Hacker Releases Software to Hijack Commercial Drones

amazon droneNo sooner had Amazon.com founder Jeff Bezos announced plans to deliver small packages via flying drone than a well known hacker has released technical plans for an interceptor drone able to hijack other drones.

“SkyJack,” says the creator claims on his website, can put “an army of zombie drones under your control.”

The man behind Skyjack is Samy Kamkar, who achieved a high level of infamy when he released a computer worm  seven years ago that temporarily took down the MySpace social networking site.

Bezos announced on the CBS News magazine “60 Minutes” on Dec. 1 his plans for Amazon Prime Air —in which the online retailer would deliver small packages within 30 minutes via drone. The website The Verge reported two days later that UPS also is looking into a drone fleet for rapid delivery.

A University of Texas, Austin, professor who last year showed the Department of Homeland Security that it is possible to take control of an unmanned helicopter said small commercial drones such as those sold in stores across the country are quite vulnerable to hacking.

But Prof. Todd Humpries told NBC News that Amazon would be more likely concerned about lawsuits from drone accidents than lost delivery craft.

“Amazon is an enormous company with deep pockets,” he told the network Dec. 4. “If somebody takes down one of their drones and keeps it in their garage as a trophy, or even takes down five drones, do you think Amazon is going to bat an eye? No. They’ll just send out another one.”

In a video on his website, Kamkar explains that the hunter drone “flies around looking for other drones. As soon as it finds any other drone it hacks into that drone’s wireless network, disconnects the owner and then takes over … and begins controlling them under my command.”

And if the hijacked drone is mounted with a working camera the hacker can view the video in real time, he said.

After being busted for the MySpace attack in 2005 Kamkar was barred from using computers for three years Kamkar, according to multiple news sources. Since then he has gone legit as a consultant hacker – using his skills to find weak points and flaws in corporate and government sites.

Turning other people’s drones into zombies requires a Parrot AR.Drone 2.0 quadricopter, which weighs less than a pound, a Rasberry Pi, a USB battery, an Alfa AWUSO36H wireless transmitter, aircrack-ng, nod-ar-drone, node.js and Kamkar’s SkyJack software, he says on his website.

It can work as well from the ground using land-based Linux devices, with a capability of hijacking drones within radio range, he claims.

About the Author

Bryant Jordan
Bryant Jordan is a reporter for Military.com. He can be reached at bryant.jordan@military.com. Follow him on Twitter at @BryantJordan.
  • Stan

    I welcome this individual’s efforts. Delivery by drones is a hairbrained idea and this makes it even more obvious.

    • Little Bill

      I knew it there is a flaw in there armor. Drones are venerable to cyber terrorist.

  • Lance

    Shows why Drones should NOT replace humans in both military and civilian jobs in the world. Proves this is all hype crap about robots again and how easy they can crash hacked or miss there route and get lost.

    • Bernard

      Not true at all, get out from your stone cave, open a recent book, and enter the 21st century. RF controlled drones are vulnerable to this, not the line of sight satellite controlled drones the military uses.

    • Hunter76

      This must be one of the most uninformed conclusions ever published in Defense Tech.

      If Amazon or any other big company gets into the drone delivery business, they’re not going to use an off-the-shelf hobby drone. They’ll at least install their own chip, and they’ll certainly install command-verification routines. This ain’t rocket science.

      People could try to jam the communications, but jammers can be quickly caught. Besides, what’s the incentive to jam? (As opposed to hi-jacking.)

    • chandler

      the drones he is talking about are the toy parrot A.R. drones that use wifi. Most drones, like rc airplanes use frequency’s well above linux, and most hobby drones like my dynam foam plane use arduino with two way restricted radio waves, meaning it cant be hacked. now video signal can be hacked, but that simply means they can see what you see but cant do anything else.

  • Gage

    I think air drone delivery is awesome, because of the benefits of getting your product in minutes rather than days. Point is Amazon needs to spend more time with this man and have him show them the best way to keep their drones safe. I would love to be able to order something and see my order show up in about a half an hour, people just ruin things for everyone.

    • so when that drone kills you family member outside enjoying the sun its ok because your time is more important then your loved ones.. hmm

      • Justin
  • BlackOwl18E

    Anything electronic has a back door. Drones have a place in the future, but not as replacements for humans.

  • BrainLak

    Man, I need to start gluing the broken pieces back onto my AirHogs, get those things ready to Hunt!

  • shawn1999

    Think he’ll take a job taking over China, Iran, and Pakistan’s drones? At least the non-photoshopped ones?

  • Uncle Bill

    When a remotely piloted vehicle is receiving radio input telling it to change it’s rudder position it’s easy to see how that could be hi-jacked. But when the vehicle is piloted by it’s on board systems it can take any input it receives and evaluate it. It can take steps to verify it’s authenticity and it can reject it if it does not pass the test.

    It makes no sense that because this guy can hi-jack an hobby level RC drone he would be any threat to more advanced systems. Remember when it was thought cars could only pilot themselves by embedding cables in all roadways? The difference is the immense increase in processing power. The ability to scan camera images fast enough to make driving decisions was not anticipated by many. The same increasing ability applies to autonomy in UAVs. A radio transmitter and software is not likely to be enough to hi-jack future drones. The possible ways in which a drone could verify input seem endless to me, making it close to impossible to jack.

    And further, while a human pilot is far superior to a machine today, tomorrow the machine will be faster and the human won’t. Denying this simple progression is suicidal.

    • blight_

      When all forms of tele-operation are equally priviledged and don’t require authentication, the drone obeys all the signals it get.

      I suppose resorting to something like TERCOM image-recognition to force a drone into a constant flight-path isn’t a bad idea, but it curtails your flexibility.

      • Bernard

        You can use TERCOM as a backup in the event that other systems are compromised.

  • Fábio de O. Ribeiro

    Shoot the drones, take the books: new radical sport in the USA soon.

  • PuresaltA1A

    The Beast of Kandahar was taken over by a couple of Iranian college kids with a lab top by hacking into its GPS….

    • blight_

      Worth noting the Iranians could have collected a lot of SIGINT just by putting guys on the ground in Iraq and collecting signals from the Preds.

      However, “spoofing” the GPS would be interesting. It might be easier to simply spoof then jam (or the other way around) the American controllers (who were probably still using unencrypted signals to control the drones).

    • moronotopia

      That is complete nonsense.

  • hibeam

    This will take off like a rocket. At first it will mostly be driven by big companies with landing zones on the roof or in the parking lot. But very soon it will be door to door service to every home everywhere. Bye bye USPS. We won’t miss you.

    • AFMissilier

      hibeam: you don’t mind that the drone is violating your space – property. The FAA is going to make this decision. And, danger to air and ground objects is greatly increased. Insurance, which every consumer will pay in higher prices; even those that don’t choose “drone delivery” is a non-starter. Electric motors will require re-chargeable batteries. Those batteries will require fossil fuels to manufacture, deliver, and recharge. Minimal, if any reduction to those bad, bad “Al Gore”-gases.

  • hibeam

    Hey Wally, can you send the xyz widget over? Sure Mike, I’ll put it on the drone right now. You’ll have it in about 15 minutes.

  • Waka

    I guess if you want to fly via WiFi only then yes, the Multirotor can get hacked. But if you’re going to be flying for actual distance then you will be using better equipment.

  • Phillip

    How is the drone to ring the door bell to let you know your package is here

  • hibeam

    This idea reminds me of cell phones when they first came out. It’s a fad. it’ll be gone in no time. A fat guy in an SUV. That’s the proper way to deliver a pizza.

    • blight_

      Some careerist who wants 15/hour, benefits and an expense account for pizza delivery.

    • mark

      better is a hot girl delivering pizza! other than that, the drone is fine

  • AFMissilier

    My mailbox is at the boundary of my property. Any one, or thing, that comes onto my property is trespassing. A drone could deliver product, surveillance gear, or explosives. I will never have a drone deliver anything to my property. If it crosses my property, I will shoot it down and throw it in the trash. This idiot at Amazon thinks we will accept anything technology can produce. If it invades my privacy, or becomes an annoyance, it’s crap

  • TonyC.

    Drone on drone combat is in the future. There will be courier drones escorted by protection drones to prevent hijacks. Sounds like too much trouble, they had better keep their trucks and fleet of aircraft.

  • Mike

    Seems everyone is worried about A.I. . But we still haven’t found any H.I. (Human Integuments) and the comments above seem to bear that out. Robots have been doing remote Surgeries for years. A Doctor in San Diego works on a patient in New York to remotely preform a heart by-pass. The big problem I see is having that big UPS truck hovering over your barking dog in the front yard, while that unshaven, sweaty guy in the ill fitting shorts wants to get your signature on an electronic pad! Think about it. . . Chrees

  • Security measures? We don’t need no stinkin’ security measures. We’re Amazon.

  • Kienhoa68

    I don’t see any benefit to destroying a potentially viable method of delivering small items quickly.
    What is gained by disrupting the drones? Mischief with no point becomes a mere act of stupidity.
    If the signals are properly encrypted, there should be little problem. Also if you fly drones within the city you would need a license at the very least. Just like the laser and aircraft stunt, you can get only get away with it for so long.

  • Zspoiler

    They could be used terrorism as well , Or some fool could use them for target practice

  • aweishaupt

    Don’t forget, this hack only works with a very specific type of drone called the AR Drone by Parrot, which is a $300 toy sold at Radioshack. They’re used as toys or cheap research platforms for students, not for anything sensitive.

    • The AR Parrot is the hunter drone that Kamkar uses to take over the Amazon worker drone. It’s just the carrier vehicle for all the hardware that is doing the real work. You could put it in anything that flies that has a large enough payload. I’m thinking a large RC airplane would make a better hunter. The right design flies slowly and has a large wingspan and the right amount of power for long flight times, like a model bomber.

  • McDeath

    So whats all the fuss?
    Ok so some of us don’t like the image of delivery drones hovering on our doorsteps with tiny packages. But think about the whole drone hijack thing and the possabilities that presents for new reality TV shows…LOL.
    If some one wants to try this out at their own expense I say what the hell. As mentioned before you would have to choose drone delivery as a delivery option to have the annoying thing hovering anywhere near your home, and if other people want it and are willing to deal with the ramifications of it let em.

  • Jim Palazzolo

    Cyber Security – hmm…
    Well Security Architecture was mentioned at some point in the blog roll, but it really comes down to a risk based approach; and, what Currier services are willing to pay in damages. It really has nothing to do with making them “secure”.

  • Col. BMT
  • rick brant

    Drones are the future we can fight wars and not lose a single live, destroy terrorists before the can start planning drones are the future treat as such.

    • Silvermont


  • Steve

    I see a market for killer drones or inexpensive interceptor drones. Inexpensive drones that will take down another drone by collision. The interceptor drone could be hardened, “armored” to simply create a mid-air crash, disabling the intruding drone’s propulsion system.

  • We’re a group of volunteers and opening a brand new scheme in our community.
    Your website provided us with helpful informmation to work on. You have performed a
    formidable task and our entire community can be thankful to you.

  • Hey there! I know this is kinda off topic however I’d figured I’d ask.
    Would you be interested in exchanging links or maybe guest authoring a blog article or vice-versa?
    My site covers a lot of the same topics as yours and
    I think we could greatly benefit from each other.
    If you’re interested feel free to send me an email. I look forward to hearing from you!
    Excellent blog by the way!

  • As you take these courses, real life scuba diving is carried out.
    With that, as a scuba diving instructor you will be able to bring others up to scuba diving.

    Located in a much quieter area than the other dive shops, at the far end of the beach, the hotel
    is more upmarket than most on the island although the ‘free’
    rooms are still basic.

  • best rc drone

    great post, thanks for sharing
    read more http://www.remotecontroldronehq.com/

  • At this time it appears like Drupal is the best blogging platform available right now.

    (from what I’ve read) Is that what you are using on your