A headset company is blaming a product malfunction on a contractor it says secretly installed malicious code into the firmware, which activated years later. But the contractor says the problem is the result of an expired software license.
The issue has been affecting owners of drone-flying headsets from Croatian company Orqa. This past weekend, customers saw their headsets mysteriously enter into a bootloader mode, essentially bricking the goggles.
After investigating and trying to patch the problem, Orqa on Tuesday claimed it had discovered the culprit. “We found that this mysterious issue was a result of a ransomware time-bomb, which was secretly planted a few years ago in our bootloader by a greedy former contractor, with an intention to extract exorbitant ransom from the company,” it said.
“The perpetrator was particularly perfidious, because he kept occasional business relations with us over these last few years, as he was waiting for the code-bomb to ‘detonate,' presumably so as not to raise suspicion,” Orqa added.
The contractor also timed the attack to detonate during a long weekend, when many people outside the US had Monday off for International Workers' Day.
“Supposedly, this would put the company in the panic mode, and give the perpetrator a sufficient leverage to extort his ransom,” Orqa said. That’s because many consumers would have been flying their drones over the long weekend, including at drone races, while company staff were offline.
But it looks like the bricking wasn't a traditional ransomware attack, but rather due to a corporate dispute. Over the weekend, a company called SWARG posted on Facebook that it owned the copyrights to the firmware and "implemented a time-limited license into the code used" in the headsets.
(Credit: Facebook)
SWARG is now demanding Orqa pay to receive an extended license. In the meantime, the contractor has posted a new firmware version on its Facebook page that can extend the license for Orqa customers until July.
Recommended by Our Editors
Orqa views the dispute differently, and claims SWARG is essentially trying to extort it for funds. The company notes it was originally trying stay quiet on the matter while working with its legal team “to prepare the evidence that needs to be submitted to the authorities for criminal prosecution proceedings.”
“However, since the perpetrator has gone public with what he did and posted what we fear is another compromised piece of firmware, we decided it is in our users’ interest to be made aware of the situation and warned about the risks of installing a likely compromised firmware on their devices,” the company added.
According to Orqa, “only a fraction of the code was affected by this malware." In some good news for affected consumers, the company is preparing to roll out its own fix. We reached out to Orqa for more information about the alleged sabotage, and will update the story if we hear back.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Our Expert
Michael Kan
Senior Reporter
Experience
I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.
Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how President Trump's tariffs will affect the industry. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.