A headset company is blaming a product malfunction on a contractor it says secretly installed malicious code into the firmware, which activated years later. But the contractor says the problem is the result of an expired software license.
The issue has been affecting owners of drone-flying headsets from Croatian company Orqa. This past weekend, customers saw their headsets mysteriously enter into a bootloader mode, essentially bricking(Opens in a new window) the goggles.
After investigating and trying to patch the problem, Orqa on Tuesday claimed(Opens in a new window) it had discovered the culprit. “We found that this mysterious issue was a result of a ransomware time-bomb, which was secretly planted a few years ago in our bootloader by a greedy former contractor, with an intention to extract exorbitant ransom from the company,” it said.
“The perpetrator was particularly perfidious, because he kept occasional business relations with us over these last few years, as he was waiting for the code-bomb to ‘detonate,’ presumably so as not to raise suspicion,” Orqa added.
The contractor also timed the attack to detonate during a long weekend, when many people outside the US had Monday off for International Workers’ Day.
“Supposedly, this would put the company in the panic mode, and give the perpetrator a sufficient leverage to extort his ransom,” Orqa said. That’s because many consumers would have been flying their drones over the long weekend, including at drone races, while company staff were offline.
But it looks like the bricking wasn’t a traditional ransomware attack, but rather due to a corporate dispute. Over the weekend, a company called SWARG posted(Opens in a new window) on Facebook that it owned the copyrights to the firmware and “implemented a time-limited license into the code used” in the headsets.
(Credit: Facebook)
SWARG is now demanding Orqa pay to receive an extended license. In the meantime, the contractor has posted a new firmware version on its Facebook page that can extend the license for Orqa customers until July.
Recommended by Our Editors
Orqa views the dispute differently, and claims SWARG is essentially trying to extort it for funds. The company notes it was originally trying stay quiet on the matter while working with its legal team “to prepare the evidence that needs to be submitted to the authorities for criminal prosecution proceedings.”
“However, since the perpetrator has gone public with what he did and posted what we fear is another compromised piece of firmware, we decided it is in our users’ interest to be made aware of the situation and warned about the risks of installing a likely compromised firmware on their devices,” the company added.
According to Orqa, “only a fraction of the code was affected by this malware.” In some good news for affected consumers, the company is preparing(Opens in a new window) to roll out its own fix. We reached out to Orqa for more information about the alleged sabotage, and will update the story if we hear back.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0
