Monday, October 7, 2024
HomeCyber Security NewsNew EMFI Attack Against Drones Leads to Complete Take Over

New EMFI Attack Against Drones Leads to Complete Take Over

Published on

Based on the recent reports by IOActive, Drones, also called Unmanned Aerial Vehicles (UAVs), are vulnerable to code injection, which would result in gaining complete access to the firmware and core functionality of the drone.

Drones have been used in many industries like aviation, agriculture, and law enforcement. They are often operated remotely, which offers an attack surface for threat actors to gain control over them.

Stealing a drone can offer much more sensitive information for an attacker and can also pave the way for implanting malware on the system.

- Advertisement - EHA

According to the report, it is possible to exploit a drone by injecting a specific Electromagnetic glitch during a firmware update that could result in complete control over the drone.

EMFI Attack Against Drones

DJI drones are considered for testing purposes as they offer many security features in their products like Encrypted firmware, Trusted Execution Environment (TEE), Secure Boot, etc.

Furthermore, the whitepaper published by IOActive also covered Attack Surface, Technical Background, First and Second Approaches, and their Mitigations.

Attack Surface

Source: IOActive

Backend

There are multiple attack surfaces for a drone in a wireless network. Like any other system with a backend, drones are also made up of servers vulnerable to SQL injections, SSRF, and many other backend-based attacks.

Mobile Apps

Today’s drones are controlled by mobile applications mostly, which can be a great attack surface for threat actors.

The vulnerabilities include operating system and application-based vulnerabilities.

Radio-Frequency

RF-based attacks like interference, jamming, spoofing, and other attacks are also possible on these UAVs.

DJI drones also have OcuSync, a protocol for low latency between the controller and the drone. 

OcuSync protocol can automatically switch between multiple communication channels to have stable and strong connectivity.

It can also be used in environments where large radio interference is present.

Physical Device

Physical access to a drone can give a wide range of information to threat actors like firmware and other sensitive information.

The whitepaper mentioned that the technical information for this attack vector relied on three main types of side-channel attacks,

Timing Attacks

This attack relies on targeting the time taken for the completion of an operation which can be used for other attacks like breaking cryptographic implementation and guessing PIN numbers.

Power analysis

The voltage path for the chip is tracked and monitored for Simple Power Analysis for a targeted operation. Later, this can be used to recover secrets like cryptographic keys.

EM Analysis

An EM probe can retrieve power-based information, which can be less invasive. However, it must be kept very near to the drone chip.

EMFI (ElectroMagnetic Fault Injection)

The drones are susceptible to an EMFI, which can disrupt the hardware while processing some operations due to the EM probe attack.

This can change a lot of behavior of the CPU of the drones resulting in a gain complete takeover of the drone.
IOActive has published a complete attack report and mitigation steps.

Stop Advanced Email Threats That Target Your Business Email – Try AI-Powered Email Security

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...