Cybersecurity researchers from IOActive have discovered a new potential threat to drone security in the form of electromagnetic fault injection (EMFI) attacks. The research found that drones that do not have any known vulnerabilities could still be vulnerable to these attacks, which utilise a strong electromagnetic field to cause temporary or permanent changes in the chip, allowing for the execution of arbitrary code on the main processor. The company conducted tests with a DJI Mavic Pro drone, which features signed and encrypted firmware, secure boot, and a trusted execution environment (TEE), though the researchers also noted that this method could be used to target any type of drone.
Philosophical Implications of the Discovery
The potential for EMFI attacks on drones raises a number of philosophical questions around the nature of security in the age of the IoT. As drones become increasingly important in both consumer and industrial contexts, it is crucial that we develop rigorous security measures to protect these devices. However, this research highlights that such measures might not always be possible, due to the nature of vulnerabilities in hardware. This raises broader questions about technology and its role in society, as well as the philosophy of security itself.
Advice for Industry and Manufacturers
IOActive has advised manufacturers to be aware of both hardware and software countermeasures for EMFI attacks. While hardware countermeasures might be costly and should be considered during the design stage, software countermeasures can be added later on, although they may not be as effective. It is also recommended that drone users ensure that their devices are regularly updated with the latest firmware and security patches to minimise the risk of successful attacks.
Editorial: The Need for Robust IoT Security
The discovery of potential vulnerabilities in drone technology underlines the need for robust and comprehensive security measures throughout the IoT landscape. Recent years have shown us that attackers can penetrate even the most secure of systems, and we must be vigilant in protecting against such attacks. At the same time, the limitations of hardware vulnerabilities reveal the difficulty of achieving total security, and suggest that we should also think more critically about the role of technology in society. As drones become ever more ubiquitous, it is of paramount importance that we recognise the potential risks posed by EMFI attacks, and take steps to prevent them from becoming a reality.
<< photo by Felipe Jiménez >>
