Protecting Europe’s drones from being captured, cracked or copied

At Blue Magic Netherlands, where drones, chips, and autonomy dominated the visible hardware narrative, Emproof made a different point: the real battleground is software, and it is surprisingly easy to steal.

“Basically, we are here to protect embedded drones, embedded devices in general, from being captured, cracked, countered, and copied,” said Andreas Thull, Director of Business Development at Emproof, as he opened the pitch. Drones may be the headline act in today’s defence debate, he argued, but the decisive layer is often hidden in the firmware.

From airframes to algorithms

Thull sketched a market that is shifting fast. Drones are becoming central in defence - “in Ukraine we can witness just that” - but he also expects a wave of civilian use cases waiting to be unleashed. In both worlds, the competitive edge is moving away from hardware.

“Within engineering, of course, the hardware is important,” Thull said, “but we see that there’s a trend towards the importance of software, because the software really defines how the drone works… and it really is the competitive edge.”

That is exactly why it is vulnerable. “This, however, means it’s also very vulnerable for attacks — for people basically trying to steal the software or hack into it,” he continued. In practice, that can mean hacking, exploiting fleets, and outright cloning: stealing the “brains” of a platform and rebuilding it elsewhere.

Series

Blue Magic Netherlands

Read all our articles from the Blue Magic event here

View series

Reverse engineering is getting cheaper

The problem is not only that attackers are motivated. The tools are improving and spreading. Thull explained the basic pipeline: developers compile source code into a binary, flash it onto a device, and the attacker extracts the firmware and runs it through decompilers and reverse-engineering tools.

“There is a good example of a tool… that has just been released by the NSA. It’s open source,” he said, “so really anyone can use it, whether you’re an expert or not.” The result is not a perfect reconstruction of the original code, but often good enough: “With this tool, you get a great approximation of basically how the source code looks.”

Once you have that approximation, the consequences escalate quickly. “Once you know how the source code looks, you can hack into the fleet, attack it, or steal the software and build your own drones,” Thull warned.

Hardening at the last possible moment

Emproof’s answer is deliberately pragmatic: don’t ask customers to redesign their software. Protect it at the binary level, after compilation, at the very last step before deployment.

“A solution is coming in just one step before the attacker gets his hands on the software,” Thull said. “Meaning we work on the binary level.” The finished binary is passed through Emproof’s tool, MproofNix, and what comes out is a transformed, hardened binary that looks entirely different internally, while behaving the same in operation.

Andreas Thull, Director of Business Development at Emproof © Nadia ten Wolde

“We transform the binary completely. It looks completely different than before,” Thull explained. “That means it’s easy to integrate since we don’t have to work with source code. We’re literally the very last step in the software development.”

For embedded systems, he acknowledged, overhead matters. “The memory overhead, that’s a big issue in the embedded area… our solution is really very efficient. We work with overhead levels of 10 to 20 percent, and it’s fully customizable.”

“Does it still work?”

Any technology that transforms binaries triggers the same concern: will it break something, especially in safety-critical environments? Emproof’s strongest credibility point is that it already operates in a sector where failure is unacceptable. “A lot of people are thinking: does it still work the way that it should?” Thull said. “And yes, we can guarantee that.”

He pointed to functional safety certification as the company’s calling card: “We already have ISO certification,” he said, the highest automotive safety level. And importantly, Emproof isn’t talking about dashboards or infotainment. “We already have a civilian application in automotive braking systems,” he added.

The implication was clear: if it can be trusted in brakes, it can be trusted in mission systems.

Four threat categories, including edge AI models

Thull grouped Emproof’s protection goals into four categories:

IP theft - “stealing your IP… copying your software,” including “copying edge AI models.”
Key and token stealing - hidden credentials and access keys embedded in binaries.
Cracking and bypassing controls - his example: bypassing subscription checks, such as seat heaters in cars.
Closing vulnerability gaps - mitigating certain vulnerabilities even if they already exist in the code.

That first category is increasingly relevant as AI moves onto devices. “We also see that more and more AI models are being put straight into the edge,” Thull said. “And we can also protect that.”

Defence, but not only defence

Although drones were the headline, Thull stressed Emproof’s broader scope. “Although I talk about drones here, it’s really for embedded software in general,” he said, listing IoT devices, sensors, aerospace and automotive systems; even bare-metal environments without an operating system.

Asked whether the tool needs knowledge of target hardware, his answer was practical: it aims to “run on anything,” but architecture support requires a one-time enablement effort. “We already support ARM,” he said, naming additional architectures and noting that a new target platform might take “one or two months” to support, after which it becomes reusable for future customers.

Product company, not consultancy

In the Q&A, Emproof was pressed on the business model and scalability. Thull positioned the company as a product provider: “We see ourselves as a product company, not as a service provider.”

The ambition is a tool customers can essentially run themselves: “You can just download from the internet, run your binary with the tool, and out comes the protected binary.” They are “90% out of the box,” he said, with the remaining work tied to growth and investment.

Monetization, he explained, is subscription-based. “A subscription model for the whole tool,” Thull said. “We do not pay per product, but for the whole tool; and with that use case, you can harden as many binaries as you want.”

Crucially, Emproof emphasizes that the hardening runs on the customer side: “We also deliver the tool to you so we don’t even need to see your code.”

Regulation is turning “nice-to-have” into mandatory

Emproof’s timing is not accidental. Thull pointed to regulatory pressure as a market accelerant: “The European Union just passed the European Cyber Resilience Act, which will come into force in 2027, making ready-to-buy security mandatory for the entire EU.”

Compliance will force change. But Emproof’s pitch went beyond compliance and toward strategic competitiveness. “For those who want to go the extra mile… we can go the extra mile by really hardening the IP of the company,” Thull said, especially where “really valuable software” is embedded in products.

The invisible layer of defence

At Blue Magic Netherlands, Emproof didn’t present a drone. It argued that without hardened software, drones and embedded systems are destined to be copied, cracked, or turned against their makers.

In a defence ecosystem increasingly defined by edge AI and rapid replication, that invisible layer may be exactly where the next competitive advantage - and the next vulnerability - will be decided.