Hardware Security Analysis: Dumping Firmware and Bruteforcing ECC on Potensic Atom 2 Drone
By
tripdout
Sesame, salt, and substance. A flagship bake.
Summary
Security researchers from Neodyme conducted hardware security research on the Potensic Atom 2 drone, documenting their process of desoldering the drone's flash chip to dump firmware and attempting to bruteforce ECC (Error Correction Code) protection. The article details the technical process of physically accessing the drone's internal components, extracting firmware data from broken flash memory, and analyzing the security mechanisms in place. This is part one of a two-part series covering drone disassembly and security analysis.
Key quotes
· 4 pulledIn July 2025, we from Neodyme got together in Munich and did security research on a bunch of IoT devices, ranging from bluetooth headsets, to door locks, to drones.
One of these was the Potensic Atom 2. It's a photo and video drone with a gimbal-stabilized 4K camera and a remote control that you hook up to your own smartphone and the proprietary app.
This post is part of a two-part series that will cover how we disassembled the drone...
Desoldering a drone's flash chip and reconstructing the firmware from broken data.
You might also wanna read
Researcher Sets Up Tesla Model 3 Computer Hardware on Desk for Security Testing
A researcher describes their project to acquire Tesla Model 3 computer hardware from crashed vehicles on eBay in order to participate in Tes
Project Glasswing: AI-assisted vulnerability detection finds over 10,000 critical software flaws
Project Glasswing is a collaborative effort launched to secure critical software against potential threats from increasingly capable AI mode
anthropic.com·1h agoProject Glasswing: AI-assisted vulnerability detection finds over 10,000 critical software flaws
Project Glasswing is a collaborative effort launched to secure critical software against potential threats from increasingly capable AI mode
anthropic.com·1h ago
North Korean Group Famous Chollima Compromises Packagist Package to Target PHP Developers
A cybersecurity threat report detailing how the threat actor group "Famous Chollima" (linked to North Korea) targeted PHP developers by comp
hendryadrian.com·2h ago
North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package
A malicious obfuscated JavaScript payload was discovered appended to tailwind.js in the Packagist development version dev-drewroberts/featur
socket.dev·13h ago
Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware
Microsoft has identified an active supply chain attack targeting the @antv npm package ecosystem. A threat actor compromised an @antv mainta