Home » Air » Drones » Hacker Releases Software to Hijack Commercial Drones

Hacker Releases Software to Hijack Commercial Drones

by Bryant Jordan on December 9, 2013

amazon droneNo sooner had Amazon​.com founder Jeff Bezos announced plans to deliver small packages via flying drone than a well known hacker has released technical plans for an interceptor drone able to hijack other drones.

“SkyJack,” says the creator claims on his website, can put “an army of zombie drones under your control.”

The man behind Skyjack is Samy Kamkar, who achieved a high level of infamy when he released a computer worm  seven years ago that temporarily took down the MySpace social networking site.

Bezos announced on the CBS News magazine “60 Minutes” on Dec. 1 his plans for Amazon Prime Air —in which the online retailer would deliver small packages within 30 minutes via drone. The website The Verge reported two days later that UPS also is looking into a drone fleet for rapid delivery.

A University of Texas, Austin, professor who last year showed the Department of Homeland Security that it is possible to take control of an unmanned helicopter said small commercial drones such as those sold in stores across the country are quite vulnerable to hacking.

But Prof. Todd Humpries told NBC News that Amazon would be more likely concerned about lawsuits from drone accidents than lost delivery craft.

“Amazon is an enormous company with deep pockets,” he told the network Dec. 4. “If somebody takes down one of their drones and keeps it in their garage as a trophy, or even takes down five drones, do you think Amazon is going to bat an eye? No. They’ll just send out another one.”

In a video on his website, Kamkar explains that the hunter drone “flies around looking for other drones. As soon as it finds any other drone it hacks into that drone’s wireless network, disconnects the owner and then takes over … and begins controlling them under my command.”

And if the hijacked drone is mounted with a working camera the hacker can view the video in real time, he said.

After being busted for the MySpace attack in 2005 Kamkar was barred from using computers for three years Kamkar, according to multiple news sources. Since then he has gone legit as a consultant hacker – using his skills to find weak points and flaws in corporate and government sites.

Turning other people’s drones into zombies requires a Parrot AR.Drone 2.0 quadricopter, which weighs less than a pound, a Rasberry Pi, a USB battery, an Alfa AWUSO36H wireless transmitter, aircrack-ng, nod-ar-drone, node.js and Kamkar’s SkyJack software, he says on his website.

It can work as well from the ground using land-based Linux devices, with a capability of hijacking drones within radio range, he claims.

Share |

{ 63 comments… read them below or add one }

Stan December 9, 2013 at 12:29 pm

I welcome this individual's efforts. Delivery by drones is a hairbrained idea and this makes it even more obvious.

Reply

Little Bill December 10, 2013 at 12:15 am

I knew it there is a flaw in there armor. Drones are venerable to cyber terrorist.

Reply

Lance December 9, 2013 at 1:27 pm

Shows why Drones should NOT replace humans in both military and civilian jobs in the world. Proves this is all hype crap about robots again and how easy they can crash hacked or miss there route and get lost.

Reply

Bernard December 10, 2013 at 8:25 am

Not true at all, get out from your stone cave, open a recent book, and enter the 21st century. RF controlled drones are vulnerable to this, not the line of sight satellite controlled drones the military uses.

Reply

chandler December 10, 2013 at 3:37 pm

bernard, most RF drones are not vulnerable, only the parrot A.R. drone is because of its wifi, most high class hobby drones use a strict two way interface, and the command prompts are closed internally making it very difficult (and in my opinion) impossible to hack. you are correct about your line of sight drones.

Reply

Hunter76 December 10, 2013 at 8:28 am

This must be one of the most uninformed conclusions ever published in Defense Tech.

If Amazon or any other big company gets into the drone delivery business, they're not going to use an off-the-shelf hobby drone. They'll at least install their own chip, and they'll certainly install command-verification routines. This ain't rocket science.

People could try to jam the communications, but jammers can be quickly caught. Besides, what's the incentive to jam? (As opposed to hi-jacking.)

Reply

chandler December 10, 2013 at 3:34 pm

the drones he is talking about are the toy parrot A.R. drones that use wifi. Most drones, like rc airplanes use frequency's well above linux, and most hobby drones like my dynam foam plane use arduino with two way restricted radio waves, meaning it cant be hacked. now video signal can be hacked, but that simply means they can see what you see but cant do anything else.

Reply

Gage December 9, 2013 at 1:38 pm

I think air drone delivery is awesome, because of the benefits of getting your product in minutes rather than days. Point is Amazon needs to spend more time with this man and have him show them the best way to keep their drones safe. I would love to be able to order something and see my order show up in about a half an hour, people just ruin things for everyone.

Reply

Ted Nichols December 13, 2013 at 7:31 am

so when that drone kills you family member outside enjoying the sun its ok because your time is more important then your loved ones.. hmm

Reply

Justin December 14, 2013 at 5:54 pm
BlackOwl18E December 9, 2013 at 2:10 pm

Anything electronic has a back door. Drones have a place in the future, but not as replacements for humans.

Reply

Bernard December 10, 2013 at 8:32 am

Drones will replace humans in most capacities. They already replaced us in space exploration. The first thing of ours to land on an inhabited alien planet will be an unmanned drone. Within 50 years there will be no human burger flippers, taxi drivers, bus drivers, cashiers, janitors, etc, and America will have replaced 90% of it's soldiers with drones. Only things that require a human touch for the psychological aspect of human to human interaction will still require people. Everything else will be drones.

Although you do not understand technology, you do not have to fear it. It is the future.

As for this article, it has zero impact on current military drones. Only RF controlled toys are vulnerable.

Reply

blight_ December 10, 2013 at 9:10 am

At some point people will prefer UI screens to drones.

Starbucks will turn into a Redbox with coffee dispensers, leaving just local coffee shops with actual "baristas". Just like anyone can buy booze and get smashed at home, but it takes a good bartender to mix a good drink.

The labor force at the bottom end will get a little more redundant. Pity high schools aren't prepared for it.

Reply

Russ December 11, 2013 at 9:54 pm
BrainLak December 9, 2013 at 2:51 pm

Man, I need to start gluing the broken pieces back onto my AirHogs, get those things ready to Hunt!

Reply

shawn1999 December 9, 2013 at 2:53 pm

Think he'll take a job taking over China, Iran, and Pakistan's drones? At least the non-photoshopped ones?

Reply

Uncle Bill December 9, 2013 at 3:31 pm

When a remotely piloted vehicle is receiving radio input telling it to change it's rudder position it's easy to see how that could be hi-jacked. But when the vehicle is piloted by it's on board systems it can take any input it receives and evaluate it. It can take steps to verify it's authenticity and it can reject it if it does not pass the test.

It makes no sense that because this guy can hi-jack an hobby level RC drone he would be any threat to more advanced systems. Remember when it was thought cars could only pilot themselves by embedding cables in all roadways? The difference is the immense increase in processing power. The ability to scan camera images fast enough to make driving decisions was not anticipated by many. The same increasing ability applies to autonomy in UAVs. A radio transmitter and software is not likely to be enough to hi-jack future drones. The possible ways in which a drone could verify input seem endless to me, making it close to impossible to jack.

And further, while a human pilot is far superior to a machine today, tomorrow the machine will be faster and the human won't. Denying this simple progression is suicidal.

Reply

blight_ December 9, 2013 at 4:32 pm

When all forms of tele-operation are equally priviledged and don't require authentication, the drone obeys all the signals it get.

I suppose resorting to something like TERCOM image-recognition to force a drone into a constant flight-path isn't a bad idea, but it curtails your flexibility.

Reply

Bernard December 10, 2013 at 8:34 am

You can use TERCOM as a backup in the event that other systems are compromised.

Reply

Fábio de O. Ribeiro December 9, 2013 at 4:10 pm

Shoot the drones, take the books: new radical sport in the USA soon.

Reply

blight_ December 9, 2013 at 4:30 pm

Why would an American want books? We are a race of crude savages.

Gimme an Xbox or give me death!

Reply

Stan December 9, 2013 at 7:06 pm

Them college textbooks are pricy!

Reply

blight_ December 9, 2013 at 9:19 pm

Can't imagine getting a lot of Machine Learning books.

It'll probably be mostly anthologies of Huffington Post and Bill O'Riley.

Reply

chandler December 10, 2013 at 3:30 pm

you cant shoot drones, first they are flying high enough to simply be far enough away to avoid the bullet, you will risk shooting manned aircraft, the bullet always comes down so were will it land"?" airspace is public but the vehicles are private, and finally shooting at manned or unmanned aircraft is a $200,000 fine – a felony- and jail time on the federal level.

Reply

Riceball December 11, 2013 at 1:03 pm

Not in a certain city in Colorado it isn't. In this particular city it's perfectly legal to shoot at drones, provided you have the appropriate drone hunting license (I kid you not). In fact, not only is it legal it's also encouraged as there's an actual bounty that's paid for any drone that you shoot down.

Reply

PuresaltA1A December 9, 2013 at 4:22 pm

The Beast of Kandahar was taken over by a couple of Iranian college kids with a lab top by hacking into its GPS….

Reply

blight_ December 9, 2013 at 4:30 pm

Worth noting the Iranians could have collected a lot of SIGINT just by putting guys on the ground in Iraq and collecting signals from the Preds.

However, "spoofing" the GPS would be interesting. It might be easier to simply spoof then jam (or the other way around) the American controllers (who were probably still using unencrypted signals to control the drones).

Reply

moronotopia December 10, 2013 at 6:31 pm

That is complete nonsense.

Reply

hibeam December 9, 2013 at 7:20 pm

This will take off like a rocket. At first it will mostly be driven by big companies with landing zones on the roof or in the parking lot. But very soon it will be door to door service to every home everywhere. Bye bye USPS. We won't miss you.

Reply

AFMissilier December 10, 2013 at 10:23 am

hibeam: you don't mind that the drone is violating your space – property. The FAA is going to make this decision. And, danger to air and ground objects is greatly increased. Insurance, which every consumer will pay in higher prices; even those that don't choose "drone delivery" is a non-starter. Electric motors will require re-chargeable batteries. Those batteries will require fossil fuels to manufacture, deliver, and recharge. Minimal, if any reduction to those bad, bad "Al Gore"-gases.

Reply

hibeam December 9, 2013 at 7:25 pm

Hey Wally, can you send the xyz widget over? Sure Mike, I'll put it on the drone right now. You'll have it in about 15 minutes.

Reply

Waka December 9, 2013 at 9:46 pm

I guess if you want to fly via WiFi only then yes, the Multirotor can get hacked. But if you're going to be flying for actual distance then you will be using better equipment.

Reply

Phillip December 10, 2013 at 3:41 am

How is the drone to ring the door bell to let you know your package is here

Reply

joe December 10, 2013 at 5:30 am

Crash.

Reply

Kim Scholer December 10, 2013 at 7:28 am

'Ring the doorbell….' – how quaint. It'll text you 20 sec. before arrival.

Reply

Kim Scholer December 10, 2013 at 7:28 am

(and tell you to open a window).

Reply

Bernard December 10, 2013 at 8:35 am

Or just call your phone.

Reply

blight_ December 10, 2013 at 9:09 am

Or play a jingle, like the pickup boats from Starship Troopers.

Reply

Bill Babbitt December 10, 2013 at 12:47 pm

They just drop it down the chimney. Works for Santa Claus.

Reply

hibeam December 10, 2013 at 9:07 am

This idea reminds me of cell phones when they first came out. It's a fad. it'll be gone in no time. A fat guy in an SUV. That's the proper way to deliver a pizza.

Reply

blight_ December 10, 2013 at 9:08 am

Some careerist who wants 15/hour, benefits and an expense account for pizza delivery.

Reply

AFMissilier December 10, 2013 at 10:13 am

My mailbox is at the boundary of my property. Any one, or thing, that comes onto my property is trespassing. A drone could deliver product, surveillance gear, or explosives. I will never have a drone deliver anything to my property. If it crosses my property, I will shoot it down and throw it in the trash. This idiot at Amazon thinks we will accept anything technology can produce. If it invades my privacy, or becomes an annoyance, it's crap

Reply

Retired_MP December 10, 2013 at 11:41 am

So don't order anything to be delivered by drone. Your choice – just like ordering stuff online now.

Reply

moronotopia December 10, 2013 at 6:33 pm

I sure hope you weren't that paranoid and irrational when you were in the silo. Phew!

Reply

Cav Trooper December 10, 2013 at 11:17 pm

Um.., might want to check the definition of curtilage as it applies to private property.

Reply

Hunter76 December 11, 2013 at 9:31 am

Do you shoot UPS and Fedex drivers along with the letter carriers who step on your property too?

Reply

TonyC. December 10, 2013 at 11:01 am

Drone on drone combat is in the future. There will be courier drones escorted by protection drones to prevent hijacks. Sounds like too much trouble, they had better keep their trucks and fleet of aircraft.

Reply

Mike December 10, 2013 at 11:14 am

Seems everyone is worried about A.I. . But we still haven't found any H.I. (Human Integuments) and the comments above seem to bear that out. Robots have been doing remote Surgeries for years. A Doctor in San Diego works on a patient in New York to remotely preform a heart by-pass. The big problem I see is having that big UPS truck hovering over your barking dog in the front yard, while that unshaven, sweaty guy in the ill fitting shorts wants to get your signature on an electronic pad! Think about it. . . Chrees

Reply

Bill Babbitt December 10, 2013 at 12:49 pm

Security measures? We don't need no stinkin' security measures. We're Amazon.

Reply

untamedpack December 11, 2013 at 8:12 am

Amazon will soon replace the tens of thousands of holiday temp workers with robots simply because the govt will only allow them to work the temps 60 hours per week. to add insult to injury the govt requires amazon to give 40 min of break time in a 12 hour shift. of course that includes the time it takes to get from your work station to the break room and back which means dont shake it twice or you will be repremanded for taking extended break.

Reply

Kienhoa68 December 11, 2013 at 3:10 am

I don't see any benefit to destroying a potentially viable method of delivering small items quickly.
What is gained by disrupting the drones? Mischief with no point becomes a mere act of stupidity.
If the signals are properly encrypted, there should be little problem. Also if you fly drones within the city you would need a license at the very least. Just like the laser and aircraft stunt, you can get only get away with it for so long.

Reply

Max December 11, 2013 at 3:35 am

I'm guessing drone parts aren't cheap. There's money to be made in stealing and chopping drones if it's this easy. Besides if commercial drones can be hacked, you get to keep the loot.

Reply

Kienhoa68 December 11, 2013 at 4:40 am

Again, what's the point? So you capture some drone parts. The concept of fast delivery seems more relevant than that. Is there some lasting benefit to be gained by destroying a potentially good idea? I mean after they get the drone parts what is next? So they steal the item that it attempted to deliver. Where does all that go from there?

Reply

Zspoiler December 11, 2013 at 11:52 am

They could be used terrorism as well , Or some fool could use them for target practice

Reply

aweishaupt December 11, 2013 at 7:13 pm

Don't forget, this hack only works with a very specific type of drone called the AR Drone by Parrot, which is a $300 toy sold at Radioshack. They're used as toys or cheap research platforms for students, not for anything sensitive.

Reply

Patrick Poe December 12, 2013 at 10:57 am

The AR Parrot is the hunter drone that Kamkar uses to take over the Amazon worker drone. It's just the carrier vehicle for all the hardware that is doing the real work. You could put it in anything that flies that has a large enough payload. I'm thinking a large RC airplane would make a better hunter. The right design flies slowly and has a large wingspan and the right amount of power for long flight times, like a model bomber.

Reply

McDeath December 16, 2013 at 5:39 pm

So whats all the fuss?
Ok so some of us don't like the image of delivery drones hovering on our doorsteps with tiny packages. But think about the whole drone hijack thing and the possabilities that presents for new reality TV shows…LOL.
If some one wants to try this out at their own expense I say what the hell. As mentioned before you would have to choose drone delivery as a delivery option to have the annoying thing hovering anywhere near your home, and if other people want it and are willing to deal with the ramifications of it let em.

Reply

World of Warplanes Hack December 17, 2013 at 2:26 am
Jim Palazzolo December 19, 2013 at 7:08 am

Cyber Security – hmm…
Well Security Architecture was mentioned at some point in the blog roll, but it really comes down to a risk based approach; and, what Currier services are willing to pay in damages. It really has nothing to do with making them "secure".

Reply

Col. BMT December 20, 2013 at 12:47 am
rick brant March 19, 2014 at 10:32 am

Drones are the future we can fight wars and not lose a single live, destroy terrorists before the can start planning drones are the future treat as such.

Reply

Silvermont March 19, 2014 at 10:34 am

brilliant

Reply

Steve June 24, 2014 at 8:13 pm

I see a market for killer drones or inexpensive interceptor drones. Inexpensive drones that will take down another drone by collision. The interceptor drone could be hardened, "armored" to simply create a mid-air crash, disabling the intruding drone's propulsion system.

Reply

Leave a Comment

Previous post:

Next post: