Researchers at IOActive have found that drones, even those without known security flaws, can be at risk of electromagnetic fault injection (EMFI) attacks which enables unauthorized control, data theft, and deliberate crashes.
The EMFI assault, which includes deploying a high electromagnetic field to destroy a device’s hardware, was tried by IOActive against a popular DJI drone, the Mavic Pro. The drone survived the attack without crashing, but the researchers were successful in injecting malicious malware into the drone’s firmware.
The assault works by disrupting the operation of a drone’s components with a powerful electromagnetic field. It crashes the drone, executes arbitrary code, and even leaks sensitive data.
According to the researchers, the EMFI attack is doable against a wide spectrum of drones, even those with advanced security measures. They advise drone makers to include hardware and software countermeasures to safeguard their products against EMFI assaults.
The sources for this piece include an article in TheHackerNews.