Delivery Drones Could Be Skyjackers' Heaven
Plans to automate e-commerce deliveries by using drones are rife with obstacles to overcome, and one of them -- hacking and hijacking -- has just been demonstrated by security researcher Samy Kamkar. That's not to say it would be impossible to guard against a threat like the one he posed -- but it's clear that commercial use of drones is rife with perilous possibilities.
Dec 4, 2013 4:04 PM PT
The hack may resonate with many Americans, who are concerned about the increasing use of drones by law enforcement to conduct surveillance on citizens within the United States' borders.
SkyJack "is likely extendable to any other drones which are controlled similarly with little or no protection," Kamkar told TechNewsWorld. "Once I have access to other drones, I'll be inspecting their security to determine whether there are any other exploitable, and equally entertaining, issues."
What Kamkar Hath Wrought
Hardware for Kamkar's creation consists of the Parrot drone, a Raspberry Pi single-board computer, an Alfa AWUS036H wireless card and an Edimax EW-7811Un wireless USB adapter.
Kamkar uses a USB to power the Raspberry Pi+. Any USB battery weighing less than 100 gm and outputting close to 1 amp (1000mAh) will do, although users could hook up three AAA batteries to get about 4.5V.
The software consists of SkyJack, the Aircrack-NG wireless keys cracking program, the Aireplay-ng software used to inject frames, and node-ar-drone -- a node.js client for controlling Parrot AR Drone 2.0 devices.
SkyJack runs on Linux. It is available as a FOSS product.
How Drones Are Hijacked
Kamkar accomplishes the hijack by seeking out wireless connections for drones from MAC addresses owned by the Parrot company. These are defined in the firm's IEEE Registration Authority Organizationally Unique Identifier, or company ID.
He uses Aircrack-NG to search for Parrot drones and drone owners within WiFi range, then deauthenticates the owner by injecting WiFi packets into a drone's connection through aireplay-ng over the Alfa AWUS036H, which supports raw packet injection and monitor mode.
Kamkar then connects to the drone as its owner using node-ar-drone.
Parrot drones launch their own open wireless networks to facilitate the takeover.
Drones from Parrot can be controlled by mobile or tablet OSes. The Edimax EW-7811Un lets SkyJack launch its own network so users can control drones from their Linux laptops or from iPads.
Drone-Driven Angst in America
The use of drones is an emotional hot button for many Americans.
President Obama in February signed into law the FAA Reauthorization Act of 2011, which calls for the integration of drones into the national airspace system by 2015, sparking protests from civil liberties and privacy proponents.
In June, FBI director Robert Mueller admitted to using surveillance drones in U.S. airspace. Further, some local law enforcement agencies are reported have used drones for warrantless surveillance.
The U.S. Department of Homeland Security has launched a $4 million Air-based Technologies Program to push the adoption of unmanned drones by law enforcement.
In reaction to these developments, Congress is looking into laws to protect privacy.
The town of Deer Trail in Colorado has looked into issuing licenses to shoot down drones.
Are Our Military Drones Safe?
It's not clear whether U.S. military drones, which are used to target terrorists abroad, could be threatened by Kamkar's activities.
"SkyJack is currently only built for consumer drones, and it's extremely unlikely the military is using the same drones or same protocols," Kamkar said. "However, it's always possible that military drones are exploitable, and it's important that security researchers can scrutinize these before more malicious people do."
Even civilian drones may not be affected by skyjacking attempts, Michael Morgan, a senior analyst at ABI Research, told TechNewsWorld, as "GPS features that get the drones to return to base if something goes wrong are semistandard in consumer drones now."