All News | Boards | Chips | Devices | Software | Archive | About | Contact | Subscribe
Follow LinuxGizmos:
Twitter Facebook Pinterest RSS feed
*   get email updates   *

Linux drone hijacks other drones in mid flight

Dec 5, 2013 — by Eric Brown 3,870 views

After Amazon tipped plans to build delivery drones, hacker Samy Kamkar unveiled a SkyJack drone designed to hijack them with an AR.Drone and a Raspberry Pi.

When Amazon CEO Jeff Bezos went on 60 Minutes last Sunday to show a prototype of a drone Amazon plans to use for a new Prime Air delivery service, hacker Samy Kamkar wasted no time in linking Amazon’s drone to his own design for a SkyJack drone that could hijack it. The Linux-based hack, which was released with source code, is not Amazon specific in anyway, but is designed to de-authenticate any client linked to the WiFi-equipped drone and then take control of navigation and camera functions. Not only could you hijack an Amazon delivery drone — holiday shopping made easy! — but create “an army of zombie drones under your control,” says Kamkar.

Amazon drone prototype
(click image to enlarge)


Kamkar is best known for creating the JavaScript-based Samy worm that hornswaggled MySpace back in 2005. According to an Ars Technica report on SkyJack after Kamkar spent time in jail over the hack, he has gone legit, developing a persistent “evercookie,” among other innovations.


AR.Drone 2.0

The SkyJack drone is a modified Linux-equipped Parrot AR.Drone 2.0 quadrocopter that adds a similarly Linux-based Raspberry Pi SBC. Other components include a USB battery, an Alfa AWUS036H wireless transmitter, and an Edimax EW-7811Un wireless adapter. Another ground-based version of the design uses a Raspberry Pi or Linux PC on its own that Kamkar says can also “jack drones straight out of the sky.”

Kamkar and his flying SkyJack pirate ship
(click image to enlarge)


The SkyJack application is a mostly perl-based program that runs the Aircrack-ng WiFi WEP and WPA-PSK cracking program. The software detects all nearby wireless networks and clients, and deactivates any clients connected to Parrot AR.Drones. Presumably, a version could be created that can detect any known WiFi-based drone. Once the target drone’s clients are de-authenticated, the program connects to the drone as its owner. Next, node.js and node-ar-drone apps are used to control the zombie drones.

Video demo of SkyJack


Amazon offered few details on its planned drones, which face hurdles such as the need for less restrictive rules from the FAA. Some have argued the drones are still too expensive and limited in range to make them cheaper than truck deliveries, while others have cited safety concerns. Then there’s the security problem. Amazon will no doubt use something more robust than WEP for security, although if it involves physical shielding that could add to the weight and price. As it is, the drones are expected to be limited to five pound loads.

Amazon didn’t mention whether the drones would run Linux. However, considering the company’s widespread use of Linux or Android in Kindle devices, it certainly seems feasible.

Will Google bring Android to robots?

Amazon isn’t the only tech giant with robotic dreams. This week, the New York Times interviewed former Android chief Andy Rubin, who has been working on an unnamed Google “moonshot” project since earlier this year. The project plans to build manufacturing and logistics robots, said Rubin.

No details or OS was mentioned, but a combination of Android with the open source Robot Operating System (ROS) appears to be likely. Google has already acquired seven companies, most of which are linked to ROS-based robotics, including Japanese robotics startup Schaft.

Assuming the robots offer WiFi, Kamkar may well come up with a hack for the Google bots, as well. That way, his zombie air force would have a zombie army to keep it company. Toss in some commandeered OpenROVs and ASV Roboat autonomous sailboats, and Kamkar could conquer the world by air, by land, and by sea.

(advertise here)

Print Friendly, PDF & Email

Please comment here...