Drones without known security weaknesses can be targeted by electromagnetic interference injection (EMFI) attacks, which can allow threat actors to execute arbitrary code to compromise functionality and security.
The research, by IOActive, found that “it is possible to compromise a target device by injecting a specific EM glitch at the right time during a firmware update.”
“This would allow attackers to execute code on the main processor and gain access to the Android OS, which implements the drone’s core functionality,” Gabriel Gonzalez, the company’s director of hardware security, said in a statement earlier this month. said in a report that was published.
The study was conducted to determine the current security posture of Unmanned Aerial Vehicles (UAVs), with DJI’s popular UAVs employing various security features such as signed and encrypted firmware and Trusted Execution Environments (TEE). It was conducted on the Mavic Pro, a quadcopter drone from ), secure boot.
Side-channel attacks typically work by indirectly gathering information about the target system by exploiting unintentional information leaks resulting from variations in power consumption, electromagnetic radiation, and the time it takes to perform various mathematical operations. .
EMFI induces hardware corruption by placing a metal coil in physical proximity to the drone’s Android-based control CPU, ultimately causing memory corruption that can be exploited to execute code. is intended for
“This could allow an attacker to take complete control of one device, exfiltrate all sensitive content, enable ADB access, and exfiltrate encryption keys,” Gonzalez said.
Regarding mitigation, it is recommended that drone developers incorporate hardware and software-based EMFI countermeasures.
This is not the first time IOActive has revealed an uncommon attack vector that could be used as a weapon to target systems. In June 2020, the company detailed a new technique that enables attacks on industrial control systems (ICS) using barcode scanners.
Other assessments include misconfigured long-range wide area network (LoRaWAN) protocol security susceptibility to hacking and cyber-attacks, and vulnerabilities in power line communication (PLC) components used in tractor-trailers. is clarified.
