How To Hijack a Drone For $400 In Less Than an Hour

Trailrunner7 writes "The skies may soon be full of drones – some run by law enforcement agencies, others run by intelligence agencies and still others delivering novels and cases of diapers from Amazon. But a new project by a well-known hacker Samy Kamkar may give control of those drones to anyone with $400 and an hour of free time. Small drones, like the ones that Amazon is planning to use to deliver small packages in short timeframes in a few years, are quite inexpensive and easy to use. They can be controlled from an iPhone, tablet or Android device and can be modified fairly easily, as well. Kamkar, a veteran security researcher and hacker, has taken advantage of these properties and put together his own drone platform, called Skyjack. The drone has the ability to forcibly disconnect another drone from its controller and then force the target to accept commands from the Skyjack drone. All of this is done wirelessly and doesn't require the use of any exploit or security vulnerability."

No, this will not work on Amazon's drones.

In TFA he is hacking a Parrot AR wifi drone. If Amazon ever gets off the ground (ahem) with their drones, they will likely be autonomous, using GPS to guide them to their location. Monitoring and flight plan changes would likely occur by satellite as well. That's not to say that they are immune from attack, but none of the types of drones described in the summary (law enforcement, intelligence agencies, Amazon) are going to be susceptible to his attack.

Re:No, this will not work on Amazon's drones.

[Grax]

Agreed! The article implies that his "awesome" hack gives him infinite control of the skies. It really only gives him control of one kind of toy drone and then only until they release an update that blocks his hack.

Re:No, this will not work on Amazon's drones.

[number17]

Exactly! A giant net is still the best option.

Re:No, this will not work on Amazon's drones.

[romons]

The Iranians supposedly hijacked a 'real' military drone by faking GPS signals.

If you know where the drone is going, you just overpower the GPS signal. Military drones probably have some redundancy built into an encrypted channel (GPS is, after all, a military system) but I don't think Amazon is going to have that capability. They could use redundancy by video, ala google car, I suppose, particularly if they are covering a fairly small geographic area. They would want that anyway, since GPS drifts around. Don't want the package delivered in the pool. They could also use both GPS and the russian system in many places.

Another possibility would be a LORAN type system, broadcast from their facilities. It might only serve as a check, and allow the drones to return if GPS went completely dark. If GPS goes dark, however, I think we have bigger problems than getting our drones back.

Without a security vulnerability?

[sheetsda]

"All of this is done wirelessly and doesn't require the use of any exploit or security vulnerability"

"...detects the wireless signal sent out by a target drone, injects WiFi packets into the target’s connection, de-authenticates it from its real controller and then authenticates it to the Skyjack drone"

Uhh... for what definition of "security vulnerability" is this not a "security vulnerability"?

Re:Without a security vulnerability?

[plover]

A security vulnerability implies that at some level, there had to have been the faintest vague attempt at being secure.

He exploited a vulnerability, to be sure, but he seems uncomfortable calling it a security vulnerability.

Re:Without a security vulnerability?

[viperidaenz]

Because the product is designed to behave this way. If it's documented, it's a feature, not a bug.

Re:Without a security vulnerability?

[gl4ss]

so there is no option to use wpa or any wifi security at all? that's what it implies.

breaking wpa would imply a security vulnurability.

and dunno how it could be "like those used by amazon" since amazon doesn't yet use or have any.

Re:Without a security vulnerability?

[viperidaenz]

It sounds like it does what ever the AR done software does when it pairs with the drone. There is no screen or keyboard on the drone to enter a WPA key.

What ever they're doing, its not new. This was discussed two years ago http://www.ardrone-flyers.com/forum/viewtopic.php?t=2151

No vulnerabilities? Really?

All of this is done wirelessly and doesn't require the use of any exploit or security vulnerability.

Between me and the author of this sentence, I think we have two different definitions of "security vulnerability".

Re:No vulnerabilities? Really?

[Control-Z]

If he is referring to the unlikely Amazon delivery drones, I really don't understand that sentence at all. How would he know what security the drones will have in place? It's a safe bet Amazon wouldn't communicate unencrypted with them.

Simple: just turn off the wireless

[Neo-Rio-101]

For something like Amazon's purported drones... all you'd have to do is to hardcode the delivery address and HQ into the drone before flying, and make sure it doesn't accept any incoming signals by turning the wireless off. Now, if we want to talk about trying to get the drone's GPS systems confused, that would be something else! (Actually I'm still wondering if the drone would be smart enough to land on pavement or miss entirely and drop packages on a customer roof or balcony.)

Re:Simple: just turn off the wireless

[plover]

I was wondering about that, too. Maybe they'll have the drone autonomously fly to the target's address, then have a human pilot land it on the doorstep, guiding it via GPRS, 4G, or something similar.

Re:Simple: just turn off the wireless

It would likely be a Destination Landing Pad. I suspect the optimal setup would be a subscription service, and the landing pad would be part of the subscription.

Re:Simple: just turn off the wireless

[sjames]

I don't think they're smart enough to reliably drop packages on the roof or even in the pool, but I understand they're motion capturing paper boys on their routes to see if they can learn the secret.

Re:Simple: just turn off the wireless

[Zwergin]

(Sorry, did not realize I was not signed in. ) It would likely be a Destination Landing Pad. I suspect the optimal setup would be a subscription service, and the landing pad would be part of the subscription. ~Zwergin

Re:Simple: just turn off the wireless

[Fnord666]

Actually I'm still wondering if the drone would be smart enough to land on pavement or miss entirely and drop packages on a customer roof or balcony

Hopefully they don't use the code that delivers care packages in Call of Duty then.

Re:Simple: just turn off the wireless

[wvmarle]

GPS is not reliable or accurate enough for doorstep deliveries, will need some human controller.

The max. accuracy of normal GPS is about 1m, which is already a bit coarse for doorstep delivery and in urban areas receivers may get confused by reflections off of buildings. And even if GPS were accurate enough, you'd need to know really accurate coordinates of that doorstep, or that park bench where the person ordering the pizza is.

So certainly a human operator will have to do the last part of the trip.

Re:Simple: just turn off the wireless

[rk]

DGPS can get 10cm resolution if done right, and DGPS coverage is not a problem for most residences in the US and certainly not in the areas I'm sure Amazon will pilot (no pun intended) this system. Vision systems are getting more sophisticated and can probably find the front door reliably with sufficient accuracy once on the scene. I'm curious to know how it will handle apartments, though.

Re:Simple: just turn off the wireless

[Dan541]

I'm curious to know how it will handle apartments, though.

A cannon to launch the parcel through the window?

Re:Simple: just turn off the wireless

[asmkm22]

That sounds about like my normal CoD support drop...

Re:Simple: just turn off the wireless

[Smauler]

The accuracy of GPS is not the problem. The problem is places where GPS is useless.

To be honest, if I can order something and it be in my drive in about 1/2 an hour, that is good enough, where I am living now. I can keep an eye out for it. I live in the middle of nowhere, and there's no chance of it being picked up by someone else. I have lived in towns and cities, though. Some of my previous residences had hundreds of people walking by the front door every hour. GPS does not work there, and it never will, no matter how accurate it is.

Re:Simple: just turn off the wireless

[Neo-Rio-101]

That's a pretty good idea. That way you could ensure that the drone lands in your backyard so that the package and drone doesn't get swiped from your front door by a passerby.

Re:Simple: just turn off the wireless

[adolf]

Apartments are easy! Just drop it on the communal stoop, wait for someone to steal the package, and send an SMS alert about "successful delivery" some hours later.

Just like it works right now, with UPS, USPS, FedEx [...].

(Speaking of SMS delivery alerts: A decade or more ago, I was getting delivery alerts in near real-time to my (then) fancy-pants alphanumeric pager (via SMTP). I'd greet the driver at the door, and usually by the time I was unboxing the stuff my pager would go off.

What happened to the timeliness of this stuff? It's been terrible for the past few years.)

Re:Simple: just turn off the wireless

[MollyB]

I'm still wondering if the drone would be smart enough to land on pavement,

Rats. I was so looking forward to telling it, "Thanks. Now get off my lawn..."

Re:Simple: just turn off the wireless

[Gadget27]

Right, I was thinking the same thing when trying to help explain how this might work to my wife. I suspect that there would be a large landing zone 'card' of some sort, something that can be stored, unfolded and put out on your property. It would probably be provided for free. I'm imagining a black background with Amazon logo, and a large QR code that the drone can use to identify the landing zone. The drone would know how to fly to the general coords of the recipient's shipping address, at which point it would then locate the proper landing zone for delivery.

Re:Simple: just turn off the wireless

[RockDoctor]

I'm imagining a black background with Amazon logo, and a large QR code that the drone can use to identify the landing zone.

Within hours of Bozos or whatever his name is deploying one, the country (whichever country) will be blanketed with people "hacking" their own fakes using paper, a ruler, a pen and some ingenuity.

If you deployed a paper "target" with the address for someone one street further away from the Amazon depot compared to your house, and the Amazon drone delivered the parcel to you, would that be theft? (Note : this is a private delivery service ; not the state mail system.)

Signing for the parcel ... that would probably make it theft by misrepresentation a.k.a. fraud. But IANAL.

Re:Simple: just turn off the wireless

[Gadget27]

That's an excellent point, regarding hijacking other people's QR code addressed landing zones. It would be easy to imagine that such an action would be considered theft, or at least can be successfully argued as being so. Putting out a duplicate landing zone with a code that is supposed to be uniquely identifiable is a sort of misrepresentation and fraud I would imagine. It seems it would be the same as if you pried the numbers off your neighbors house and applied them to your own in order to confuse and trick the local UPS delivery man. Doing so also implies the intent to steal. At least, that all seems like common sense to me, but IANAL either. One way I can see to combat this is to have unique QR codes for each delivery that you print out at the time of order... it would be more difficult, though not impossible, to hijack shipments this way. It does create an extra burden on the recipient, as well as on the guys who write the software for the drones, as Im sure reading a code from a 8 1/2 x 11 piece of paper poses a bit more of a challenge versus something much larger printed on nearly all the surface of a landing zone.

Re:Simple: just turn off the wireless

[RockDoctor]

as Im sure reading a code from a 8 1/2 x 11 piece of paper poses a bit more of a challenge versus something much larger printed on nearly all the surface of a landing zone.

The "Parrot AR.Drone 2.0 Quadricopter" ships at a 4 pounds weight and a shipping size of 23in by 23in (by 0.5in - I don't believe that last one ; probably 5in deep). Say that the Amaz-drone has twice the landing weight (for 5lb of payload, and some improvements in lightening the airframe and battery). Then to a first approximation you'd think that it's footprint is going to be twice the area, and so sqrt(2) times larger in linear dimensions. so you'd need a landing pad of 32in square. Approximately.

Actually, Would you necessarily have to print out a full landing pad QR for each delivery. Probably QR wouldn't do it, but I can envisage a QR-like code where most of the pad could use large (visible from a longer distance) codes to give the address of the site (associated with postcode, or street number / house number, perhaps) but allow for a single sheet (A4 or the American size) which contains the authentication for that particular delivery.

Ah ; problem : what if you've got two deliveries made on one day. Or you don't know which day the delivery will actually happen. Or, for that matter, if a bird shits in the middle of your authentication code?

It's a complex problem they're proposing solving.

Re:Simple: just turn off the wireless

[Gadget27]

When I first thought of the idea of the printable QR code, I was actually thinking along the lines you are... as an insert to a larger landing zone. I do think you idea is better, having the address information hard coded on the landing zone and having more of an authentication code printout being added per delivery.

Regarding multiple deliveries on a day, or not knowing what day something will deliver, I don't know if such things will be much of an issue when I think of typical uses cases for such a service. I am going to assume that 30 minute deliver will come at a premium price. Perhaps they will end up offering a subscription service like they do with the current Prime accounts. In either case, I imagine that opting to have something delivered that fast would likely mean, or perhaps require, that you are there to actually receive shipment once the drone arrives. I would think if you wanted something that fast, you would already be there in order to make use of said package that fast, otherwise why not just opt for standard 1 or 2 day delivery? As far as knowing what shipment is what, I'd would think its a safe bet to make that drone deliveries would have very accurate, high resolution tracking, perhaps similar to how one can track the location and status of any commercial airliner that you know the flight number of. I don't think there would be a question what is being delivered when. Why not even use its on board camera(s) to stream a private live video of the flight as it approaches your house, assuming there is adequate mobile coverage between point A to point B. That would be fun, at least the first couple times you see it.

As for the bird shit problem, I admit you got me stuck on that one. I suppose there would have to be some sort of backup authentication mechanism in place to handle such incidents. Maybe if primary authentication cannot be made, a photo of your LZ and/or current GPS coordinates on a map are sent to your mobile device app/email for you to approve. It may have to even make an automated call so it gets your immediate attention... I dont know, that is a tough problem to crack.

Haar cascade?

[fatgraham]

Does anyone have any haar-like classifiers for drones yet? Just for research of course.

Congratulations!

[StripedCow]

You just gave Bigcorp a good testbed for free.

No security vulnerability

[Arancaytar]

Because accepting a wifi connection without authenticating its source is totally not a vulnerability.

In other news, you could own every single computer connected to the internet, without using any security vulnerabilities, as long as it runs an ssh server without a root password.

Re:No security vulnerability

[TangoMargarine]

The logic is that you can't circumvent security if the security is nonexistent. I suppose it's still considered "breaking and entering" if you just walk in their unlocked front door (or is it just trespassing unless you commit some other crime in the process?), although you didn't break anything.

Arrr!

[RDW]

Finally a method of DVD piracy that the DMCA can't touch!

Stealing an Amazon Drone

[Metabolife]

What's to stop someone from forcefully taking down an Amazon drone, then placing it into a Faraday cage while they disassemble it and get the free hardware?

Re:Stealing an Amazon Drone

[BadPirate]

My plan is almost complete! MUAHAHAHA

http://www.armaghplanet.com/blog/wp-content/uploads/2012/05/image-of-James-bond-spaceships.png

ALT - (Photo is from James Bond, US Space ship getting eaten by Spectre ship in an attempt at starting world war)

Re:Stealing an Amazon Drone

[umafuckit]

What's to stop someone from forcefully taking down an Amazon drone, then placing it into a Faraday cage while they disassemble it and get the free hardware?

The fact that it's vapourware and will never see active service?

Re:Stealing an Amazon Drone

a truck driver

Re:Stealing an Amazon Drone

[physicsphairy]

Jeff Bezos circling above in an Apache attack helicopter.

Re:Stealing an Amazon Drone

[14erCleaner]

There's also the fear of prison. These things will be transmitting live video feeds back to home base. If they actually existed, that is.

Re:Stealing an Amazon Drone

[wvmarle]

And after taking control over that thing, what's stopping you from disconnecting the video stream as well?

Re:Stealing an Amazon Drone

I hear that the security system protecting most current home deliveries (I think they call it "a human") breaks down if you point a simple kinetic projectile emitter at it!

Re:Stealing an Amazon Drone

[radish]

What's to stop someone from forcefully taking a UPS truck, then placing it into a garage while they disassemble it and get the free hardware?

Not much, other than the law. People steal delivery trucks sometimes, and they're a lot easier to steal than an aircraft in flight. The concept of delivering packages by wheeled vehicle still seems to work despite this flaw.

Re:Stealing an Amazon Drone

[PolygamousRanchKid+]

'round my parts, a horde of kids will be chasing them drones with Louisville Sluggers, while chanting:

"Pinata! Pinata! Pinata!"

"Hey! Mine had an iPhone in it! Cool!"

"Su Madre! Mine had yet another copy of "Fifty Shades of Grey" . . .

Re:Stealing an Amazon Drone

[SeaFox]

a truck driver

You believe a UPS worker getting paid $12/hr is going to stop someone with a gun who wants to take his fully insured company truck?

Re:Stealing an Amazon Drone

[hairyfish]

There's is a whole order of magnitude more effort involved in hijacking and stealing a truck than knocking a drone out of the sky. Especially since an unexpected drone crash is a very high risk anyway. If I see one of these things I'll be hitting tennis balls at them purely for shits and giggles. If they happen to be in the way of my game of backyard cricket then fuck them.

Re:Stealing an Amazon Drone

[hairyfish]

1. Effort.
2. Risk of being caught.
3. Length of sentence when you do get caught.
None of these apply to drone 'interference'. Kids will be knocking these things out of the sky with rocks, the whole idea is unfeasible.

Re:Stealing an Amazon Drone

[hairyfish]

It's a lot harder to hide a truck. Any 12 year old can knock a drone out of the sky (with some skill/luck) and stomp on it.

Re:Stealing an Amazon Drone

[eth1]

I was thinking more along the lines of "decorating" my house with balloons on wires (kind of like the navy did in WWII), and if any of these flies over my house, there's a good chance it will end up "crashed" in my yard.

Re:Stealing an Amazon Drone

[BasilBrush]

In most of the developed world crime is falling, and has been for years. Whilst there's no conclusive proof that one of the reasons is increasing security cam coverage, I suspect it's no coincidence.

Skyjack only works for WiFi drones!

[cciRRus]

While pro-grade multicopters like those to be deployed by Amazon operate at 2.4GHz, they do not use WiFi as their radio system! Typically, these multicopters are fitted radio systems such as Futaba, JR, Spektrum or 9X, and therefore Skyjack will not be able to take them down.

Re:Skyjack only works for WiFi drones!

Maybe not. But I'm willing to bet many will be lost to .308 or .30-06 rounds...

Re:Skyjack only works for WiFi drones!

[Omega+Hacker]

I *highly* doubt the Amazon drones will be operated by some hobbyist Futaba or Spektrum protocol. Doing such a thing would be absolutely ludicrous from just about every angle possible. First of all, such protocols are nothing more than "stream-of-servo" positioning commands, and very badly suited to autonomous drone control. Honestly they're pretty badly suited to manual drone control IMO. Second, they are even less secure than WiFi. I'm going to take a wild guess and say that the Amazon drones will be cellular-controlled, with high-end SSL used to send the drone a set of GPS coordinates (waypoints, etc.), and the drone will handle *every* control aspect from there on out, as it should.

Re:Skyjack only works for WiFi drones!

[drinkypoo]

and the drone will handle *every* control aspect from there on out, as it should.

I don't think so. I think they'll plot the entire route, waypoint by waypoint, down to delivery of the actual package. The drone will do waypoint following and collision avoidance, but that's it. That's a lot cheaper in terms of power budget, because your drone doesn't have to be quite so clever.

Re:Skyjack only works for WiFi drones!

[asmkm22]

It doesn't really matter what the various drones use. They will get hacked, because they're convenient targets designed to accept remote communications from someone.

Law Enforcement Drones?

[codegen]

The articles describe a wifi hack. Last I checked wifi has a range of 300 feet. There are some ways in which this can be extended to several miles but that involves large (i.e. 10ft) antennas. If you honestly think that law enforcement and amazon are using wifi to control their drones then I think you need to look a bit closer.

Re:Law Enforcement Drones?

[cdwiegand]

Wha? Yagi wifi antennas are certainly NOT 10 feet tall. 18" long - http://www.mfjenterprises.com/Product.php?productid=MFJ-1800. 15 dbi (so if your current antenna is 3 dbi this is a 12 dbi increase, or say 100x+ish). Very directional, though.

And no one sane running a drone "program" would use normal wifi - they'd get a control frequency from the FCC and go that route.

Re:Law Enforcement Drones?

[asmkm22]

I think he's talking about building for about $400, then flying that drone close enough to another drone where the wifi magic works, and take control of it that way.

Re:Law Enforcement Drones?

[codegen]

My distance was off. I was thinking of the 125 mile shot that used two 12ft dishes. (http://www.davemoorecomputers.com/Wifi-Shootout-Archives/Website-05/index.html) The article mentions the Amazon drones. They are intended operate in a 10 mile radius. You aren't going to do that with wifi.

Re:Law Enforcement Drones?

[codegen]

And no one sane running a drone "program" would use normal wifi - they'd get a control frequency from the FCC and go that route.

That was my main point. The articles mention law enforcement and amazon. They are not going to control the drones with wifi.

Re:Law Enforcement Drones?

[codegen]

My point is neither law enforcement or Amazon is going to use a drone that uses wifi at all.

Re:Law Enforcement Drones?

[adolf]

You're forgetting something important: Radio is traditionally used for broadcast and does not traditionally suffer the problems of long-range point-to-point Wifi links.

Who said Amazon's drones would be controlled with Wifi, anyway? There's a myriad of other ways of efficient, reliable, low-speed (and inefficient, less reliable, high-speed) wireless technologies.

Remember POCSAG? It's what is (still!) used for 1-way alphanumeric pagers. It's plenty fast enough to tell a swarm of drones where to go, and can have a high-power transmitter in a singular fixed location that can easily cover ten miles of range. A POCSAG receiver can run for weeks or months from a single AA battery: It is perhaps the most ideal solution.

Talking back to home base is a bit more challenging, but with the pervasiveness of cellular data should not be a big deal (and the cellular radio can be turned completely off once the communications are sent).

(Disclaimer: I install and maintain paging terminals. Everyone wants their smartphone to do everything, as well they should, and everyone is rightfully obsessed with Wifi...but there's no better alternative to a pager when lives are on the line (hospitals) or when production problems happen (factories) than a paging terminal with a real power amplifier and a gain antenna, with zero dependance on services provided by the outside world. 10 miles is -easy-. Trivial, even. Add a little bit of well-understood public-key encryption, and gosh: You've got a secure, low-speed wide-area control channel for your army of drones. It can be jammed with intentional interference, but control cannot be taken over without Hard Math.)

(Also: Although it doesn't seem like it these days, one can send an awful lot of Real Data in a short time at 9,600bps.)

How To Hijack UPS For $200 In Less Than 5 minutes

A gun.
Illegal will still be illegal.

So if you have a toy drone...

[Stewie241]

So if you have a toy drone you can take over other toy drones? Could be great fun at a toy drone party but I don't see how it has anything to do with law enforcement drones or Amazon drones.

I'm sure it would never cross the minds of intelligence agencies, law enforcement agencies or Amazon to authenticate the controller.

Warflying

[stewsters]

I have all those components except the parrotAr2 drone. Early Christmas present?

Re:Warflying

[unique_parrot]

I've sold my parrotAR2 because it is just a toy.
Limited range (even with router-wifi extender).
Even a walkera ladybug with fpv will give you more fun.

"High-power"?

[zooblethorpe]

The target range of the Skyjack drones is limited by the range of the WiFi card, but Kamkar said he uses a very powerful WiFi adapter called the Alfa AWUS036H, which produces 1000mW of power.

So this "very powerful" Wi Fi outputs 1000 milliwatts ... which equals one watt.

Am I missing something, or is this just bad reporting?

Re:"High-power"?

[Actually,+I+do+RTFA]

So this "very powerful" Wi Fi outputs 1000 milliwatts ... which equals one watt.

Am I missing something, or is this just bad reporting?

That's the highest power WiFi you can broadcast without violating FCC regulations. With a highly directional antenna, it should reach pretty far.

Re:"High-power"?

[aXis100]

Normal wifi transmitters are only 30mW - and can still achieve 10km using a high gain directional antenna. So yeah, 1W is pretty powerfull.

Security Vulnerability

[rmdingler]

"You keep using that word. I don't think that means what you think it means."

Re:Aquire a drone for even less?

Is it no longer stealing just because there's a cool hack involved?

Is anybody suggesting that it's no longer stealing just because there's a cool hack involved?

What I fear will happen

[mysidia]

If Amazon can make a drone to deliver packages ---- then someone else can make a drone to "tail" Amazon drones, and grab the package after delivery; taking it off to some prescribed location for reappropriation.

Re:What I fear will happen

[radish]

Or you could just, you know, walk down the street and pick up packages left by the UPS guy today.

I see this type of comment all the time and yet I get packages from Amazon left on my doorstep multiple times a week. They're left in plain view, just like the drone would, and in 5 years of living here I haven't lost a single one. Sure if I lived in a large city I might not have a doorstep to leave it on, but I get the impression they're aiming this plan pretty squarely at the suburbs, and package theft just doesn't seem to be an issue here.

Re:What I fear will happen

[hairyfish]

I'm pretty sure that the novelty of knocking a drone out of the sky will be a whole world more appealing to bored troublemakers than snatch and grabbing a driver/customer. I personally am looking forward to trying to take one of these out purely for a laugh. I'm sure I'm not the only one.

Re:What I fear will happen

[mysidia]

Or you could just, you know, walk down the street and pick up packages left by the UPS guy today.

You would look very suspicious if you did this, and there would be a great risk that a neighbor or homeowner would see you. Most packages left on a porch not requiring signature are not very valuable, so you would need many before it began to be worth it for the criminal ---- like winning the lottery, and the average criminal isn't going to think it's worth the high risk.

Drones may change the equation; since no one will think a drone carrying a package around is suspicious --- Amazon does it. The worst that happens is you lose a drone to seizure/interference, after picking up probably hundreds or thousands of packages.

One fun approach to the preservation of privacy

[PopeRatzo]

Three words: "Drone Knockout Game".

Re:How To Hijack UPS For $200 In Less Than 5 minut

[rmdingler]

Sure. But. The number of people willing to steal remotely is an order of magnitude greater than the number of people willing to do up close and personal armed robbery. Mira! A car analogy: It's like killing a person with your pickup instead of with a knife.

They are not remote controlled

[tusam]

The Amazon drones aren't even remote controlled, but autonomous http://youtu.be/6in-MZeeeGk?t=12m26s

(And even though there's probably some backup control channel and remote telemetrics it's very likely not wifi.)

Everything old is new again

[roc97007]

Ok, so hang on, In a previous life as a military contractor, I used to do this with 1980's technology. This (TFA) sounds like a cheap, brute force approach, that actually works fairly well. You overwhelm the subject with a much stronger signal, and depend on the receiver's automatic gain control to limit the amplitude, putting the "real" control signal down in the noise. You then have the drone's full attention.

The usual countermeasure is to encrypt the control signal. Then, you can still do a DOS (in today's terminology), but you can't get the drone to obey your commands.

The counter-counter measure to this is to break the encryption so you can control the craft. Flash back to those supercomputers that hobbyists were building by clustering lots and lots of game consoles. Just saying'.

Then, there's counter-counter-counter measures like hopping between frequencies and so forth, but for every technique there's a counter-technique, and I suspect computers have gotten fast enough to analyze tricky incoming signals and mimic them fairly quickly.

Someone brought up GPS -- Amazon's little copters can't be hacked because they're autonomous, using GPS for navigation. Well guess what -- GPS is just another signal. As we learned in the middle east, it is possible to spoof those signals and get a drone to land in a place it didn't expect.

The counter to *that* is inertial guidance. But realistically, Amazon and most government agencies probably won't have the budget for that.

Optical guidance? (and optical surveillance in general) Green lasers with automated tracking and aiming triangulating by noise, or emitted RF, or visual recognition. Anyone with robotics experience should be able to at least theorize a solution.

Wow, the next few years are going to be *fun*.

Re:Everything old is new again

[drinkypoo]

The counter to *that* is inertial guidance. But realistically, Amazon and most government agencies probably won't have the budget for that.

An off-the-shelf IMU costing less than $100 as a completed product gives you enough information to tell if your position is shifting in the way that the GPS claims, with a little software trickery. You can certainly detect something like that, and then start retracing your steps. One or two retries and the drone just flies home.

Re:Everything old is new again

[roc97007]

I'm not interested in people who do it for laughs. (Although, there will probably be some who do it just to see what kind of chaos they can create. The same morons who point laser pointers at commercial aircraft.) As soon as the profit/risk ratio is favorable, someone will do it, either to acquire the cargo, acquire the craft itself, or prevent the craft from doing whatever it was trying to do. Just pointing out that there are known techniques.

Re:Everything old is new again

[roc97007]

The counter to *that* is inertial guidance. But realistically, Amazon and most government agencies probably won't have the budget for that.

An off-the-shelf IMU costing less than $100 as a completed product gives you enough information to tell if your position is shifting in the way that the GPS claims, with a little software trickery. You can certainly detect something like that, and then start retracing your steps. One or two retries and the drone just flies home.

I wasn't aware that IMUs had gotten that cheap. (I haven't done this stuff in many years.) But that just takes us to the next level, where IMU accumulated error and gradual GPS draw-off techniques are employed. More difficult, but still possible.

Re:Everything old is new again

[Overzeetop]

So you spoof the GPS to be within the dead reckoning band of the IMU and wind allowances (which can't easily be accounted for). It takes longer to hijack and transfer to a safe spot for collection, but not out of the bounds of possibility.

Re:Everything old is new again

[swillden]

The counter-counter measure to this is to break the encryption so you can control the craft. Flash back to those supercomputers that hobbyists were building by clustering lots and lots of game consoles.

If you use decent encryption in your counter measure, this counter-counter measure is useless. It doesn't matter even if the attacker has a cluster of real supercomputers.

Re:Everything old is new again

[AHuxley]

The US gov handed out a lot of old 'mil' tech (~small tanks, weapons systems) and drones to a lot of "small" cities over the past 10 years. With FAA approval now more understood the drones will soon be watching more regional ports, truck movements, airports and main roads 24/7.
A lot of groups doing 'import/export' work are going to be spending big on counter-counter measures to ensure their shipments are not tracked :)

Re:Everything old is new again

[Eskarel]

There are, but there's always a risk of this sort of thing, as has been pointed out delivery drivers aren't immune from theft either.

Re:Everything old is new again

[adolf]

Thank you for summing up the state of affairs. You've done better than most. :)

Inertial guidance isn't so far-fetched. Ridiculously-small accelerometers are getting mighty good, as are tiny gyroscopes (both of which can be found in many modern smartphones, sipping very little power indeed). Combine both of them with sufficient resolution, and you've got inertial guidance.

Combine that with other signals (constant transmitters of any type, including local TV and radio stations... even Wifi AP broadcasts are well-mapped in populated areas, and such maps can be trivially augmented with accumulated data collected by other drones in-flight) and an altimeter (also included on many new phones) and the system will be quite secure enough to drop off a package of goods in the absence of GPS.

It will be computationally-expensive, but low-power CPUs are increasingly ridiculously fast, and software-defined radios ridiculously easy, and solid-state storage density keeps getting better. A drone could have its own map of how the RF landscape looks, and follow it to the target without any GPS at all, and the energy required to do so would be dwarfed by the energy required to simply keep the thing aloft.

With all of these data inputs and the energy required to survey, triangulate, and use, any intentional jamming ("DOS") will have to be tailored to the specific area of operation: This makes an out-of-the-box solution impossible.

And that jamming device (or devices) will be very easy to locate, given one or more clueful person, a suitable directional antenna, the most modest of spectrum analyzers, and drivers to ferry them about.

And since Amazon's drone proposal is not a wartime mechanism, the findings can be simply reported to LEO to take care of it. It's not the end of the world if someone's diaper delivery winds up on some miscreant's stoop instead, or if the service is down for a few hours while a bunch of jack-booted thugs ("police") find and disable the ridiculously well-honed jamming device.

In summation: Sensors are cheap enough and there is enough RF floating around in the populated areas of the US where drone delivery could ever be a viable option, that low-altitude drone navigation ought to be a very secure system by default, GPS availability or not. You'd have to jam everything at once (a spark gap can do that), but you'll be easy to find.

And detecting GPS falsing is easy, too: "Hmm. GPS says I'm here, but most of the other indications are that I'm way the hell over there. I'll trust the other sensors, since GPS is obviously not working." (The same works in the opposite direction, too.)

Re:Everything old is new again

[roc97007]

Jeeze, calm down. Yes, the satnav in my truck also has rudimentary inertial guidance. It has an electronic compass and is aware of the truck's speed, and doesn't have to deal with altitude. It also tends to be "sticky" to roads, assuming that you must be on the nearest road even if the guidance indicates you're driving through a field. (And sometimes it gets it wrong.) As a current military contractor, you know about accumulated error in inertial guidance systems -- it just takes longer and is more difficult to draw off. It then becomes a question of escalation, until cost/reward becomes unfavorable for one side or another.

But why are you so shocked that someone would spoof GPS? TFA talks about hijacking a drone. What part of "hijacking" do you think might be legal?

Re:Everything old is new again

[roc97007]

There are, but there's always a risk of this sort of thing, as has been pointed out delivery drivers aren't immune from theft either.

Absolutely true, as anyone who delivers pizzas for a living can tell you. I wonder if part of the equation might be that the penalty for stealing/destroying a drone may be less than robbing/injuring a human? (Probably true, as long as the drone is non-military.)

Re:Aquire a drone for even less?

If someone is flying a drone that's programmed to follow any unauthenticated instructions broadcast to it from anyone, and someone takes the drone up on that offer and broadcasts instructions to it, what are they doing wrong?

What the hell?

[BringsApples]

“The only security on the Parrot drones is that when the owner is connected to it, no one else is able to control it. This is why I need to use a wifi chipset that allows me to inject packets as I need to exploit wifi and deauthenticate the true owner who is controlling it,” Kamkar said.

So I've gotta ask, what would stop someone from doing this same thing on either side. On one side, you've got those that could hijack your parrot using the same tactics that you are using to hijack the drone. On the other side, whatever you do to protect your parrot, could be implemented to protect the drone, right? Am I missing something? Also, what's to stop parrots from buzzing around doing the same "evil" that Google did with wireless routers.

Re:Aquire a drone for even less?

[Garridan]

Your honor, the child entered my van of its own volition, and received the free candy that it sought. What did I do wrong?

Sending instructions? Nothing (on the surface) wrong with that... but the content of those instructions is crucial to an ethical evaluation of them. Steal a drone / kidnap a kid? Bad. Make the drone do a little dance upon delivering a package / teach the kid a funny joke? Not bad.

$400?

[gallondr00nk]

You can do it for less than that. Just use a fishing net with a very long pole.

CAPTCHA: patience.

Re:Guns.

[Garridan]

Obligatory

Re:Here we go...

[craigminah]

They'll only outlaw "assault drones", regular drones with the same capabilities as assault drones but who look less scary will be legal.

Drone wars

[Wolfling1]

Begun the drone wars have

Re: Here we go...

[Badblackdog]

If you like your drones... You may keep your drones...

Re:Here we go...

[slick7]

They'll only outlaw "assault drones", regular drones with the same capabilities as assault drones but who look less scary will be legal.

Says the CIA (Criminals In Action).

Re:Guns.

[Macgrrl]

Someone beat you to it already.

magnetron

[codepunk]

Microwave oven magnetron and a small parabolic dish wifi antenna and all your drone belong to me.

Re:Much ado about nothing

[pepty]

Posted 4 hrs before this story:

RF Safe-Stop Shuts Down Car Engines With Radio Pulse

As the vehicle entered the range of the RF Safe-stop, its dashboard warning lights and dials behaved erratically, the engine stopped and the car rolled gently to a halt. Digital audio and video recording devices in the vehicle were also affected.''It's a small radar transmitter,' said Andy Wood, product manager for the machine. 'The RF [radio frequency] is pulsed from the unit just as it would be in radar, it couples into the wiring in the car and that disrupts and confuses the electronics in the car causing the engine to stall.'"

Should do the trick for the encrypted ones.

WHO-HOO!!!

[grep+-v+'.*'+*]

... if the drone would be smart enough to land on pavement or miss entirely and drop packages on a customer roof or balcony

I've *ALWAYS* wanted to call up Domino's / Pizza Hut and say, "I'm traveling down the freeway -- deliver a large pizza to me." And with a (fast enough) drone flying beside me, now I can!

Finding me in real time is no problem anymore -- just ask my phone's GPS or bug(!) the NSA. I'm sure those taps in the data center are all BI-directional.

After all, what's a few packet swaps between friends?

Re:Here we go...

[davester666]

These are not the drones you are looking for?

Re:Aquire a drone for even less?

[nightsky30]

Very well put.

WooHoo! Sky Pirates finally arrive!

[DaveV1.0]

No airships but steam/diesel punk is bleeding into the real world!

Re: Aquire a drone for even less?

Spooning your brother?

They're going to need to Cam and Arm those thangs

[gx5000]

A slingshot with a scope will be much cheaper and I dare say more in use by the time these things go up....

Misleading...

[g0bshiTe]

The author is giving misleading statements. What he's done is hacked a Parrot, this is not the type of drone nor system Amazon is likely to use. In fact what they showed in their video doesn't use a Wifi connection at all. It uses 2.4 ghz wireless that has automatic rolling channels to eliminate the possibility of squelching anothers frequency. The transmissions from drone to controller are also encrypted.

Re:It's a joke.. I built a drone. flight times.. L

[g0bshiTe]

I fly with a bunch of guys that build quads - multis etc. Not one uses gps that could be fooled short of overriding the gps entirely, even then the pilot is as you said on the sticks. One guy I fly with build an octo for DARPA, I dare say that thing is bullet proof.

DR Garage

[Dareth]

I want to know who this DR Garage is! He signs for all of my UPS deliveries!

Re:Here we go...

[iamhassi]

It may look less scary and be legal but if a drone can carry a 5 lbs package it can carry five 14 ounce fragmentation hand grenades.

Re:Here we go...

[RockDoctor]

A pound is 14 ounces?

Actually, I'll have to go and check that now ... or would if I cared about a defunct measurement system that I don't actually have to deal with weights in - just measures. Is it 12 or 16 ounces to the pound. Or drachams to the goat, or something? 14 stones to the pound? Insane.