“Orqa, a maker of First Person View (FPV) drone racing goggles, claims that a contractor introduced code into its devices' firmware that acted as a time bomb designed to brick them. On early Saturday, Orqa started receiving reports from customers surprised to see their FPV.One V1 goggles enter bootloader mode and become unusable” (Bleeping Computer, 2023). "We first started getting the reports from our pilots in Japan, very early in the morning while we were all still asleep. Then in the early morning hours here in Europe, we started getting reports from a race event in Turkey," the company said.

The company found an issue resulting from a firmware bug, specifically the date/time feature was causing the devices to get bricked after being powered on. "Within 5 or 6 hours into this crisis, Saturday early afternoon, we found that this mysterious issue was a result of a ransomware time-bomb, which was secretly planted a few years ago in our bootloader by a greedy former contractor, with the intention to extract an exorbitant ransom from the company," Orqa said.

Security Officer Comments:
Orqa says the alleged perpetrator behind the attack kept ongoing business relations with the company over the years, as he waited for the code-bomb to “detonate.” The goal of the delayed activity was to not raise suspicion, and to be able to extract a higher ransom demand as the companies market share grew.

Orqa says the contractor behind the so-called "ransomware time-bomb attack" has allegedly posted an "unauthorised binary file" that should purportedly address the bug bricking FPV. However, the company warned customers not to install unofficial firmware, adding that an official version addressing the issue is now being tested with the help of a small number of beta testers. "Since the perpetrator has gone public with what he did and posted what we fear is another compromised piece of firmware, we decided it is in our users' interest to be made aware of the situation and warn about the risks of installing a likely compromised firmware version on their devices. "In addition to that, our security review has found that only a fraction of the code was affected by this malware, and fixes are being done as we speak." - Orqa

Suggested Corrections:
The fixed firmware is expected to be available until the end of the day after the new version is deemed safe for public release.

Link:
https://www.bleepingcomputer.com/