Machinedesign Com Sites Machinedesign com Files Uploads 2013 12 Hacker

You knew this was coming: Hacker figures out how to skyjack drones

Dec. 9, 2013

It had to happen. A noted hacker now claims he can highjack simple drones and get control of them. Samy Kamkar, a privacy and security researcher perhaps best known for creating the Evercookie, a nearly-impossible-to-delete web browser cookie, says he uses a Parrot AR.Drone 2 to fly in the vicinity of the drone target. This quadcopter, widely available for about $200, looks for the wireless signal that is used to control the target drone, then disconnects the wireless connection and pretends to be the owner.

Lee Teschler

It had to happen.

A noted hacker now claims he can highjack simple drones and get control of them. Samy Kamkar, a privacy and security researcher perhaps best known for creating the Evercookie, a nearly-impossible-to-delete web browser cookie, says he uses a Parrot AR.Drone 2 to fly in the vicinity of the drone target. This quadcopter, widely available for about $200, looks for the wireless signal that is used to control the target drone, then disconnects the wireless connection and pretends to be the owner.

skyjack youtube video

Other components in Kamkar's highjacking system include a Raspberry Pi, a USB battery, and a wireless transmitter. He also uses some freely available hacker software, including a WEP and WPA-PSK key cracking program that can recover keys once enough data packets have been captured. Also used is a program called SkyJack that Kamkar developed himself.

SkyJack also works when grounded as well, no drone is necessary on your end for it to work. You can simply run it from your own Linux machine/Raspberry Pi/laptop/etc. and jack drones straight out of the sky," says Kamkar on his web site.

Kamkar says he wrote SkyJack primarily in Perl. The key cracking program puts the WiFi card into monitor mode, at which point it detects all wireless networks and clients around, deactivates any clients connected to Parrot AR.drones, connects to the now free Parrot AR.Drone as its owner, then uses freeware control software to control the targeted drones.

Kamkar says he detects drones by seeking out any wireless connections from MAC addresses owned by the Parrot company.

Kamkar's scheme works with Parrot drones because these devices actually launch their own wireless network through which the owner connects to the drone. Kamkar's hack takes over by deauthenticating the owner, then connecting back in and exploiting the fact that the wireless connection temporarily went down. Thus, the idea won't work with drones that don't use the same communication scheme or which use encrypted messaging.

About the Author

Lee Teschler | Editor

Leland was Editor-in-Chief of Machine Design. He has 34 years of Service and holds a B.S. Engineering from the University of Michigan, a B.S. Electrical Engineering from the University of Michigan;, and a MBA from Cleveland State University. Prior to joining Penton, Lee worked as a Communications design engineer for the U.S. Government.