Orqa are claiming that the issue with the date/time linked bootloader bricking issue on their goggles over the weekend (see another thread HERE) was caused by some malicious ransomware. It all seems a bit far-fetched to me but I guess it's possible and it doesn't appear to be April Fool's Day today so read into this as you will. The statement below was posted on their main Facebook channel about an hour ago.

If true then this indicates that Orqa don't have any proper firmware code review procedures in place which is somewhat worrying.

Source (Facebook): https://www.facebook.com/OrqaFPV/posts/p...LvY1yXw6ul

Orqa Wrote:[Public Announcement]

Hey guys, here’s another update on the situation. Hold tight and get your popcorn, cause you’re not going to believe how crazy this sh*t is.

Within 5 or 6 hours into this crisis, Saturday early afternoon, we found that this mysterious issue was a result of a ransomware time-bomb, which was secretly planted a few years ago in our bootloader by a greedy former contractor, with an intention to extract exorbitant ransom from the Company.

The perpetrator was particularly perfidious, because he kept occasional business relations with us over these last few years, as he was waiting for the code-bomb to ‘detonate’, presumably so as not to raise suspicion and hoping that he will be able to extract more ransom as our business and our market share grew.

Ransomware was programmed to ‘explode’ in a way to cause maximum crisis: it was timed so it activates on a spring Saturday, during a long weekend, when most of you should be flying, and most of our engineering team should be enjoying their well-deserved days off. Supposedly, this would put the Company in the panic mode, and give the perpetrator a sufficient leverage to extort his ransom.

If, by now, you’re thinking something along the lines of “man, this has to be one of the most stupid cyber crimes ever committed in a history of cyber crime” you are probably right.

Reason for this is, we believe, the perpetrator was operating with a very simplistic worldview where, if you plan a ransomware attack, but instead of calling your ransom “ransom” you (very cunningly) call it a “license”, your ransomware time-bomb attack, all of a sudden, stops being crime.

Sadly (for the perpetrator), a crime is a crime how every you decide to label it, and it seems this started dawning on him.

We guess the perpetrator had his ‘oh shit’ moment, because we were informed that he has started panic-posting, presumably in a poorly executed damage control attempt. He posted a link with an unauthorised binary file which allegedly fixes the issues that his malware caused.

PLEASE NOTE: we strongly discourage installing any firmware not published by Orqa. Further to this: if you think of installing a “fix” consisting of a binary file posted by a person who is known to have already secretly planted a time-bomb malware in a firmware – please think again (just kidding, you don’t need to think: just DO NOT install it).

Please understand that when we received the ransom demand, we had to keep everything confidential, because in parallel with the effort of the engineering team to get you guys back flying again, our legal team was working to prepare the evidence that needs to be submitted to the authorities for criminal prosecution proceedings.

We did not want to go public with the criminal aspect of this incident so as not to jeopardise the pending legal and criminal proceedings.

However, since the perpetrator has gone public with what he did and posted what we fear is another compromised piece of firmware, we decided it is in our users’ interest to be made aware of the situation and warned about the risks of installing a likely compromised firmware on their devices.

We are working to get you guys a trusted and authorised fix ASAP.

In addition to that, our security review has found that only a fraction of the code was affected by this malware, and fixes are being done as we speak.

Watch this space. #OrqaBrickDay

Well it seems to be true and it explains the "SWARG Antenski sustavi" logo that people are seeing when their Orqa goggles get "bricked".



Below is a statement that was put out by the CEO of SWARG on their official Facebook page close to midnight on 29th April 2023. Needess to say it is probably wise not to try installing any of the binary files from the Goggle Drive page they posted a link to. Orqa are stating that it's another trojan horse and more malware. EDIT: Orqa are also stating that if they find out you've installed this unauthorised "license extension" firmware from SWARG that it will void any remaining warranty on your Orqa goggles.

Source (Facebook): https://www.facebook.com/permalink.php?s...9465531638

Swarg Antenski sustavi Wrote:Official Statment

SWARG as the copyright owner implemented a time-limited license into the code used by ORQA.

The license has expired which causes a blocked device until a new license is provided.

To enable normal usage of the product SWARG provides a license extension till 1. July 2023.

In the meantime, SWARG and ORQA will hopefully reach an agreement about Copyright/licensing.

You can download the binary files under the following link:
https://drive.google.com/drive/folders/1...3XtHTUEVsN

To extend the license place the update.bin file into a license folder at the root of the SD card. After the update is finished delete the folder with its content and perform a firmware update by placing the .orqa update file at the root of the SD card.

Thank you for your attention.

Dr.techn. Tomislav Jukić
CEO at SWARG d.o.o.

Below are more Facebook posts from SWARG on what they claim to be a "licensing" issue...

Source: https://www.facebook.com/permalink.php?s...9465531638


Source: https://www.facebook.com/permalink.php?s...9465531638


Source: https://www.facebook.com/permalink.php?s...9465531638


Source: https://www.facebook.com/permalink.php?s...9465531638


Source: https://www.facebook.com/permalink.php?s...9465531638

Hey Snow!  Long time no see.

Thanks for jumping on this and staying on it.  As you know, I was one of the first Orqa buyers around these parts (bought through kickstarter and tormented everyone here with how great these goggles were).

Fortunately for me (in light of this cluster f---), I haven't turned my goggles on in more than a year.  I will wait a while longer.  It appears that people with V1 who followed Procedure #2 are still bricking their goggles.  I will probably wait till the storm dies down, and just send them back to Orqa and let them fix them.

Anyway, I'll be following the threads here watching for updates.  (BTW, I do believe the "ransomware" claim.  Hope the guy gets thrown in jail.)

Cheers!  Scotty

This is nuts! I thought Orqa was just being ridiculous and trying to blame someone else for their mistake but indeed it seems SWARG really threw them for a loop. Never thought I'd see something like this in the FPV industry. Still the question remains, What type of contract was signed in the first place? Did Orqa agree to a time constrained contract and fail to renew it or something?

Yeah, at the moment Orqa are saying one thing and SWARG are saying another. Without seeing any actual contracts that might exist we are just having to take people's word for it on both sides. I guess it will now be down to the courts and legal system in Croatia to decide who is in the wrong but that could take many months to resolve, and because the "license expiration" date code is encrypted there will be no way for Orqa to fix this issue permanently themselves without SWARG providing them with new firmware or binary file to remove/extend the current license expiration date.

The only other option would be for Orqa to develop their own brand new bootloader code from the ground up, but how easy / quick that will be is anyone's guess and it might be that the current bootloader is in a locked flash memory area that can't be re-flashed without a secret unlock key which is only possessed by SWARG. So in the short term the only "fix" that Orqa might be able to realistically apply is one that rolls back the RTC date to some date prior to 29th April 2023 as they've effectively been trying to do with the firmware files they've been issuing, and then either make sure users know not to let that date roll past 28th April 2023 again, or build something into the normal (non-bootloader) firmware that resets the date on every reboot of the goggles back to a specific date in the past and disables the ability for an end-user to change it in the setting menus. The downside of doing that would obviously then mean no proper time stamps on DVR footage, but it might be the only option until the dispute with SWARG has been resolved.

Wow so much drama for goggles. The interesting growth of HDzero, the end? of Fatshark, and now Orqa ransomware. Funny there seems no drama from Skyzone...

I didn't realize goggles were such a huge item in terms of the market, but I guess with these high end models they are probably the most expensive single piece of equipment for FPV. Now imagine if BF hand ransomware... and we had to pay to unlock our quads... and it was priced per flight!!

Yeah, I guess it's just another day in the life of FPV  However, not a great time for those who are entering competitions or who buy the top end gear to do gigs for commercially paying customers where the pilot now can't fly their quads.

What I fail to understand is not how Orqa employed a 3rd party company develop the bootloader firmware for their goggles, but firmware that they apparently had no rights to the source code for. That is just asking for trouble. Putting aside any malicious or time-bomb code, what if the 3rd party company somehow lost the source code or the company got liquidated? With the 1st party company being forever reliant on that 3rd party company to provide updates and bug fixes, the 1st party company could end up being up   creek just like what has happened here. Orqa should never have signed any contracts that allowed a 3rd party to maintain control and copyright over any firmware source code that was developed for them.

Unfortunately Skyzone didn't manage to escape any drama either with the Cobra X issues and problems with the SteadyView / ReadyMix modules.

Cobra X, well that is just a partially defective product, I would call that just part of the FPV hobby. Maybe the fact that so many reviewers touted it as the "best" box goggles added some drama element, and it actually has a lot of nice features. And like all the mix receivers, I think they had issues when they first came out, just seems Skyzone hasn't really managed to completely fix it after asking users to buy new hardware to repair it.

…. So I’m GUESSING.. since HD-Zero is “open source”.. we shouldn’t be seeing things like this ???

(02-May-2023, 04:55 PM)Rob Axel Wrote: …. So I’m GUESSING.. since HD-Zero is “open source”.. we shouldn’t be seeing things like this ???

In theory, no, because anyone can see / review the source code. This is one big advantage of open-source code. Just be aware that Divimath first develop the code in their own private repo and then later publish it to the open source public GitHib repo, so there might be a delay in the firmware being released and the code for it then merged back into the public GitHub repo. Also be aware that the source code for the VRX module still appears to be closed-source and doesn't currently seem to be publicly available anywhere. I believe this is because some of the libraries used are licensed, so the source code can't be made publicly available. Maybe Divimath they will manage to find some way around that in the future.

Orqa released a statement in the last half an hour which says that all their goggles will have a proper fix published for them tomorrow morning. Details can be found in the post linked to below...

https://intofpv.com/t-important-orqa-gog...#pid195924

it's crazy...

And just like that, flying on my half busted DJI V2s with a Rapidfire doesn't sound so 'dirty' anymore.

Sheesh... Its things like this that make me not want to update the code in my RealDoll(TM).