Let’s Hijack Drones – SkyJack

By -

Amazon’s Prime Air announcement earlier this month accentuated concerns about the use of commercial drones, but a certain programming genius may have just made matters worse when he recently modified a Parrot AR Drone 2.0 with his custom software that he calls ‘SkyJack’, allowing it to detect the wireless signals of other UAVs and take control of them, even while in flight.

Let's Hijack Drones - SkyJack 4This notable programmer is the same renowned hacker-turned-legit security researcher, Samy Kamkar who released a worm that caused MySpace to crash back in 2005. He later went on to expose security weaknesses in several major credit cards.

Kamkar’s SkyJack software is essentially designed for Linux devices and runs a few supporting programs in sequence to successfully hijack drones in the area. His latest project included assembling a Parrot AR.Drone 2.0 with a Raspberry Pi, a USB battery, and two wireless adapters, before uploading his custom programming. The wireless adapters, on activation, are designed to detect any nearby wireless connections in three-dimensional range and identify the ones associated with other UAVs and hence automatically disconnecting the specific drones under observation, from their owners through raw packet injection. The whole process is somewhat similar to distributed denial-of-service (DDoS) attack. The other adapter that Kankar used then creates its own wireless network in order to connect to the disabled drones and control them.

Let's Hijack Drones - SkyJack 2This gives Skyjack’s controller complete access to these “zombie drones” or these robot drones and can issue Javascript commands to them using just a tablet or laptop. After gaining complete access, the new owner can individually change the drones’ course, adjust their speed, and even view their live video feeds. Even though the SkyJack software can also run off of a desktop computer to steal any drones that happen to fly within range and then navigate them, but it’s obviously more convenient to use a mobile platform.

SkyJack does have its limitations and loopholes, however, since it can only select targets within a pre-defined range of MAC addresses on an unsecured network. For now, the software has only managed to take control of other Parrot drones, because they all use a block of MAC addresses owned by the manufacturer and have no encryption or authentication in place.

Let's Hijack Drones - SkyJack 3Creation and launch of similar devices, however, for more insidious purposes, such as capturing a delivery drone as part of a high-tech robbery, for instance does not seem too far off. If anything, Kamkar’s project may emphasize the importance of having some solid security in place before retailers like Amazon make delivery-by-drone a reality.

What’s even more interesting is that Kamkar has detailed instructions on his website along with the source code, which is freely available for creating your own Skyjack drone, anyone?





Translate »