I recently published the full technical details to the research in this IOActive whitepaper.
The use of Unmanned Aerial Vehicles (UAVs), commonly referred to as drones, continues to grow. Drones implement varying levels of security, with more advanced modules being resistant to typical embedded device attacks. IOActive’s interest is in developing one or more viable Fault Injection attacks against hardened UAVs.
IOActive has been researching the possibility of achieving code execution on a commercially available drone with significant security features using non-invasive techniques, such as electromagnetic (EM) side-channel attacks or EM fault injection (EMFI). For this work, we chose one of the most common drone models, DJI’s Mavic Pro. DJI is a well established manufacturer that emphasizes security in their products, such as signed and encrypted firmware, Trusted Execution Environment (TEE), and Secure Boot.