Risk Assessment / Security & Hacktivism Flying hacker contraption hunts other drones, turns them into zombies

Technica – by Dan Goodin

Serial hacker Samy Kamkar has released all the hardware and software specifications that hobbyists need to build an aerial drone that seeks out other drones in the air, hacks them, and turns them into conscripted army of unmanned vehicles under the attacker’s control.

Dubbed SkyJack, the contraption uses a radio-controlled Parrot AR.Drone quadcopter carrying a Raspberry Pi circuit board, a small battery, and two wireless transmitters. The devices run a combination of custom software and off-the-shelf applications that seek out wireless signals of nearby Parrot drones, hijack the wireless connections used to control them, and commandeer the victims’ flight-control and camera systems. SkyJack will also run on land-based Linux devices and hack drones within radio range. At least 500,000 Parrot drones have been sold since the model was introduced in 2010.  

Kamkar is the creator of the infamous Samy worm, a complex piece of JavaScript that knocked MySpace out of commission in 2005 when the exploit added more than one million MySpace friends to Kamkar’s account. Kamkar was later convicted for the stunt. He has since devoted his skills to legal hacks, including development of the “evercookie,” a highly persistent browser cookie with troubling privacy implications. He has also researched location data stored by Android devices.

SkyJack made its debut the same week that Amazon unveiled plans to use drones to deliver packages to customers’ homes or businesses.

“How fun would it be to take over drones, carrying Amazon packages… or take over any other drones, and make them my little zombie drones,” Kamkar asked rhetorically in a blog post published Monday. “Awesome.”


SkyJack works by monitoring the media access control (MAC) addresses of all Wi-Fi devices within radio range. When it finds a MAC address belonging to a block of addresses used by Parrot AR.Drone vehicles, SkyJack uses the open-source Aircrack-ng app for Wi-Fi hacking to issue a command that disconnects the vehicle from the iOS or Android device currently being used to control and monitor it. Operators of the flying hacker drone are then able to use their own smart device to control the altitude, speed, and direction of the hijacked drone and to view its live video feeds.

At the moment, SkyJack is engineered to target a small range of drones. That’s because it’s programmed to take over drones only if their MACs fall inside an address block reserved by Parrot AR.Drone vehicles. If the MAC falls outside that range, SkyJack takes no action at all. But the software is built in a way to easily target other types of drones that have communication systems that are similar to Parrot. That means a much broader range of devices may be susceptible to radio-controlled hijacking if they fail to adequately secure their connections.



3 thoughts on “Risk Assessment / Security & Hacktivism Flying hacker contraption hunts other drones, turns them into zombies

  1. Great, now we’re gonna have police extort more of our taxpayers money policing the drones from other drones and creating new laws and regulations that we never had nor needed before. This will be used as an excuse to come up with more police state control over us. Who is funding this invention and why haven’t they arrested this hacker? This seems like controlled opposition.

    Talk about creating a problem and then creating another problem based on the first problem you created. Why don’t we just get rid of the root problem all together which is the drone itself. I know, that would be too easy, now wouldn’t it?

    1. I have my own UAV/autonomous drone. The guy you think is controlled opposition is a great guy. People like him are going to be indispensable in the near future.
      I have to agree/point out that approx. 25% of the ‘hacker'(term used loosely) community has been co-opted by the feds in deals that have kept them out of gaol. A lot are rabid anti-authoritarians and would rather die than submit.

      1. Hackers are nothing more than somebody that has nothing better to do than to snoop into and hack into somebodies buiness to satisfy their perverted dirty little minds which is why most “hackers” are govt. employed.

Join the Conversation

Your email address will not be published. Required fields are marked *