KYIV, Ukraine — As Russian tanks bore down on the Ukrainian capital of Kyiv in February, Ukrainian units fought brawn with brains.
Deploying commercial drones originally designed for photography, operators coordinated with artillery units to bring down punishing fire that turned Russia’s neat lines of tanks into smoldering wreckage.
Ukraine’s government soon realized there was a problem, though. They believed Russia was exploiting a device called an AeroScope, made by China’s Shenzhen DJI Technology Innovation Co., Ltd., to find and kill the operators of its flying drones.
AeroScope is able to identify the vast majority of popular drones on the market today by analyzing their electronic signals to gain critical information, according to the company. DJI sells AeroScopes that identify the location of individuals who are operating uncrewed aerial vehicles in protected airspace.
“Block your products that are helping Russia to kill the Ukrainians! [sic]” wrote Ukraine Minister of Digital Transformation Mykhailo Fedorov on his Twitter page in March. DJI refused, stating that this functionality “cannot be turned off.”
Ukraine, however, had an ace up its sleeve. DJI’s claim was, in fact, false — a reality quietly exposed by drone researchers in 2018. In early May of 2022, drone programmers released an open-source software program that allowed drone pilots to cloak themselves from AeroScope tracking, according to a researcher who spoke on condition of anonymity.
The software is key to Ukrainian efforts to keep drone operators safe and is a symbol of the ways in which the country has sought to hack its way to victory against Russia. DJI, meanwhile, has sought to quash the workaround.
AeroScopes identify drone operator’s positions thanks to something called Remote ID, a program that is part of DJI drones’ firmware. Remote ID broadcasts the operator’s positions, as well as the position of the drone, whenever it’s in operation. Once a drone operator is identified using an AeroScope device, Russian forces can rain down fire on them from their artillery and rocket systems.
While it’s unclear how many operators have fallen victim to AeroScopes, one instructor working with the military told Radio Liberty in August that casualties were initially high due to operators taking insufficient security precautions. DJI-brand drones are “ubiquitous” in the battlefront, according to Samuel Bendett of The Center for Naval Analyses, a U.S. research and analysis organization.
In May, Ukrainian drone operators discovered a software program that disables Remote ID, according to an operations officer in Ukraine’s 68th Jager brigade who wished to remain anonymous. The program activates a simple command in the DJI firmware that switches Remote ID on or off. The drone officer said he was told about the program by a friend in another drone unit.
Like a Jeep with no doors
The program used by drone operators to hide from AeroScopes, titled CIAJeepDoors, operates by activating a simple command in the DJI firmware that switches Remote ID on or off. The name is a reference to the dangers of flying a drone with Remote ID turned on, which the authors in the software’s instructions compared to riding around in a Jeep with no doors.
CIAJeepDoors is delivered by a device called an Olga, a simple black box that plugs into a drone’s USB port. When the code is delivered, a green light blinks on. The drone software is not overwritten, the officer stated, but merely continues operating as normal with the Remote ID switched off.
Not every operator uses CIAJeepDoors, according to Yaroslav Markevich, a drone commander in Ukraine’s Khartia battalion. The Jager officer said that special forces units he had encountered used a different program with similar qualities. Markevich, speaking from a cafe in the frontline city of Kharkiv, said his drone operators used an alternative to CIAJeepDoors that he did not name.
Indeed, hiding from AeroScopes is just one of the many ways operators can manipulate protocols for their own ends. Other open-source programs, for example, offer users the ability to create their own AeroScopes, or to mimic Remote ID signals to spoof an illusory drone storm.
‘Chinese military company’
DJI, meanwhile, appears to be attempting to shut down the Remote ID loophole, despite claiming that no such loophole existed. The company, identified by the Pentagon this month as a “Chinese military company” operating in the U.S., announced in April that it was temporarily ending the sale of drones in Ukraine and Russia.
A drone researcher and 68th Jager officer both said that DJI is producing drones with firmware that does not allow Remote ID to be switched off. The Jager officer said that these drones began appearing sometime in June, or shortly after the CIAJeepDoors code was created. Operators cannot hide these drones from Aeroscopes without hacking them.
Some DJI initiatives even mean that older models of drones, including those that were previously rendered safe, may end up spotted by Russian AeroScopes.
The company did not immediately respond to an emailed request for comment.
Taras Ermakov, a spokesperson for Ukrainian air-intelligence unit Karlson, said Russia is still using AeroScopes against his unit.
Within as little as five or six minutes, Taras said, Russia can find and begin to target Karlson’s drone operators using the devices. Then comes strikes from Russian artillery or even from Grad missile launchers, which can launch a hail of 40 nine-feet long rockets in as little as 20 seconds.
“They see us a lot,” he wrote in comments to C4ISRNET.
Sam Skove is a Kyiv-based freelance journalist from the United States. His work has appeared in Radio Liberty, Newsweek, and The Center for European Policy Analysis.