As drone technology becomes commonplace, managing drone security gets crucial. Researchers have demonstrated that in their recent study via EMFI (electromagnetic fault injection) side-channel attack against a commonly-used drone. Executing such attacks allows an attacker to gain complete control of the target drone.
EMFI Attack Allowing Drone Takeover
IOActive – an industrial security solutions provider – demonstrated the vulnerability of unmanned aerial vehicles (UAVs) or drone systems to sneaky EMFI side-channel attack.
Though drones come with numerous security measures to prevent cyber attacks, their innate technology that relies on wireless connections and remote operation make them highly vulnerable to various interception attacks.
As explained in the white paper, the IOActive team devised a trivial attack strategy to extract a target drone’s firmware decryption keys and achieve code execution. Executing this attack required them to develop the desired technical setup.
In their experiment, the researchers took DJI Mavic Pro as the subject drone to test the proposed electromagnetic fault injection (EMFI) attack. EMFI attacks typically disrupt the target system’s hardware when performing certain operations, like changing CPU behavior, without physical alterations. Thus, these attacks help conduct covert side-channel attacks, often benefiting the adversary with the desired access control.
Whereas they selected DJI Mavic Pro due to its huge user base and known vulnerabilities. Also, these drones boast numerous security features, such as Trusted Execution Environment (TEE) and Secure Boot. In turn, reverse engineering the drone’s firmware helped the researchers better understand the attack stages and the subsequent impact on the drone.
The ultimate result of their entire experiment came as complete takeover of the target drone by achieving code execution and gaining access to sensitive data, including encryption keys. The researchers have explained the entire attack setup and technical steps in their white paper.
Recommended Mitigations
Since IOActive’s effort shed light on a new type of cyber threat to drones – EMFI attacks – the researchers advise the drone developers to implement EMFI countermeasures in their products, both at the hardware and software level.
IOActive explained that hardware countermeasures are more effective in preventing EMFI but incur more cost. In contrast, software-level countermeasures are convenient to deploy during the final development stages, but they aren’t effective in mitigating all sorts of risks. Therefore, addressing both these aspects together is critical.
Let us know your thoughts in the comments.