Slashdot Mirror
How To Hijack a Drone For $400 In Less Than an Hour
Trailrunner7 writes "The skies may soon be full of drones – some run by law enforcement agencies, others run by intelligence agencies and still others delivering novels and cases of diapers from Amazon. But a new project by a well-known hacker Samy Kamkar may give control of those drones to anyone with $400 and an hour of free time. Small drones, like the ones that Amazon is planning to use to deliver small packages in short timeframes in a few years, are quite inexpensive and easy to use. They can be controlled from an iPhone, tablet or Android device and can be modified fairly easily, as well. Kamkar, a veteran security researcher and hacker, has taken advantage of these properties and put together his own drone platform, called Skyjack. The drone has the ability to forcibly disconnect another drone from its controller and then force the target to accept commands from the Skyjack drone. All of this is done wirelessly and doesn't require the use of any exploit or security vulnerability."
When drones are outlawed, only outlaws will operate drones.
In TFA he is hacking a Parrot AR wifi drone. If Amazon ever gets off the ground (ahem) with their drones, they will likely be autonomous, using GPS to guide them to their location. Monitoring and flight plan changes would likely occur by satellite as well. That's not to say that they are immune from attack, but none of the types of drones described in the summary (law enforcement, intelligence agencies, Amazon) are going to be susceptible to his attack.
"All of this is done wirelessly and doesn't require the use of any exploit or security vulnerability"
"...detects the wireless signal sent out by a target drone, injects WiFi packets into the target’s connection, de-authenticates it from its real controller and then authenticates it to the Skyjack drone"
Uhh... for what definition of "security vulnerability" is this not a "security vulnerability"?
All of this is done wirelessly and doesn't require the use of any exploit or security vulnerability.
Between me and the author of this sentence, I think we have two different definitions of "security vulnerability".
You could also get a drone by robbing a Best Buy with a $10 knife... Is it no longer stealing just because there's a cool hack involved?
For something like Amazon's purported drones... all you'd have to do is to hardcode the delivery address and HQ into the drone before flying, and make sure it doesn't accept any incoming signals by turning the wireless off. Now, if we want to talk about trying to get the drone's GPS systems confused, that would be something else! (Actually I'm still wondering if the drone would be smart enough to land on pavement or miss entirely and drop packages on a customer roof or balcony.)
READY.
PRINT ""+-0
Would you Americans please stop using guns to shoot each other, and aim them up at these things instead? Cheers.
Does anyone have any haar-like classifiers for drones yet? Just for research of course.
He's basically saying that "hey, this consumer drone has no security", and the most powerful signal wins.
That's pretty much true of any consumer RC product.
Newer-generation control systems in commercial & law-enforcement drones will likely use encrypted communications.
You just gave Bigcorp a good testbed for free.
If Pandora's box is destined to be opened, *I* want to be the one to open it.
Because accepting a wifi connection without authenticating its source is totally not a vulnerability.
In other news, you could own every single computer connected to the internet, without using any security vulnerabilities, as long as it runs an ssh server without a root password.
Finally a method of DVD piracy that the DMCA can't touch!
What's to stop someone from forcefully taking down an Amazon drone, then placing it into a Faraday cage while they disassemble it and get the free hardware?
Any company that leaves their drones susceptible to a simple hijack deserves to go bankrupt buying drones.
Let's see... Just put a GPS / visual flight plan in the thing that cannot be replaced without a secure connection or a physical connection.
While pro-grade multicopters like those to be deployed by Amazon operate at 2.4GHz, they do not use WiFi as their radio system! Typically, these multicopters are fitted radio systems such as Futaba, JR, Spektrum or 9X, and therefore Skyjack will not be able to take them down.
w00t
The articles describe a wifi hack. Last I checked wifi has a range of 300 feet. There are some ways in which this can be extended to several miles but that involves large (i.e. 10ft) antennas. If you honestly think that law enforcement and amazon are using wifi to control their drones then I think you need to look a bit closer.
Atlas stands on the earth and carries the celestial sphere on his shoulders.
A gun.
Illegal will still be illegal.
This only affects parrotAR drones, which specifically are meant to be easy to use and have no security. Something like an Amazon drone or military drones will most likely have some authentication mechanism. But still, this is something to consider in popular drone design.
So if you have a toy drone you can take over other toy drones? Could be great fun at a toy drone party but I don't see how it has anything to do with law enforcement drones or Amazon drones.
I'm sure it would never cross the minds of intelligence agencies, law enforcement agencies or Amazon to authenticate the controller.
I have all those components except the parrotAr2 drone. Early Christmas present?
So this "very powerful" Wi Fi outputs 1000 milliwatts ... which equals one watt.
Am I missing something, or is this just bad reporting?
"What in the name of Fats Waller is that?"
"A four-foot prune."
"You keep using that word. I don't think that means what you think it means."
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
How to disable a drone for $150 in less than a minute
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
If Amazon can make a drone to deliver packages ---- then someone else can make a drone to "tail" Amazon drones, and grab the package after delivery; taking it off to some prescribed location for reappropriation.
is that for a real drone or one of those remote controlled copters?
Three words: "Drone Knockout Game".
You are welcome on my lawn.
Sure. But. The number of people willing to steal remotely is an order of magnitude greater than the number of people willing to do up close and personal armed robbery. Mira! A car analogy: It's like killing a person with your pickup instead of with a knife.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Hate to tell the author but any decent drone wouldn't use WIFI for communication
The Amazon drones aren't even remote controlled, but autonomous http://youtu.be/6in-MZeeeGk?t=12m26s
(And even though there's probably some backup control channel and remote telemetrics it's very likely not wifi.)
Ok, so hang on, In a previous life as a military contractor, I used to do this with 1980's technology. This (TFA) sounds like a cheap, brute force approach, that actually works fairly well. You overwhelm the subject with a much stronger signal, and depend on the receiver's automatic gain control to limit the amplitude, putting the "real" control signal down in the noise. You then have the drone's full attention.
The usual countermeasure is to encrypt the control signal. Then, you can still do a DOS (in today's terminology), but you can't get the drone to obey your commands.
The counter-counter measure to this is to break the encryption so you can control the craft. Flash back to those supercomputers that hobbyists were building by clustering lots and lots of game consoles. Just saying'.
Then, there's counter-counter-counter measures like hopping between frequencies and so forth, but for every technique there's a counter-technique, and I suspect computers have gotten fast enough to analyze tricky incoming signals and mimic them fairly quickly.
Someone brought up GPS -- Amazon's little copters can't be hacked because they're autonomous, using GPS for navigation. Well guess what -- GPS is just another signal. As we learned in the middle east, it is possible to spoof those signals and get a drone to land in a place it didn't expect.
The counter to *that* is inertial guidance. But realistically, Amazon and most government agencies probably won't have the budget for that.
Optical guidance? (and optical surveillance in general) Green lasers with automated tracking and aiming triangulating by noise, or emitted RF, or visual recognition. Anyone with robotics experience should be able to at least theorize a solution.
Wow, the next few years are going to be *fun*.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
God knows I wouldn't have murdered all those people if I had to use a knife instead of my car. I would have had to cut back to four, maybe five, murders a day if I were so inconvenienced.
“The only security on the Parrot drones is that when the owner is connected to it, no one else is able to control it. This is why I need to use a wifi chipset that allows me to inject packets as I need to exploit wifi and deauthenticate the true owner who is controlling it,” Kamkar said.
So I've gotta ask, what would stop someone from doing this same thing on either side. On one side, you've got those that could hijack your parrot using the same tactics that you are using to hijack the drone. On the other side, whatever you do to protect your parrot, could be implemented to protect the drone, right? Am I missing something? Also, what's to stop parrots from buzzing around doing the same "evil" that Google did with wireless routers.
Politics; n. : A religion whereby man is god.
You can do it for less than that. Just use a fishing net with a very long pole.
CAPTCHA: patience.
What drones that are used for anything but hobby use actually use WiFi for their C2 link?
I think the author means "parrot AR drone" not "drone".
Begun the drone wars have
Bezos use a few 100k dollars cash to payola 60 Minutes Execs into letting him Butt Fuck 60 Minutes and America ... that he soooo loves.
QED
So, this works with a specific drone made by a specific company using a particular block of MAC addresses and is limited to a WiFi hack (which means it is within a few hundred feet).
So, basically if you see a guy flying one of these in the park, you can launch yours to go hack his, disconnect his iPad and have it come to you. At which time he is going to run over to you and punch you right in the face for stealing his drone.
Microwave oven magnetron and a small parabolic dish wifi antenna and all your drone belong to me.
Got Code?
Never heard of the guy. Stop assuming everybody's heard of your personal idols, you. Not everybody cares about the coloured hats-crowd.
... if the drone would be smart enough to land on pavement or miss entirely and drop packages on a customer roof or balcony
I've *ALWAYS* wanted to call up Domino's / Pizza Hut and say, "I'm traveling down the freeway -- deliver a large pizza to me." And with a (fast enough) drone flying beside me, now I can!
Finding me in real time is no problem anymore -- just ask my phone's GPS or bug(!) the NSA. I'm sure those taps in the data center are all BI-directional.
After all, what's a few packet swaps between friends?
If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
... just by something from them and they will send it to you.
6000mah LiPo gets me 20 minutes of agile flight at most. After that I am risking a crash or a hard landing. When I fly via autopilot I have to be ready to take over control at any time. If the GPS gets several bad fixes in a row the quad could go off course. Microwave Radio interference can really mess up GPS reception.
I have no problems when I fly along the beach or in my neighborhood but if I take it to work and try to fly via gps in the industrial park I have to take control eventually.
It's too easy to hijack a drone. You can hijack easily just by fooling the GPS. This is easier than you may think.
I'd like to see a DIY anti-drone rocket propelled net project.
No airships but steam/diesel punk is bleeding into the real world!
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
The Parrot AR Drone can only go a couple hundred feet from the person controlling it. If someone hacks it, they are standing within eyesight of you... just watch them to see where they take your drone, then beat them up and get your drone back. Done.
A slingshot with a scope will be much cheaper and I dare say more in use by the time these things go up....
End of Line.
The author is giving misleading statements. What he's done is hacked a Parrot, this is not the type of drone nor system Amazon is likely to use. In fact what they showed in their video doesn't use a Wifi connection at all. It uses 2.4 ghz wireless that has automatic rolling channels to eliminate the possibility of squelching anothers frequency. The transmissions from drone to controller are also encrypted.
I am Bennett Haselton! I am Bennett Haselton!
I fly with a bunch of guys that build quads - multis etc. Not one uses gps that could be fooled short of overriding the gps entirely, even then the pilot is as you said on the sticks. One guy I fly with build an octo for DARPA, I dare say that thing is bullet proof.
I am Bennett Haselton! I am Bennett Haselton!
I want to know who this DR Garage is! He signs for all of my UPS deliveries!
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
... are belong to us.
I can imagine the customer service calls/emails to Amazon.
"My books and year supply of turtle wax never arrived"
- - "Well sir, it appears that your shipment was taken out by a bunch of 6th grade boys with BB guns somewhere in a field in Arkansas."