Drone-racing goggles from Orqa stopped working over the weekend due to what was alleged by the manufacturer to be a "ransomware time-bomb" embedded in the hardware's bootloader by a "greedy former contractor." Or as contractor put it, the code was provided under license, which had now expired, leading to the shut down of kit.

Orqa makes a VR headset used to remotely control racing drones, and over the weekend it started receiving reports from first-person view (FPV) drone pilots in Japan, Europe, and Turkey about their techno-specs were getting bricked.

Initially, the device maker attributed this to a "bug in our firmware that is affecting the date/time feature and causing the goggles to enter bootloader mode," according to an Orqa Facebook post.

Later, the Croatia-based company ratcheted up the rhetoric a bit with a ransomware claim.

"Within five or six hours into this crisis, Saturday early afternoon, we found that this mysterious issue was a result of a ransomware time-bomb, which was secretly planted a few years ago in our bootloader by a greedy former contractor, with an intention to extract exorbitant ransom from the company," according to an Orqa public announcement posted on Tuesday. 

"If you plan a ransomware attack, but instead of calling your ransom 'ransom' you (very cunningly) call it a 'license,' your ransomware time-bomb attack, all of a sudden, stops being crime," the announcement continued. By that Orqa is referring to the contractor in question insisting no time-bomb was placed in the bootloader, and no ransom is demanded, and is instead asking for a license renewal payment for the code they provided. No valid license, no working code, and no working headsets.

The contractor appears to be an outfit called Swarg, and in a Facebook post, that organization, also based in Croatia, gave its account of what happened with the Orqa devices:

This statement, signed by Tomislav Jukić, CEO at Swarg, is dated April 29. We note Orqa and Swarg both have the same physical address - J.J.Strossmayera 341, 31000 Osijek, Croatia - which looks like a small business park shared by multiple outfits. They have different tax identification numbers.

While Swarg has offered its own firmware for people to use to keep their devices running until July, Orqa urged folks not to install the unofficial code and to wait for an official update, which restores headset operations, to be released shortly. This update is said by Orqa to have undergone testing.

That said, Swarg believed it won't be easy for Orqa to address the issue, because, as the contractor put it:

Neither Orqa nor Swarg responded to The Register's requests for comment, and to provide proof of a contract to support the licensing agreement claims - or speculation that this was code written by a friend in the FPV company's early days, and that friendship has since soured. We will update this story as we learn more about what happened with the googles, and whether it was malware or a licensing issue.

In the meantime, we suggest taking Orqa's advice: "Hold tight and get your popcorn, 'cause you're not going to believe how crazy this sh*t is." ®

https://www.theregister.com//2023/05/03/orqa_goggles_borked/