Orqa, a maker of First Person View (FPV) drone racing goggles, says a contractor introduced code into the firmware of its devices that acted like a time bomb designed to brick them.
Saturday morning, Orqa started receiving reports customers surprised to see their FPV.One V1 goggles switch to bootloader mode and become unusable.
“We first started getting reports from our pilots in Japan, very early in the morning when we were all still asleep (or partying – it was Friday after all!). morning hours here in Europe, we have started receiving reports of a stroke in Turkey”, the company said.
“Within 5 or 6 hours of this crisis, early Saturday afternoon, we discovered that this mysterious problem was the result of a ransomware time bomb, which was secretly planted a few years ago in our bootloader by a greedy ex-entrepreneur, intent on extorting an exorbitant ransom from the company,” Orqa said.
“The author has been particularly treacherous, as he has had occasional business dealings with us for the past few years, as he waited for the code bomb to ‘explode’, presumably so as not to arouse suspicion and hoping he will be able to extract more ransom as our business and market share grew.”
Orqa says that the contractor behind the so-called “ransomware time bomb attack” has released an “rogue binary file” that should supposedly fix the FPV.One goggles bug since Saturday morning .
However, the company warned customers not to install unofficial firmware, and four hours ago it added that an official version solving the problem is currently being tested with the help of a small number of beta testers.
“Since the author has gone public with what he has done and released what we fear is another compromised firmware, we have decided that it is in the interest of our users to be informed of the situation. and warned of the risks of installing possibly compromised firmware on their devices.”
“In addition to this, our security review revealed that only a fraction of the code was affected by this malware, and fixes are being worked on as we speak.”
The patched firmware should be available until the end of the day after the new version is deemed safe for public release.
A spokesperson for Orqa was not immediately available for comment when contacted by BleepingComputer earlier today.
H/T Brett Callow