SkyJack

Last updated

SkyJack is an unmanned aerial vehicle created by Samy Kamkar which specifically seeks out other Parrot drones and hijacks them through their wireless network, giving the SkyJack pilot the ability to control and view the camera sources of the affected drone. [1] [2]

Contents

Background

Parrot AR.Drone is a radio controlled flying quadcopter helicopter built by the French company Parrot. The drone is designed to be controlled by mobile or tablet operating systems such as the supported iOS or Android. [3] No authentication or encryption is used by the Parrot to secure the connection with the pilot.

Description

Samy Kamkar released the SkyJack hardware and software specification on December 2, 2013, as open source and detailed the creation on his website. [2] [4]

According to the project's website:

SkyJack is a drone engineered to autonomously seek out, hack, and wirelessly take over other drones within wifi distance, creating an army of zombie drones under your control.

Using a Parrot AR.Drone 2, a Raspberry Pi, a USB battery, an Alfa AWUS036H wireless transmitter, aircrack-ng, node-ar-drone, node.js, and my SkyJack software, I developed a drone that flies around, seeks the wireless signal of any other drone in the area, forcefully disconnects the wireless connection of the true owner of the target drone, then authenticates with the target drone pretending to be its owner, then feeds commands to it and all other possessed zombie drones at my will.

The SkyJack software seeks out other Parrot drones wirelessly by their organizationally unique identifier without requiring any previous knowledge of the targeted drones. [5] The only security currently in the Parrot drones prevents a second pilot from taking over, however SkyJack uses Aircrack-ng to perform a "deauthentication attack" against the pilot, exploiting a mechanism in wireless security. The SkyJack software then takes over the drone as the primary pilot and provides full control and camera access to the SkyJack pilot.

See also

Related Research Articles

<span class="mw-page-title-main">Surveillance aircraft</span> Aircraft designed for sustained observation

Surveillance aircraft are aircraft used for surveillance. They are primarily operated by military forces and government agencies in roles including intelligence gathering, maritime patrol, battlefield and airspace surveillance, observation, and law enforcement.

<span class="mw-page-title-main">Unmanned aerial vehicle</span> Aircraft without any human pilot on board

An unmanned aerial vehicle (UAV), commonly known as a drone, is an aircraft without any human pilot, crew, or passengers on board. UAVs were originally developed through the twentieth century for military missions too "dull, dirty or dangerous" for humans, and by the twenty-first, they had become essential assets to most militaries. As control technologies improved and costs fell, their use expanded to many non-military applications. These include aerial photography, area coverage, precision agriculture, forest fire monitoring, river monitoring, environmental monitoring, policing and surveillance, infrastructure inspections, smuggling, product deliveries, entertainment, and drone racing.

<span class="mw-page-title-main">Wardriving</span> Search for wireless networks with mobile computing equipment

Wardriving is the act of searching for Wi-Fi wireless networks as well as cell towers, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet.

<span class="mw-page-title-main">Aerial photography</span> Taking images of the ground from the air

Aerial photography is the taking of photographs from an aircraft or other airborne platforms. When taking motion pictures, it is also known as aerial videography.

<span class="mw-page-title-main">Swarm robotics</span> Coordination of multiple robots as a system

Swarm robotics is an approach to the coordination of multiple robots as a system which consist of large numbers of mostly simple physical robots. In a robot swarm, the collective behavior of the robots results from local interactions between the robots and between the robots and the environment in which they act. It is supposed that a desired collective behavior emerges from the interactions between the robots and interactions of robots with the environment. This idea emerged on the field of artificial swarm intelligence, as well as the studies of insects, ants and other fields in nature, where swarm behaviour occurs.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

A rolling code is used in keyless entry systems to prevent a simple form of replay attack, where an eavesdropper records the transmission and replays it at a later time to cause the receiver to 'unlock'. Such systems are typical in garage door openers and keyless car entry systems.

<span class="mw-page-title-main">Aircrack-ng</span> Software suite

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. Packages are released for Linux and Windows.

<span class="mw-page-title-main">Parrot SA</span> French drone manufacturer

Parrot SA is a French wireless products manufacturer company based in Paris, France. It was founded in 1994 by Christine/M De Tourvel, Jean-Pierre Talvard and Henri Seydoux. Since 2017, it has focused exclusively on drone manufacturing.

<span class="mw-page-title-main">Samy Kamkar</span> American privacy and security researcher, computer hacker, whistleblower and entrepreneur

Samy Kamkar is an American privacy and security researcher, computer hacker and entrepreneur. At the age of 16, he dropped out of high school. One year later, he co-founded Fonality, a unified communications company based on open-source software, which raised over $46 million in private funding. In 2005, he created and released the fastest spreading virus of all time, the MySpace worm Samy, and was subsequently raided by the United States Secret Service under the Patriot Act. He also created SkyJack, a custom drone which hacks into any nearby Parrot drones allowing them to be controlled by its operator and created the Evercookie, which appeared in a top-secret NSA document revealed by Edward Snowden and on the front page of The New York Times. He has also worked with The Wall Street Journal, and discovered the illicit mobile phone tracking where the Apple iPhone, Google Android and Microsoft Windows Phone mobile devices transmit GPS and Wi-Fi information to their parent companies. His mobile research led to a series of class-action lawsuits against the companies and a privacy hearing on Capitol Hill. Kamkar has a chapter giving advice in Tim Ferriss' book Tools of Titans.

The Parrot AR.Drone is a discontinued remote-controlled flying quadcopter, built by the French company Parrot.

<span class="mw-page-title-main">Persistent Close Air Support</span> Close Air Support

Persistent Close Air Support (PCAS) is a DARPA program that seeks to demonstrate dramatic improvements in close air support (CAS) capabilities by developing a system to allow continuous CAS availability and lethality to Joint Terminal Attack Controllers (JTACs).

<span class="mw-page-title-main">DRDO Netra</span> Type of aircraft

The DRDO Netra is an Indian, light-weight, autonomous UAV for surveillance and reconnaissance operations. It has been jointly developed by the Research and Development Establishment (R&DE), and IdeaForge, a Mumbai-based private firm.

<span class="mw-page-title-main">Kali Linux</span> Debian-based Linux distribution for penetration testing

Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. The software is based on the Debian Testing branch: most packages Kali uses are imported from the Debian repositories.

<span class="mw-page-title-main">DJI</span> Chinese drone manufacturer

SZ DJI Technology Co., Ltd. or Shenzhen DJI Sciences and Technologies Ltd. or DJI is a Chinese technology company headquartered in Shenzhen, Guangdong, backed by several state-owned entities. DJI manufactures commercial unmanned aerial vehicles (drones) for aerial photography and videography. It also designs and manufactures camera systems, gimbal stabilizers, propulsion systems, enterprise software, aerial agriculture equipment, and flight control systems.

<span class="mw-page-title-main">DJI Phantom</span> Popular prosumer series of UAVs marketed to photographers, surveyors and filmmakers

The DJI Phantom is a series of unmanned aerial vehicles (UAVs), typically quadcopters, developed by Chinese technology company DJI. DJI Phantom devices were released between 2013 and 2019.

A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.

<span class="mw-page-title-main">Aerial base station</span>

An Aerial base station (ABS), also known as unmanned aerial vehicle (UAV)-mounted base station (BS), is a flying antenna system that works as a hub between the backhaul network and the access network. If more than one ABS is involved in such a relaying mechanism the so-called fly ad-hoc network (FANET) is established. FANETs are an aerial form of wireless ad hoc networks (WANET)s or mobile ad hoc networks (MANET)s.

References

  1. Goodin, Dan (2013-12-08). "Flying hacker contraption hunts other drones, turns them into zombies". Ars Technica.
  2. 1 2 "Samy Kamkar - SkyJack".
  3. "AR.Drone coming to Android, gets new multiplayer games". 2010-06-08.
  4. "SkyJack source code". GitHub . 2013-12-08. Retrieved 2013-12-08.
  5. "Parrot AR Drone 2.0". Archived from the original on 2018-01-31. Retrieved 2015-03-01.