How to Hack Other People's Drones for Less Than $400
On Sunday, Dec. 1, Amazon CEO Jeff Bezos told the U.S. television news show "60 Minutes" that within five years his company would make deliveries via aerial drones.
While most viewers marveled at this futuristic-seeming technology, hacker and independent security researcher Samy Kamkar had a different reaction.
"How fun would it be to take over drones, carrying Amazon packages, or take over any other drones, and make them my little zombie drones? Awesome," he wrote on his blog.
Kamkar then explained exactly how to do it.
Drones aren't just military devices used to carry out unmanned attacks. Many types of drones are commercially available: You can purchase a remote-controlled, flight-capable device, often with a camera or onboard Wi-Fi connectivity, for just a few hundred dollars.
Kamkar's "SkyJack" is software designed to seek out and seize control of one kind of these drones: Parrot AR.Drones, the cheapest of which is around $300 online.
AR.Drones are controlled from an iOS or Android device via a Wi-Fi network. That connection is limited to one drone and one controller, but has only the Wi-Fi network's own password to protect it. Each drone's unique media access control (MAC) address falls within a publicly specified range of possible addresses allotted to AR.Drones.
Kamkar's SkyJack program searches for devices whose MAC address falls in that range, severs the connection between the drone and its controller, and inserts itself as the drone's new operator. Kamkar can then operate these "zombie drones" from his own computer.
SkyJack can run off of any Linux machine and capture any AR.Drones that fly within the computer's Wi-Fi range.
But why stop there? Using just a few hundred dollars' worth of hardware, Kamkar developed a drone of his own that seeks out other AR.Drones and hijacks them from the air.
In a video demonstration, Kamkar showed how he had attached a single-card computer called a Raspberry Pi, on which SkyJack was running, to an AR.Drone of his own. He then attached two wireless adapters to the Raspberry Pi, which allowed SkyJack to set up its own network, search for other drones and disconnect their users while still receiving Kamkar's control signals.
"So, my drone is flying around, finds drones, takes them over and then begins controlling them under my command," Kamkar said in his video.
The Raspberry Pi computer and the wireless adapters can be found for about $100. The necessary software, which includes SkyJack and two other programs, are all open-source and available via Kamkar's website alongside instructions for how to get it all running.
Because SkyJack works by targeting public MAC addresses, the setup could conceivably be used to hack into other types of drones or connected devices as well, simply by changing its parameters to search for those MAC addresses.
If connections via those addresses were encrypted, however, SkyJack, as it currently exists, would not be able to hijack them.