When Amazon Founder and CEO Jeff Bezos revealed the company’s octocopters, the drones set to revolutionize the concept of package delivery, many were awed, some in disbelief, while others began dreaming of ways to pwn them.
The simplest way of stealing Amazon’s packages might be to just shoot down the drones – it would certainly be effective, but doing so might be a bit noisy, and there’s always the chance that those delicate goods could end up getting damaged. What’s needed is a more creative method…
Which is why security researcher Samy Kamkar has developed a system to hijack drones instead. His system requires a Parrot AR Drone 2, a Raspberry Pi single-board computer, an Alfa AWUS036H wireless card and an Edimax EW-7811Un wireless USB adapter, and as for the software component, he wrote an app dubbed SkyJack which runs on Linux, the Aircrack-NG wireless keys cracking program, the Aireplay-ng software used to inject frames, and node-ar-drone – a node.js client for controlling Parrot AR Drone 2.0 devices. Everything comes to a grand total of $400.
SkyJack “is likely extendable to any other drones which are controlled similarly with little or no protection,” Kamkar said.
“Once I have access to other drones, I’ll be inspecting their security to determine whether there are any other exploitable, and equally entertaining, issues.”
How SkyJack works
Kamkar seeks out wireless connections for drones from MAC addresses owned by the Parrot company. Kamkar uses the AIrcrack-NG to search for Parrot drones and drone owners within WiFi range, who he then deauthenticates by injecting WiFi packets into a drone’s connection via the aireplay-ng over the Alfa AWUS036H.
He then connects to the drone using the node-ar-drone, before the Parrot drones launch their own open wireless networks to facilitate the takeover. The Edimax EW-7811Un allows SkyJack to launch its own network, which allows users to control the drones using their Linux device.
- Drone madness
Though what Amazon hopes to achieve with its drones is quite revolutionary, many Americans aren’t too keen on having small craft flying by their home because of security concerns. Since President Barack Obama signed into law the FAA Reauthorization Act of 2011 that would allow for the integration of drones in US airspace by 2015, security and privacy concerns grew.
But should Americans worry about their privacy and security with Amazon’s drones? For now, it’s too early to tell and even Kamkar’s SkyJack app may not work on the octocopters, but since it will be years before we see these drones delivering packages, others will probably come up with a better way to skyjack these flying critters. Regardless of the consumer potential, the temptation to “pwn” these drones is all too real.
“Some have said the Amazon drone program is like skeet shooting with a prize,” says our own John Casaretto in an earlier piece. ”Few will be surprised that hackers will sooner or later try their hand at hacking the system. The biggest takeaway here though is that the hack presents a real threat to a popular drone platform and it could be an easily adopted, easily spread threat.”