone take off.

      Not entirely clear on whether or not the app will let the drone fly if there's no cell/'net service to be able to check current authorized hashes. Likely there's a 'window' of time (24 hours? 72 hours?) where no cell/'net service is not an issue and the app will allow takeoff, because if it

  • Why, please tell me, would I want to buy something where the maker and not me gets to decide what lifespan the product gets to have? We're back at the garage openers that are under 100% control of the company making them, why the hell would I willingly hand over control over my product to the maker? At the very least I'd want the option to wipe their software and install my own.

  • When I bought my drone I looked into various manufacturers and types including DJI and saw that buying a DJI was a recipe for disaster. You don't want to become slaved to the manufacturer with forced updates and requiring Internet connection and other silly stuff. This can seriously hinder your usage of the drone just when you need to use it, not to mention what will happen when the company goes broke. Bye bye drone.

    So I bought a chinese drone instead with no "no-fly zone" garbage and no forced updates of a

  • by CptLoRes ( 4510239 ) on Tuesday August 22, 2017 @06:57AM (#55061999)
    The hacking community have been pulling apart DJI drone software and firmwares for a while now. And the more they learn, the worst it gets. For example both the iOS and Android versions of the DJI GO 4 app have built in hot patch functionality (Tencent Tinker / JSPatch), then enables DJI to make unrestricted app modifications outside of the users control. This is in direct violation of app developer policies on both platforms. And after the community found out, DJI has been scrambling hard to avoid getting their apps banned. It is also speculated this is one of the primary reasons why DJI drones recently was banned from US military usage.
  • by jenningsthecat ( 1525947 ) on Tuesday August 22, 2017 @08:33AM (#55062287)

    While my first response to this situation was outrage, sober second thoughts have prevailed, and I now see some sense in DJI's actions. They have a moral obligation to the public, (and a fiduciary obligation to their shareholders - I don't give a shit about that, but some people do), to ensure that the products they sell remain both safe, and compliant with changing regulations. The problem here is not in their ability to enforce updates that correct safety shortcomings and allow for changes in legal requirements, no-fly zones, etc. The problem is the lack of a regulatory framework with teeth - one that would ensure continued functioning of the products if the company folds, and would also forbid them from charging for post-purchase updates, stop them from force-updating random shit in order to siphon more money, data, or whatever out of the buyer, etc.. (We'll likely never see that regulation, because the gubmint pays allegiance to the corps, not the voters - but that's a whole 'nother topic).

    In the old days of amateur radio, when home-built transmitters could screw up TV reception, aircraft communication, and emergency services more easily than they can now, the technical barriers to entry were such that by the time most people knew enough to build such a transmitter, they also knew enough to build it correctly and use it responsibly. Today, in the case of drones, any fuckwit can buy one and wreak all kinds of havoc. In short, irresponsible people who would use drones unsafely or illegally, are the reason we can't have drones that we truly own. Unless we make 'em ourselves... ;)

    • 'Ski lifts????? Now irresponsible and unfit people will be able to ski too, the horror.....' I have heard this Liberty ignoring tripe my whole life...
  • Your drone should be able to fall out of the sky and kill anyone that it wants whenever it wants because you want the choice to be able to fix it at your convenience.

    Fuck right on off.

  • How are they able to self-brick but not self-update?
  • On the one hand, we have people who routinely don't do updates because they can't be bothered, or don't feel they bear any responsibility to the upkeep of their equipment.

    On the other hand, you have companies like Microsoft who have done an excellent job of fucking up so many updates so badly, that people are now *afraid* to update for fear of having their machines get hosed.

    So we're stuck taking everything at a case-by-case basis. If DJI doesn't have a history of botching their updates, there is no excuse

  • The "Kill Switch" option is already causing consternation in user groups.

    Who could have expected that people would be upset that it turns out they don't own a device that they thought they owned?

When in doubt, mumble; when in trouble, delegate; when in charge, ponder. -- James H. Boren

Working...