Orqa FPV, a Croatia-based manufacturer of drone-racing goggles, recently experienced a time-bomb attack that has caused its First Person View (FPV) drones to malfunction. The incident was a result of a conflict of interest with one of its former contractors who was responsible for writing the firmware code.
Stab in the back
In late April, Orqa started receiving reports from Japan, Europe, and Turkey regarding failures in the normal operations of its FPV.One V1 goggles. These failures caused the devices to enter bootloader mode. - Initially, the issue was thought to be a bug in the firmware’s date/time feature, causing the goggles to enter bootloader mode.
- However, the company later revealed that it was the result of a ransomware time-bomb attack, planned by a former contractor some time ago.
- According to Orqa, the contractor planted the malicious code in the bootloader of the V1 version of the goggles with the intention of extorting a ransom in exchange for an additional license.
- The contractor had been in business relations with Orqa for several years and had waited for the code bomb to detonate, ultimately leading to the bricking of the FPV.One V1 goggles at the pre-set time.
The beef continues
The contractor responsible for the attack is a firm named Swarg, which is also based in Croatia. Interestingly, the physical address of Swarg is the same as that of Orqa, suggesting that both were operating from the same business park.
- When the devices started breaking on the configured timestamp, the contractor posted an unauthorized binary file as the patch, demanding additional license renewal payment for the fix.
- According to an official statement released by Swarg, the firm claims to be the copyright owner of the firmware code and had implemented a time-limited license into the firmware. To restore the drone’s normal operation, users are required to renew their licenses.
- Orqa has issued a warning, urging users not to install the unofficial firmware version, as it may be another piece of malicious code.
Concluding notes
The cyber incident faced by Orqa is an example of the kind of insider threat faced by modern organizations that have contracts and partnerships with external parties. To avoid such incidents, experts suggest keeping an eye on communication patterns to detect any anomalies, especially sudden surges or reductions in traffic. It is, furthermore, advisable to use genuine encryption software to secure sensitive information and implement intrusion detection and prevention systems.