New Electromagnetic Attacks on Drones Could Let Attackers Take Control

New Electromagnetic Attacks on Drones Could Let Attackers Take Control

Drones that don’t have any known security weaknesses could be the target of electromagnetic fault injection (EMFI) attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety.

The research comes from IOActive, which found that it is “feasible to compromise the targeted device by injecting a specific EM glitch at the right time during a firmware update.”

The study, which was undertaken to determine the current security posture of Unmanned Aerial Vehicles (UAVs), was carried out on Mavic Pro, a popular quadcopter drone manufactured by DJI that employs various security features like signed and encrypted firmware, Trusted Execution Environment (TEE), and Secure Boot.

EMFI aims to induce a hardware disruption by placing a metal coil in close physical proximity to the Android-based Control CPU of the drone, ultimately resulting in memory corruption, which could then be exploited to achieve code execution.

“This could allow an attacker to fully control one device, leak all of its sensitive content, enable ADB access, and potentially leak the encryption keys,” Gonzalez said.

As for mitigations, it’s recommended that drone developers incorporate hardware- and software-based EMFI countermeasures.

This is not the first time IOActive has highlighted uncommon attack vectors that could be weaponized to target systems. In June 2020, the company detailed a novel method that makes it possible to attack industrial control systems (ICS) using barcode scanners.

Other assessments have illustrated security misconfigurations in the Long Range Wide Area Network (LoRaWAN) protocol that make it susceptible to hacking and cyber attacks as well as vulnerabilities in the Power Line Communications (PLC) component used in tractor trailers.