New Electromagnetic Attacks on Drones Could Let Attackers Take Control
Drones that have no known security weaknesses may become targets of electromagnetic error injection (EMFI) attacks, which can potentially allow threat actors to achieve arbitrary code execution and compromise their functionality and security.
The research comes from IOActive, which found that “it is possible to compromise the targeted device by injecting certain EM errors at the right time during a firmware update.”
“This will enable an attacker to gain code execution on the main processor, gaining access to the Android OS that implements the core functionality of the drone,” said Gabriel Gonzalez, director of hardware security at the company, in a report published this month.
That Studywhich was carried out to find out the current security posture of Unmanned Aerial Vehicles (UAV), carried out in Mavic Proa popular quadcopter drone manufactured by DJI that uses various security features such as signed and encrypted firmware, Trusted Execution Environment (TEE), and Secure Boot.
Side-channel attacks usually work by gathering information indirectly about the target system by exploiting unwanted information leaks arising from variations in power consumption, electromagnetic emission, and time required to perform different mathematical operations.
EMFI aims to induce hardware interrupts by placing a metal coil in close physical proximity to the Android-based Drone Control CPU, eventually resulting in memory corruption, which can then be exploited to achieve code execution.
“This could allow an attacker to completely control a single device, leak all of its sensitive content, enable ADB access, and potentially leak encryption keys,” said Gonzalez.
As for mitigation, it is recommended that drone developers combine both hardware and software based EMFI countermeasures.
This is not the first time IOActive highlighted an unusual attack vector that can be armed to target systems. In June 2020, the company detailed a new possible method to attack industrial control systems (ICS) using barcode scanners.
Other ratings have described security configuration error in a Remote Wide Area Network (LoRaWAN) protocol which makes it vulnerable to hacking and cyber attacks as well vulnerability in Power Line Communications (PLC) components used in tractor trailers.
