DJI releases OnDefend security assessment finding zero critical or high-risk vulnerabilities in Air 3S and Matrice 4E drones tested over five months

U.S. security firm OnDefend conducted an independent cybersecurity assessment of DJI Air 3S and DJI Matrice 4E systems from October 2025 through March 2026, identifying 'zero critical, high, and medium-risk findings' across software, hardware, firmware, and radio frequency testing.

The assessment found no evidence of data transmission outside the United States, no identified backdoors or unauthorized remote access mechanisms, no unexplained radio frequency emissions, and no detected supply chain tampering or unauthorized hardware modifications. Ten low-risk findings and thirteen observations related to application security configurations were also identified.

DJI is using the assessment results to support its appeal of the FCC's December 2025 Covered List designation, which identifies communications equipment the FCC determines poses a risk to national security. The company argues that no specific technical vulnerability has been publicly identified to justify the designation.

The FCC review process now addresses both cybersecurity evaluation and supply chain resilience concerns, with the commission having established pathways for conditional approvals and exemptions for certain aircraft and components in recent months.