Computer Fraud and Abuse Act
I'm assuming these people aren't randomly attacking drones that happen to pass by overhead but are actively trying to find bugs in the software of drones that either belong to the security researchers or which they have been given permission to investigate by their owners.
If DJI think it's a criminal offence to access a computer that belongs to you without their permission, then there's rather more to worry about than an NDA.