Forgot your password?
typodupeerror
Security

How To Hijack a Drone For $400 In Less Than an Hour 161

Posted by Soulskill
from the step-1:-buy-$400-shotgun dept.
Trailrunner7 writes "The skies may soon be full of drones – some run by law enforcement agencies, others run by intelligence agencies and still others delivering novels and cases of diapers from Amazon. But a new project by a well-known hacker Samy Kamkar may give control of those drones to anyone with $400 and an hour of free time. Small drones, like the ones that Amazon is planning to use to deliver small packages in short timeframes in a few years, are quite inexpensive and easy to use. They can be controlled from an iPhone, tablet or Android device and can be modified fairly easily, as well. Kamkar, a veteran security researcher and hacker, has taken advantage of these properties and put together his own drone platform, called Skyjack. The drone has the ability to forcibly disconnect another drone from its controller and then force the target to accept commands from the Skyjack drone. All of this is done wirelessly and doesn't require the use of any exploit or security vulnerability."
This discussion has been archived. No new comments can be posted.

How To Hijack a Drone For $400 In Less Than an Hour

Comments Filter:
  • by Anonymous Coward on Tuesday December 03, 2013 @07:46PM (#45590191)

    In TFA he is hacking a Parrot AR wifi drone. If Amazon ever gets off the ground (ahem) with their drones, they will likely be autonomous, using GPS to guide them to their location. Monitoring and flight plan changes would likely occur by satellite as well. That's not to say that they are immune from attack, but none of the types of drones described in the summary (law enforcement, intelligence agencies, Amazon) are going to be susceptible to his attack.

  • by sheetsda (230887) <doug,sheets&gmail,com> on Tuesday December 03, 2013 @07:47PM (#45590199)

    "All of this is done wirelessly and doesn't require the use of any exploit or security vulnerability"

    "...detects the wireless signal sent out by a target drone, injects WiFi packets into the target’s connection, de-authenticates it from its real controller and then authenticates it to the Skyjack drone"

    Uhh... for what definition of "security vulnerability" is this not a "security vulnerability"?

  • by Anonymous Coward on Tuesday December 03, 2013 @07:47PM (#45590203)

    All of this is done wirelessly and doesn't require the use of any exploit or security vulnerability.

    Between me and the author of this sentence, I think we have two different definitions of "security vulnerability".

  • by Anonymous Coward on Tuesday December 03, 2013 @07:50PM (#45590209)

    You could also get a drone by robbing a Best Buy with a $10 knife... Is it no longer stealing just because there's a cool hack involved?

  • by codegen (103601) on Tuesday December 03, 2013 @08:08PM (#45590355) Journal
    The articles describe a wifi hack. Last I checked wifi has a range of 300 feet. There are some ways in which this can be extended to several miles but that involves large (i.e. 10ft) antennas. If you honestly think that law enforcement and amazon are using wifi to control their drones then I think you need to look a bit closer.
  • by umafuckit (2980809) on Tuesday December 03, 2013 @08:20PM (#45590427)

    What's to stop someone from forcefully taking down an Amazon drone, then placing it into a Faraday cage while they disassemble it and get the free hardware?

    The fact that it's vapourware and will never see active service?

  • by Anonymous Coward on Tuesday December 03, 2013 @08:21PM (#45590437)

    a truck driver

  • by roc97007 (608802) on Tuesday December 03, 2013 @09:22PM (#45590831) Journal

    Ok, so hang on, In a previous life as a military contractor, I used to do this with 1980's technology. This (TFA) sounds like a cheap, brute force approach, that actually works fairly well. You overwhelm the subject with a much stronger signal, and depend on the receiver's automatic gain control to limit the amplitude, putting the "real" control signal down in the noise. You then have the drone's full attention.

    The usual countermeasure is to encrypt the control signal. Then, you can still do a DOS (in today's terminology), but you can't get the drone to obey your commands.

    The counter-counter measure to this is to break the encryption so you can control the craft. Flash back to those supercomputers that hobbyists were building by clustering lots and lots of game consoles. Just saying'.

    Then, there's counter-counter-counter measures like hopping between frequencies and so forth, but for every technique there's a counter-technique, and I suspect computers have gotten fast enough to analyze tricky incoming signals and mimic them fairly quickly.

    Someone brought up GPS -- Amazon's little copters can't be hacked because they're autonomous, using GPS for navigation. Well guess what -- GPS is just another signal. As we learned in the middle east, it is possible to spoof those signals and get a drone to land in a place it didn't expect.

    The counter to *that* is inertial guidance. But realistically, Amazon and most government agencies probably won't have the budget for that.

    Optical guidance? (and optical surveillance in general) Green lasers with automated tracking and aiming triangulating by noise, or emitted RF, or visual recognition. Anyone with robotics experience should be able to at least theorize a solution.

    Wow, the next few years are going to be *fun*.

  • by rk (6314) on Tuesday December 03, 2013 @10:19PM (#45591211) Journal

    DGPS can get 10cm resolution if done right, and DGPS coverage is not a problem for most residences in the US and certainly not in the areas I'm sure Amazon will pilot (no pun intended) this system. Vision systems are getting more sophisticated and can probably find the front door reliably with sufficient accuracy once on the scene. I'm curious to know how it will handle apartments, though.

A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it.

Working...