uTalk
Official forum for Utopia Community
You are not logged in.
- Topics: Active | Unanswered
#1 2023-06-28 22:45:08
- thrive
- Member
- Registered: 2023-01-04
- Posts: 2,068
Alert:New Drone Electromagnetic Attacks May Allow Attackers to Control
Electromagnetic fault injection (EMFI) attacks on drones that don't have any known security flaws could result in arbitrary code execution and compromise the functionality and security of the drones.
It is "possible to compromise the targeted device by injecting a specific EM glitch at the right time during a firmware update," according to research from IOActive. ".
Gabriel Gonzalez, the organization's director of hardware security, stated in a report released this month that "this would allow an attacker to gain code execution on the main processor, gaining access to the Android OS that implements the core functionality of the drone.".
The Mavic Pro, a well-known quadcopter drone produced by DJI, was the subject of the study, which was carried out to ascertain the current security posture of Unmanned Aerial Vehicles (UAVs). The Mavic Pro uses a variety of security features, including signed and encrypted firmware, Trusted Execution Environment (TEE), and Secure Boot.
Side-channel attacks typically function by using unintended information leaks caused by variations in power consumption, electromagnetic emissions, and the time it takes to complete various mathematical operations to gather information about a target system indirectly.
By placing a metal coil in close physical proximity to the drone's Android-based Control CPU, EMFI aims to cause a hardware disruption that could lead to memory corruption and, ultimately, code execution.
According to Gonzalez, "This could give an attacker complete control over one device, leak all of its sensitive data, enable ADB access, and possibly leak the encryption keys.".
Regarding mitigations, it is advised that EMFI countermeasures based on hardware and software be used by drone developers.
The unusual attack vectors that could be weaponized against target systems have previously been highlighted by IOActive. The business revealed a novel technique in June 2020 that enables barcode scanners to be used in industrial control systems (ICS) attacks.
Other analyses have shown security flaws in the Long Range Wide Area Network (LoRaWAN) protocol that leaves it open to hacking and cyber attacks as well as flaws in the Power Line Communications (PLC) component used in tractor trailers.
Offline