Connect with us

Hi, what are you looking for?


IoT Security

New Research Shows Potential of Electromagnetic Fault Injection Attacks Against Drones

New research conducted by IOActive shows the potential of electromagnetic fault injection (EMFI) attacks against drones.

Drone EMFI electromagnetic attack

New research shows the potential of electromagnetic fault injection (EMFI) attacks against unmanned aerial vehicles, with experts showing how drones that don’t have any known vulnerabilities could be hacked. 

The research was conducted by IOActive, a company specializing in cybersecurity research and assessments. The security firm previously found vulnerabilities affecting cars, ships, Boeing and other airplanes, industrial control systems, communication protocols, and operating systems.  

The analysis was led by Gabriel Gonzalez, director of hardware security at IOActive, and it focused on electromagnetic side-channel and fault injection attacks with the goal of achieving arbitrary code execution on the targeted drone.

The research is ongoing, but initial results show that EMFI techniques can be efficient for black-box hacking, where the attacker does not have internal knowledge of the targeted system.

IOActive conducted tests on a DJI Mavic Pro drone. DJI’s drones feature signed and encrypted firmware, secure boot, and a trusted execution environment (TEE).  

EMFI attacks involve using a strong electromagnetic field to cause temporary or persistent changes in a chip. The attack is conducted by placing a coil near the targeted chip.

IOActive showed in its lab tests that an attacker who has physical access to the targeted drone can launch an EMFI attack and cause memory corruption after triggering a firmware update. 

Advertisement. Scroll to continue reading.

The experiments demonstrated that injecting a specific EM glitch at a specific time during the firmware update process could allow an attacker to execute arbitrary code on the main processor, giving them access to the Android operating system that implements core functionality. 

Memory corruption has been proven to exist, but now researchers still have to develop a fully working exploit that would give the attacker full control of the drone.

“Once the fault has successfully been triggered, the exploit should not be too difficult to develop. Although it might take some iterations, the challenging part here is to get a repeatable injection so this process is not too long,” Gonzalez told SecurityWeek.

The goal of this research is to show a potential new attack surface that could be used in the future by threat actors.

“If there are no ‘logical’ or software vulnerabilities (e.g. parsing software elements), fault injection might be the only tool left to try to gain code execution in the device,” Gonzalez explained. “This could be used to get access to the firmware updates in devices that encrypted the firmware packages, leak encryption keys, or access sensitive data that might be stored in the internal memory of a device.”

As for mitigations, IOActive has advised manufacturers to implement both hardware and software countermeasures for EMFI attacks. However, the security firm noted that hardware countermeasures could be costly and they need to be taken into account during the early design stages. Software mitigations can be added at a later stage, but they might not be as effective. 

While the experiments were conducted against a DJI drone, the EMFI attack method — if proven to be effective — could be used against any type of drone.

SecurityWeek has reached out to DJI to find out if the company is or is planning on adding EMFI protections to its drones. This article will be updated if the company responds. 

Update: DJI has provided the following statement to SecurityWeek:

“At DJI, we are dedicated to enhancing data security to meet the growing expectations. We always make our best effort to resolve any potential vulnerabilities. We will be sure to keep you posted if we have any updates on the EMFI subject.”

Related: Drone Maker DJI Says Claims About Security of Pilot App ‘Misleading’

Related: Chinese Drone Giant DJI Responds to Disclosure of Android App Security Issues

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

IoT Security

Researchers at offensive hacking shop Synacktiv demonstrated successful exploit chains and were able to “fully compromise” Tesla’s newest electric car and take top billing...

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

IoT Security

Vulnerabilities in electric vehicle charging management systems can be exploited for DoS attacks and to steal energy or sensitive information.

IoT Security

Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV...