SkyJack Hacker Develops Zombie-Making Drone

SkyJack Hacker Develops Zombie-Making Drone

Samy Kamkar asks, wouldn't it be great to hijack Amazon's delivery drones?

"How fun would it be to take over drones, carrying Amazon packages," asks SkyJack creator Samy Kamkar, "or take over any other drones and make them my little zombie drones?" Kamkar would know, as his SkyJack can intercept Parrot drones mid-air and take over flight control and cameras, turning the victim into a zombie. See the video to make all your robot army nightmares come true!

The Parrot drone is one of the more popular commercial makes, with over 500,000 sold since its 2010 launch. The attacker need have no prior knowledge of the victim, since Parrots support no encryption and have to be controlled via an open network. They're even required to use specific MAC addresses, all of which are publicly available online. That makes them easy targets.

Kamkar has already published SkyJack's hardware and software specs online. If you're wondering where you've heard the name Samy Kamkar before, he created the Samy XSS worm that smacked MySpace, back in 2006. That exploit earned Kamkar a visit from the Secret Service, and he later pled out on a felony charge.

"SkyJack also works when grounded as well, no drone is necessary on your end for it to work," says Kamkar. "You can simply run it from your own Linux machine/Raspberry Pi/laptop/etc and jack drones straight out of the sky." Amazon must be thrilled.

Source: Ars Technica

Permalink

This is why we can't have nice things...God I hate humanity.

So... he was visited by the Secret Service for committing a cyber-crime. Now he is producing videos showing other forms it can take? A bright man when it comes to technology, but perhaps not that "street smart". Even if he hasn't committed a crime, he is no doubt going to be on a couple of agencies radars.

I am surprised about this part though:

The Parrot drone is one of the more popular commercial makes, with over 500,000 sold since its 2010 launch. The attacker need have no prior knowledge of the victim, since Parrots support no encryption and have to be controlled via an open network. They're even required to use specific MAC addresses, all of which are publicly available online. That makes them easy targets.

That seems a rather bizarre decision, considering it is exactly what makes hacking them so easy. If they are easily hackable then they are pretty worthless unless in a controlled/private area.

While two articles on the same topic in the same day would be self-indulgent, it's worth pointing out that, according to the New York Times, Google hopes to put together its own drone package delivery service.

http://www.nytimes.com/2013/12/04/technology/google-puts-money-on-robots-using-the-man-behind-android.html?pagewanted=all&_r=2&

Micalas:
This is why we can't have nice things...God I hate humanity.

Although to be fair, pointing it out now might actually be helpful as opposed to taking them over once these programs go live. One would hope that these security concerns get fixed well before this becomes an issue.

For anyone wanting to get really freaked out by this, just watch Castle, Season 5 Episode 23. All your drones are belong to us.

Amazon should be thanking this guy, if hacking those drones is really as easy as he's saying it is. He's given them warning of the issue before they launch their drone fleet, instead of just letting their whole first batch of packages get stolen by hackers.

I would assume the US military's drones have some kind of encryption on their signals to protect them, otherwise enemies would already be hacking them.

Well now, that seems like a massive oversight. How does stuff as obvious as this still keep happening?

Matt K:

Although to be fair, pointing it out now might actually be helpful as opposed to taking them over once these programs go live. One would hope that these security concerns get fixed well before this becomes an issue.

This.

It's infinitely better to have this happen now than later down the line when costs to rectify the problem are much higher, and customer satisfaction is on the line.

Micalas:
This is why we can't have nice things...God I hate humanity.

Considering that he's just applying publically available information to do this, it really isn't that bad. The drones his thing targets explicitly have no protection against being hacked, as they're remote controlled over wireless network on a specific address with no encryption or validation of the signal. His program is script-kiddy stuff. All it does is spoof control signals with a laptop. It's not some big scary hack.

Any half-decent security setup on Amazon's drones would beat this. It's very, very unlikely a company the size of Amazon hasn't thought of that.

That said, this kind of thing is kinda inevitable for Amazon's drone, just by the nature of computer security. There's no such thing as a hackproof system; the best you can hope for is to make it too much of a pain to be worth the effort. Amazon may or may not be capable of that, but I fully expect there to be at least a few incidents where skilled hackers manage to hijack Amazon's drones and steal the package they're carrying. It won't be common by any means (most likely, it's always possible Amazon really will be dumb enough not to secure their drones), but it's the next best thing to guaranteed to happen. We shall have to see.

XMark:
Amazon should be thanking this guy, if hacking those drones is really as easy as he's saying it is. He's given them warning of the issue before they launch their drone fleet, instead of just letting their whole first batch of packages get stolen by hackers.

I would assume the US military's drones have some kind of encryption on their signals to protect them, otherwise enemies would already be hacking them.

Actually the US drones aren't fully encrypted, for some strange reason it doesn't seem to be taken seriously yet. Source:
https://www.google.com.au/url?sa=t&source=web&rct=j&ei=jQigUuiXFaWniQLSkYCYBg&url=http://m.tgdaily.com/security-brief/67192-report-pentagon-fails-to-encrypt-drone-transmissions&cd=2&ved=0CDEQFjAB&usg=AFQjCNHBha5-Hg6T0t5ypE9XNZfPtGY53A&sig2=_9HDO2uE8DpUYT5HeNJAjg

Ofcourse control of the aircraft probably is but there's still an opening for a hacker.

How could something like this ever be released without massive amounts of security?

A flying piece of tech is the last thing you'd ever want to be hacked, so the fact that they have low security is baffling.

Click baiting again I see. Come on Escapist you're better than this come on.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here