Orqa drone goggles bricked: Time-bomb ransomware or unpaid firmware license?
VR headset maker and software dev clash over blame
Drone-racing goggles from Orqa stopped working over the weekend due to what was alleged by the manufacturer to be a "ransomware time-bomb" embedded in the hardware's bootloader by a "greedy former contractor." Or as contractor put it, the code was provided under license, which had now expired, leading to the shut down of kit.
Orqa makes a VR headset used to remotely control racing drones, and over the weekend it started receiving reports from first-person view (FPV) drone pilots in Japan, Europe, and Turkey about their techno-specs were getting bricked.
Initially, the device maker attributed this to a "bug in our firmware that is affecting the date/time feature and causing the goggles to enter bootloader mode," according to an Orqa Facebook post.
Later, the Croatia-based company ratcheted up the rhetoric a bit with a ransomware claim.
"Within five or six hours into this crisis, Saturday early afternoon, we found that this mysterious issue was a result of a ransomware time-bomb, which was secretly planted a few years ago in our bootloader by a greedy former contractor, with an intention to extract exorbitant ransom from the company," according to an Orqa public announcement posted on Tuesday.
- Microsoft's HoloLens 2 surprisingly still a thing, will get Windows 11 treatment
- By 2026, total AR/VR goggle sales will trail a single quarter of current tablet shipments
- Apple pushes first-ever 'rapid' patch – and rapidly screws up
- Data loss costs are going up – and not just for those who choose to pay thieves
"If you plan a ransomware attack, but instead of calling your ransom 'ransom' you (very cunningly) call it a 'license,' your ransomware time-bomb attack, all of a sudden, stops being crime," the announcement continued. By that Orqa is referring to the contractor in question insisting no time-bomb was placed in the bootloader, and no ransom is demanded, and is instead asking for a license renewal payment for the code they provided. No valid license, no working code, and no working headsets.
The contractor appears to be an outfit called Swarg, and in a Facebook post, that organization, also based in Croatia, gave its account of what happened with the Orqa devices:
SWARG as the copyright owner implemented a time-limited license into the code used by ORQA.
The license has expired which causes a blocked device until a new license is provided.
To enable normal usage of the product SWARG provides a license extension untill July 1, 2023.
In the meantime, SWARG and ORQA will hopefully reach an agreement about copyright/licensing.
This statement, signed by Tomislav Jukić, CEO at Swarg, is dated April 29. We note Orqa and Swarg both have the same physical address – J.J.Strossmayera 341, 31000 Osijek, Croatia – which looks like a small business park shared by multiple outfits. They have different tax identification numbers.
While Swarg has offered its own firmware for people to use to keep their devices running until July, Orqa urged folks not to install the unofficial code and to wait for an official update, which restores headset operations, to be released shortly. This update is said by Orqa to have undergone testing.
That said, Swarg believed it won't be easy for Orqa to address the issue, because, as the contractor put it:
Q: Why can't ORQA publish a firmware that fixes the problem? A: Because it's not their source code!
The binary firmware and update files are encrypted with a custom 1kB block encryption that runs on a GPU part (no documentation) for which there is no disassembly tool to reverse engineer the code! The provided tools by SWARG for firmware and update generation don't provide all aspects of the code capability.
Neither Orqa nor Swarg responded to The Register's requests for comment, and to provide proof of a contract to support the licensing agreement claims — or speculation that this was code written by a friend in the FPV company's early days, and that friendship has since soured. We will update this story as we learn more about what happened with the googles, and whether it was malware or a licensing issue.
In the meantime, we suggest taking Orqa's advice: "Hold tight and get your popcorn, 'cause you're not going to believe how crazy this sh*t is." ®