Drones that don’t have any known security weaknesses could be the target of electromagnetic fault injection (EMFI) attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety.
The research comes from IOActive, which found that it is “feasible to compromise the targeted device by injecting a specific EM glitch at the right time during a firmware update.”
“This would allow an attacker to gain code execution on the main processor, gaining access to the Android OS that implements the core functionality of the drone,” Gabriel Gonzalez, director of hardware security at the company, said in a report published this month.
The study, which was undertaken to determine the current security posture of Unmanned Aerial Vehicles (UAVs), was carried out on Mavic Pro, a popular quadcopter drone manufactured by DJI that employs various security features like signed and encrypted firmware, Trusted Execution Environment (TEE), and Secure Boot.
images from Hacker News