Research by IOActive shows that electromagnetic fault injection (EMF) has the potential to hack unmanned aerial vehicles (UAV), according to a report published by Security Week and referenced by UAS Vision.
The analysis research was led by Gabriel Gonzalez, director of hardware security at IOActive, and it focused on electromagnetic side-channel and fault injection attacks with the goal of achieving arbitrary code execution on the targeted drone.
IOActive has also released a white paper providing details of potential drone vulnerabilities to non-invasive techniques, available here.
“The research is ongoing, but initial results show that EMFI techniques can be efficient for black-box hacking, where the attacker does not have internal knowledge of the targeted system,” according to Security Week.
“IOActive conducted tests on a DJI Mavic Pro drone. DJI’s drones feature signed and encrypted firmware, secure boot, and a trusted execution environment (TEE). EMFI attacks involve using a strong electromagnetic field to cause temporary or persistent changes in a chip. The attack is conducted by placing a coil near the targeted chip.
“IOActive showed in its lab tests that an attacker who has physical access to the targeted drone can launch an EMFI attack and cause memory corruption after triggering a firmware update. The experiments demonstrated that injecting a specific EM glitch at a specific time during the firmware update process could allow an attacker to execute arbitrary code on the main processor, giving them access to the Android operating system that implements core functionality. Memory corruption has been proven to exist, but now researchers still have to develop a fully working exploit that would give the attacker full control of the drone.
“Once the fault has successfully been triggered, the exploit should not be too difficult to develop. Although it might take some iterations, the challenging part here is to get a repeatable injection so this process is not too long,” Gonzalez told SecurityWeek. The goal of this research is to show a potential new attack surface that could be used in the future by threat actors.
“If there are no ‘logical’ or software vulnerabilities (e.g. parsing software elements), fault injection might be the only tool left to try to gain code execution in the device,” Gonzalez explained. “This could be used to get access to the firmware updates in devices that encrypted the firmware packages, leak encryption keys, or access sensitive data that might be stored in the internal memory of a device.”
“As for mitigations, IOActive has advised manufacturers to implement both hardware and software countermeasures for EMFI attacks. However, the security firm noted that hardware countermeasures could be costly and they need to be taken into account during the early design stages. Software mitigations can be added at a later stage, but they might not be as effective.
“While the experiments were conducted against a DJI drone, the EMFI attack method — if proven to be effective — could be used against any type of drone,” says SecurityWeek.
For more information visit:
