Hacker Posts Drone-Hijacking App as Freeware

Slash Dot – by Kevin Fogarty

Unmanned aerial vehicles (UAVs) have passed a milestone on the road to maturity of any new digital technology: they can now be hacked and taken over by strangers while still carrying markers that make it look as if they’re operating under directions from their proper owners.

Convicted hacker Sammy Kamkar announced on his personal blog Dec. 2 that he’d programmed a Parrot AR.Drone 2 WiFi-controlled quadricopter to patrol an area autonomously, searching for other drones, then hack and take over their control software using a battery of tools installed on a Raspberry Pi Kamkar installed on the drone.  

Kamkar (a security and privacy researcher banned for three years from using computers, after a hacking conviction following his release of an XSS worm that took down MySpace in 2005) was inspired to build a war-flying drone after reports that Amazon was planning to launch a fleet of its own drones to deliver packages, under the service name Amazon Premium Air.

“Cool!” Kamkar wrote. “How fun would it be to take over drones carrying Amazon packages… or take over any other drones and make them my little zombie drones. Awesome.”

The hack is more exciting if it can be carried out by a drone acting as agent provocateur, but the Skyjack software Kamkar wrote to do the job works just as well without its own aerial component. “You can simply run it from your own Linux machine/Raspberry Pi/laptop/etc and jack drones straight out of the sky,” Kamkar wrote.

SkyJack, Kamkar’s drone-hacking software, includes the wireless-hacking freeware aircrack-ng to run the drone’s WiFi card, and two control libraries called node.js and node-ar-drone to take control of the cracked drones.

SkyJack itself is a Linux-based perl application that detects wireless networks and clients and de-authorizes any client software connected to Parrot AR drones. SkyJack then connects to the disconnected drone and lists itself as the owner so Kamkar can take control using node.js and node-ar-drone.

The SkyJack software is available on GitHub, along with some instructions, a video of Kamkar and his war-flying Parrot in action, and a request that downloaders only skyjack drones that have not already been skyjacked by another drone cracker.

The current version can only hack other Parrot AR.Drones.

As quick and mainstream as Kamkar’s hack on Amazon-drone lookalikes, it is far from the highest-impact drone hack.

In 2009, the U.S. Air Force admitted Iraqi insurgents had hacked the Remotely Operated Video Enhanced Receiver (ROVER) created to give U.S. troops access to live video from patrolling U.S. drones, giving the insurgents as good or better access to those videos as U.S. troops.

Most of the resulting outrage focused on the potential for enemies to patch in to U.S. military intelligence feeds, but the hack was bigger than just getting a few videos from drones. ROVER was installed in almost every U.S. military aircraft flying over Iraq, giving insurgents a direct tap into their video streams as well.

The Taliban is suspected of having hacked the navigation controls on a German drone that crashed over Afghanistan in 2002.

Iranian officials claimed in 2011 they had hacked the controls of a U.S. RQ-1790 Sentinel stealth drone that crashed during a covert surveillance mission over Iran as well.

In 2011, keyloggers spread by a virus made it theoretically possible for hackers to take over the controls of U.S. Predator and Reaper UAVs armed with not only cameras, but Hellfire missiles, raising the stakes in the drone-hacking war.

Israeli news outlets have also reported that at least one of the four advanced Israeli Hermes-450 drones that crashed during the past two years was downed due to hacks against its navigation system.

Kamkar’s hack is fairly innocent by comparison, but marks the first successful hack against a type of drone being touted by a major corporation as an asset to be mass-produced and put into service by the thousands – making easily hackable fliers as potentially common as UPS delivery trucks.

Security is one of the issues the FAA is considering in debates over whether unregulated flying drones should be allowed to operate within the United States. No firm regulations are expected from the FAA until 2015, according to a Dec. 3 story from Reuters.

http://slashdot.org/topic/datacenter/hacker-posts-drone-hijacking-app-as-freeware/

2 thoughts on “Hacker Posts Drone-Hijacking App as Freeware

  1. This is great news. This is the kind of technology we need to combat these deadly machines, without which drones may be a war-winning weapon in a SHTF scenario. Hopefully if the US or Israel get too snotty with Iran then Iran will upload to the web all they’ve learned about the US drone program, and we can home-produce even more counter measures.

    Uncle Sam you are bad news. Like any intestinal worm the world has got to shit you out you dirty stinking fascists.

Join the Conversation

Your email address will not be published. Required fields are marked *


*