Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Hijack a Drone For $400 In Less Than an Hour

Posted by Soulskill on from the step-1:-buy-$400-shotgun dept.

Trailrunner7 writes "The skies may soon be full of drones – some run by law enforcement agencies, others run by intelligence agencies and still others delivering novels and cases of diapers from Amazon. But a new project by a well-known hacker Samy Kamkar may give control of those drones to anyone with $400 and an hour of free time. Small drones, like the ones that Amazon is planning to use to deliver small packages in short timeframes in a few years, are quite inexpensive and easy to use. They can be controlled from an iPhone, tablet or Android device and can be modified fairly easily, as well. Kamkar, a veteran security researcher and hacker, has taken advantage of these properties and put together his own drone platform, called Skyjack. The drone has the ability to forcibly disconnect another drone from its controller and then force the target to accept commands from the Skyjack drone. All of this is done wirelessly and doesn't require the use of any exploit or security vulnerability."

28 of 161 comments (clear)

  1. No, this will not work on Amazon's drones. by Anonymous Coward · · Score: 5, Insightful

    In TFA he is hacking a Parrot AR wifi drone. If Amazon ever gets off the ground (ahem) with their drones, they will likely be autonomous, using GPS to guide them to their location. Monitoring and flight plan changes would likely occur by satellite as well. That's not to say that they are immune from attack, but none of the types of drones described in the summary (law enforcement, intelligence agencies, Amazon) are going to be susceptible to his attack.

  2. Without a security vulnerability? by sheetsda · · Score: 5, Insightful

    "All of this is done wirelessly and doesn't require the use of any exploit or security vulnerability"

    "...detects the wireless signal sent out by a target drone, injects WiFi packets into the target’s connection, de-authenticates it from its real controller and then authenticates it to the Skyjack drone"

    Uhh... for what definition of "security vulnerability" is this not a "security vulnerability"?

    1. Re:Without a security vulnerability? by plover · · Score: 2, Interesting

      A security vulnerability implies that at some level, there had to have been the faintest vague attempt at being secure.

      He exploited a vulnerability, to be sure, but he seems uncomfortable calling it a security vulnerability.

      --
      John
  3. No vulnerabilities? Really? by Anonymous Coward · · Score: 4, Insightful

    All of this is done wirelessly and doesn't require the use of any exploit or security vulnerability.

    Between me and the author of this sentence, I think we have two different definitions of "security vulnerability".

  4. Simple: just turn off the wireless by Neo-Rio-101 · · Score: 4, Interesting

    For something like Amazon's purported drones... all you'd have to do is to hardcode the delivery address and HQ into the drone before flying, and make sure it doesn't accept any incoming signals by turning the wireless off. Now, if we want to talk about trying to get the drone's GPS systems confused, that would be something else! (Actually I'm still wondering if the drone would be smart enough to land on pavement or miss entirely and drop packages on a customer roof or balcony.)

    --
    READY.
    PRINT ""+-0
    1. Re:Simple: just turn off the wireless by Zwergin · · Score: 3, Interesting

      (Sorry, did not realize I was not signed in. ) It would likely be a Destination Landing Pad. I suspect the optimal setup would be a subscription service, and the landing pad would be part of the subscription. ~Zwergin

    2. Re:Simple: just turn off the wireless by Fnord666 · · Score: 3, Funny

      Actually I'm still wondering if the drone would be smart enough to land on pavement or miss entirely and drop packages on a customer roof or balcony

      Hopefully they don't use the code that delivers care packages in Call of Duty then.

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
    3. Re:Simple: just turn off the wireless by rk · · Score: 4, Insightful

      DGPS can get 10cm resolution if done right, and DGPS coverage is not a problem for most residences in the US and certainly not in the areas I'm sure Amazon will pilot (no pun intended) this system. Vision systems are getting more sophisticated and can probably find the front door reliably with sufficient accuracy once on the scene. I'm curious to know how it will handle apartments, though.

    4. Re:Simple: just turn off the wireless by Dan541 · · Score: 3, Funny

      I'm curious to know how it will handle apartments, though.

      A cannon to launch the parcel through the window?

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    5. Re:Simple: just turn off the wireless by adolf · · Score: 2

      Apartments are easy! Just drop it on the communal stoop, wait for someone to steal the package, and send an SMS alert about "successful delivery" some hours later.

      Just like it works right now, with UPS, USPS, FedEx [...].

      (Speaking of SMS delivery alerts: A decade or more ago, I was getting delivery alerts in near real-time to my (then) fancy-pants alphanumeric pager (via SMTP). I'd greet the driver at the door, and usually by the time I was unboxing the stuff my pager would go off.

      What happened to the timeliness of this stuff? It's been terrible for the past few years.)

      --
      Kid-proof tablet..
  5. Arrr! by RDW · · Score: 2

    Finally a method of DVD piracy that the DMCA can't touch!

  6. Stealing an Amazon Drone by Metabolife · · Score: 2

    What's to stop someone from forcefully taking down an Amazon drone, then placing it into a Faraday cage while they disassemble it and get the free hardware?

    1. Re:Stealing an Amazon Drone by umafuckit · · Score: 3, Insightful

      What's to stop someone from forcefully taking down an Amazon drone, then placing it into a Faraday cage while they disassemble it and get the free hardware?

      The fact that it's vapourware and will never see active service?

      --
      soylentnews.org
    2. Re:Stealing an Amazon Drone by Anonymous Coward · · Score: 5, Insightful

      a truck driver

    3. Re:Stealing an Amazon Drone by physicsphairy · · Score: 2

      Jeff Bezos circling above in an Apache attack helicopter.

      --
      When things get complex, multiply by the complex conjugate.
    4. Re:Stealing an Amazon Drone by hairyfish · · Score: 2, Funny

      There's is a whole order of magnitude more effort involved in hijacking and stealing a truck than knocking a drone out of the sky. Especially since an unexpected drone crash is a very high risk anyway. If I see one of these things I'll be hitting tennis balls at them purely for shits and giggles. If they happen to be in the way of my game of backyard cricket then fuck them.

  7. Skyjack only works for WiFi drones! by cciRRus · · Score: 4, Informative

    While pro-grade multicopters like those to be deployed by Amazon operate at 2.4GHz, they do not use WiFi as their radio system! Typically, these multicopters are fitted radio systems such as Futaba, JR, Spektrum or 9X, and therefore Skyjack will not be able to take them down.

    --
    w00t
    1. Re:Skyjack only works for WiFi drones! by drinkypoo · · Score: 2

      and the drone will handle *every* control aspect from there on out, as it should.

      I don't think so. I think they'll plot the entire route, waypoint by waypoint, down to delivery of the actual package. The drone will do waypoint following and collision avoidance, but that's it. That's a lot cheaper in terms of power budget, because your drone doesn't have to be quite so clever.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  8. Law Enforcement Drones? by codegen · · Score: 3, Insightful

    The articles describe a wifi hack. Last I checked wifi has a range of 300 feet. There are some ways in which this can be extended to several miles but that involves large (i.e. 10ft) antennas. If you honestly think that law enforcement and amazon are using wifi to control their drones then I think you need to look a bit closer.

    --
    Atlas stands on the earth and carries the celestial sphere on his shoulders.
    1. Re:Law Enforcement Drones? by codegen · · Score: 2

      My distance was off. I was thinking of the 125 mile shot that used two 12ft dishes. (http://www.davemoorecomputers.com/Wifi-Shootout-Archives/Website-05/index.html) The article mentions the Amazon drones. They are intended operate in a 10 mile radius. You aren't going to do that with wifi.

      --
      Atlas stands on the earth and carries the celestial sphere on his shoulders.
  9. What I fear will happen by mysidia · · Score: 2

    If Amazon can make a drone to deliver packages ---- then someone else can make a drone to "tail" Amazon drones, and grab the package after delivery; taking it off to some prescribed location for reappropriation.

  10. Everything old is new again by roc97007 · · Score: 4, Insightful

    Ok, so hang on, In a previous life as a military contractor, I used to do this with 1980's technology. This (TFA) sounds like a cheap, brute force approach, that actually works fairly well. You overwhelm the subject with a much stronger signal, and depend on the receiver's automatic gain control to limit the amplitude, putting the "real" control signal down in the noise. You then have the drone's full attention.

    The usual countermeasure is to encrypt the control signal. Then, you can still do a DOS (in today's terminology), but you can't get the drone to obey your commands.

    The counter-counter measure to this is to break the encryption so you can control the craft. Flash back to those supercomputers that hobbyists were building by clustering lots and lots of game consoles. Just saying'.

    Then, there's counter-counter-counter measures like hopping between frequencies and so forth, but for every technique there's a counter-technique, and I suspect computers have gotten fast enough to analyze tricky incoming signals and mimic them fairly quickly.

    Someone brought up GPS -- Amazon's little copters can't be hacked because they're autonomous, using GPS for navigation. Well guess what -- GPS is just another signal. As we learned in the middle east, it is possible to spoof those signals and get a drone to land in a place it didn't expect.

    The counter to *that* is inertial guidance. But realistically, Amazon and most government agencies probably won't have the budget for that.

    Optical guidance? (and optical surveillance in general) Green lasers with automated tracking and aiming triangulating by noise, or emitted RF, or visual recognition. Anyone with robotics experience should be able to at least theorize a solution.

    Wow, the next few years are going to be *fun*.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  11. Re:Aquire a drone for even less? by Garridan · · Score: 2

    Your honor, the child entered my van of its own volition, and received the free candy that it sought. What did I do wrong?

    Sending instructions? Nothing (on the surface) wrong with that... but the content of those instructions is crucial to an ethical evaluation of them. Steal a drone / kidnap a kid? Bad. Make the drone do a little dance upon delivering a package / teach the kid a funny joke? Not bad.

  12. $400? by gallondr00nk · · Score: 2

    You can do it for less than that. Just use a fishing net with a very long pole.

    CAPTCHA: patience.

  13. Re:Here we go... by craigminah · · Score: 2, Funny

    They'll only outlaw "assault drones", regular drones with the same capabilities as assault drones but who look less scary will be legal.

  14. Drone wars by Wolfling1 · · Score: 2

    Begun the drone wars have

  15. Re: Here we go... by Badblackdog · · Score: 4, Funny

    If you like your drones... You may keep your drones...

  16. magnetron by codepunk · · Score: 2

    Microwave oven magnetron and a small parabolic dish wifi antenna and all your drone belong to me.

    --


    Got Code?