Let’s Hijack Drones – SkyJack
Amazon’s Prime Air announcement earlier this month accentuated concerns about the use of commercial drones, but a certain programming genius may have just made matters worse when he recently modified a Parrot AR Drone 2.0 with his custom software that he calls ‘SkyJack’, allowing it to detect the wireless signals of other UAVs and take control of them, even while in flight.
This notable programmer is the same renowned hacker-turned-legit security researcher, Samy Kamkar who released a worm that caused MySpace to crash back in 2005. He later went on to expose security weaknesses in several major credit cards.
Kamkar’s SkyJack software is essentially designed for Linux devices and runs a few supporting programs in sequence to successfully hijack drones in the area. His latest project included assembling a Parrot AR.Drone 2.0 with a Raspberry Pi, a USB battery, and two wireless adapters, before uploading his custom programming. The wireless adapters, on activation, are designed to detect any nearby wireless connections in three-dimensional range and identify the ones associated with other UAVs and hence automatically disconnecting the specific drones under observation, from their owners through raw packet injection. The whole process is somewhat similar to distributed denial-of-service (DDoS) attack. The other adapter that Kankar used then creates its own wireless network in order to connect to the disabled drones and control them.
SkyJack does have its limitations and loopholes, however, since it can only select targets within a pre-defined range of MAC addresses on an unsecured network. For now, the software has only managed to take control of other Parrot drones, because they all use a block of MAC addresses owned by the manufacturer and have no encryption or authentication in place.
Creation and launch of similar devices, however, for more insidious purposes, such as capturing a delivery drone as part of a high-tech robbery, for instance does not seem too far off. If anything, Kamkar’s project may emphasize the importance of having some solid security in place before retailers like Amazon make delivery-by-drone a reality.
What’s even more interesting is that Kamkar has detailed instructions on his website along with the source code, which is freely available for creating your own Skyjack drone, anyone?