Few days ago, famous hacker Samy Kamkar (the author of a Javascript exploit that forced MySpace.com offline in 2005) released on his website the software and the hardware specifications needed to build a drone that can hijack other drones and put them under the attacker’s control.
Dubbed SkyJack, the drone is specially “engineered to autonomously seek out, hack, and wirelessly take over other drones within wifi distance, creating an army of zombie drones under your control.”
Actually, you don’t even need a drone to take over drones in your vicinity: you can simply run the required software from your own Linux machine, laptop, and hijack drones remotely controlled by someone else.
For the moment, the hack can be used to target only Parrot AR. Drone, a commercial quadcopter that can be controlled for little more than 10 minutes via smartphone at a range of about 165 feet from the controller.
How does Skyjack work?
It’s quite simple: using a mix of custom code, freely available stuff as well as commercial off-the-shelf hardware (Raspberry Pi, a USB battery, an Alfa AWUS036H wireless transmitter, aircrack-ng, node-ar-drone, node.js, and the software written by Kamkar), SkyJack monitors the MAC (Media Access Control) addresses of all the nearby WiFi devices; if one of such MAC addresses belongs to the block used by Parrot quadcopters, it sends a command that disconnects it from the iOS or Android device that is remotely controlling the drone using an open-source WiFi hacking app dubbed Aircrack-ng.
Aircrack gets the targeted drone’s WiFi card into monitor mode, then Aireplay-ng is used to deauthenticate the true owner. “Once deauthenticated, I can connect as the drone is waiting for its owner to reconnect,” Kamkar explains.
Finally, a javascript is sent to the now free Parrot AR.Drone to control the newly enslaved drone.
The news is interesting because it came on the day Amazon announced it will use flying drones to deliver packages within 5 years.
However, hijacking an amateur or DIY drone that can be bought for a few hundred dollars does not mean larger, more advanced UAVs (Unmanned Aerial Vehicles) could be as easily hacked.
Even if few years ago, (unencrypted) Live video feeds from U.S. Predator drones were intercepted by local insurgents in Iraq and Afghanistan (and a keylogger infected American drones’ Ground Control Stations), command links used to remotely control killler drones across the world are authenticated and encrypted.
Hence unless you break the encryption mechanism and eavesdrop the comms until you are able to get the authentication keys, it’s almost impossible to take a pro drone over, at least for the moment and using low cost tools.
GPS hijacking/jamming to force the drone in the wrong direction until it loses the connection with the ground station and crashes is, possibly, a more significant threat to a modern UAV, and one of the possible causes of the capture of stealth U.S. RQ-170 drone in Iran two years ago.
Image credit: Nicolas Halftermeyer/Wiki