Hacking

Delivery Drones Could Be Skyjackers’ Heaven

Following news that Amazon plans to use unmanned drones for rapid delivery of goods to customers, security researcher Samy Kamkar has developed a way to skyjack drones.

The hack may resonate with many Americans, who are concerned about the increasing use of drones by law enforcement to conduct surveillance on citizens within the United States’ borders.

Kamkar’s attack employs a Parrot AR Drone 2, various components, and a Perl application he wrote called, appropriately, “SkyJack”, for about US$400.

SkyJack “is likely extendable to any other drones which are controlled similarly with little or no protection,” Kamkar told TechNewsWorld. “Once I have access to other drones, I’ll be inspecting their security to determine whether there are any other exploitable, and equally entertaining, issues.”

What Kamkar Hath Wrought

Hardware for Kamkar’s creation consists of the Parrot drone, a Raspberry Pi single-board computer, an Alfa AWUS036H wireless card and an Edimax EW-7811Un wireless USB adapter.

Kamkar uses a USB to power the Raspberry Pi+. Any USB battery weighing less than 100 gm and outputting close to 1 amp (1000mAh) will do, although users could hook up three AAA batteries to get about 4.5V.

The software consists of SkyJack, the Aircrack-NG wireless keys cracking program, the Aireplay-ng software used to inject frames, and node-ar-drone — a node.js client for controlling Parrot AR Drone 2.0 devices.

SkyJack runs on Linux. It is available as a FOSS product.

How Drones Are Hijacked

Kamkar accomplishes the hijack by seeking out wireless connections for drones from MAC addresses owned by the Parrot company. These are defined in the firm’s IEEE Registration Authority Organizationally Unique Identifier, or company ID.

He uses Aircrack-NG to search for Parrot drones and drone owners within WiFi range, then deauthenticates the owner by injecting WiFi packets into a drone’s connection through aireplay-ng over the Alfa AWUS036H, which supports raw packet injection and monitor mode.

Kamkar then connects to the drone as its owner using node-ar-drone.

Parrot drones launch their own open wireless networks to facilitate the takeover.

Drones from Parrot can be controlled by mobile or tablet OSes. The Edimax EW-7811Un lets SkyJack launch its own network so users can control drones from their Linux laptops or from iPads.

Drone-Driven Angst in America

The use of drones is an emotional hot button for many Americans.

President Obama in February signed into law the FAA Reauthorization Act of 2011, which calls for the integration of drones into the national airspace system by 2015, sparking protests from civil liberties and privacy proponents.

In June, FBI director Robert Mueller admitted to using surveillance drones in U.S. airspace. Further, some local law enforcement agencies are reported have used drones for warrantless surveillance.

The U.S. Department of Homeland Security has launched a $4 million Air-based Technologies Program to push the adoption of unmanned drones by law enforcement.

In reaction to these developments, Congress is looking into laws to protect privacy.

The town of Deer Trail in Colorado has looked into issuing licenses to shoot down drones.

Are Our Military Drones Safe?

It’s not clear whether U.S. military drones, which are used to target terrorists abroad, could be threatened by Kamkar’s activities.

“SkyJack is currently only built for consumer drones, and it’s extremely unlikely the military is using the same drones or same protocols,” Kamkar said. “However, it’s always possible that military drones are exploitable, and it’s important that security researchers can scrutinize these before more malicious people do.”

Even civilian drones may not be affected by skyjacking attempts, Michael Morgan, a senior analyst at ABI Research, told TechNewsWorld, as “GPS features that get the drones to return to base if something goes wrong are semistandard in consumer drones now.”

1 Comment

  • You really should point out that using a system such as SkyJack to interfere with anyone’s radio controlled device other than one’s own is flatly illegal in the United States (and most other jurisdictions).

    http://www.fcc.gov/encyclopedia/jammer-enforcement

    ***ALERT***

    Federal law prohibits the operation, marketing, or sale of any type of jamming equipment, including devices that interfere with cellular and Personal Communication Services (PCS), police radar, Global Positioning Systems (GPS), and wireless networking services (Wi-Fi).

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Richard Adhikari
More in Hacking

Technewsworld Channels