A Croatian drone-racing goggles manufacturer Orqa fpv recently experienced a time-bomb attack that has caused its First Person View (FPV) drones to malfunction.
This happened due to a result of a conflict of interest with one of its former contractors who was alligned with them for writing the firmware code.
Orqa received regarding failures in the normal operations of its FPV.One V1 goggles. These failures caused the devices to enter bootloader mode.
The issue was thought to be a bug in the firmware’s date/time feature, causing the goggles to enter bootloader mode. But it was later revealed that it was the result of a ransomware time bomb attack planned by the contractor.
They planted the malicious code in the bootloader of the V1 version of the goggles with the intention of extorting a ransom in exchange for an additional license and waited for the code bomb to detonate, ultimately leading to the bricking of the FPV.One V1 goggles at the pre-set time.
The contractor responsible for the attack is a firm named Swarg, which is also based in Croatia.
The devices started breaking on the configured timestamp, and the contractor posted an unauthorized binary file as the patch, demanding additional license renewal payment for the fix.
Swarg claims as a copyright owner of the firmware code and had implemented a time-limited license into the firmware. To restore the drone’s normal operation, users are required to renew their licenses.
Orqa, urging users not to install the unofficial firmware version, as it may be another piece of malicious code.
This is a perfect example of the insider threat faced by modern organizations that have contracts and partnerships with external parties. It is advised to use genuine encryption software to secure sensitive information and implement intrusion detection and prevention systems.
Source : BleepingComputer