Security Researcher Demonstrates It's Easy to Hijack Airborne Drones
The Skyjack software identifies Parrot drones by detecting their unique MAC (Media Access Control) addresses from their built-in WiFi radios. Once the software has identified the Parrot drone, it commands it to drop its existing WiFi connection. Once it obeys that command, the software connects to the drone's control system, passing control of the device over to the Skyjack operator who gains full control over the target drone. The operator can fly that drone anywhere and use its existing onboard cameras. If the drone were carrying a package, they could command it to land, and drop off the package. The single most important vulnerability that Kamkar has found is that these drones are using unencrypted data links. However, the fact that they are so easily identified by their MAC address certainly plays a role. All that's required is an automated system to take over the onboard control system, pass control to the new operator, and then move on to the next device. Of course, the proposed Amazon or UPS drones, if they ever make it past the regulatory authorities, aren't likely to be running Parrot control systems. But they are each likely to be running control systems that are easily identified by their own control link signals. And therein lies the problem.Such a take-over of a delivery drone could make theft more likely in the course of a delivery. But there are other more troubling possibilities. Someone could, for example, fly such a drone into the path of a landing airliner and even if the drone didn't actually make it crash, the surprise to the pilot could easily cause a loss of control all by itself. Likewise, such a drone, if being used for law enforcement or public safety, could have its capabilities subverted. Not only would the drone not be looking at what it's supposed to, it could reveal information that the new operator wants to see. While Kamkar's revelations will give drone hobbyists some fun, they point to a serious vulnerability. If these devices are to be used commercially, they need to be highly secure and not easily taken over. Hopefully, the security of the data link will be a significant factor in approving unmanned vehicles for flight in populated areas. Without it, drone operators are simply asking for trouble.
The commercial drones are certainly going to be larger and more substantial in their construction compared to the relatively flimsy construction of devices hobbyists can afford to buy on Amazon. But unless the companies operating those drones make sure they add some significant security to their radio control links, there's no reason they can't also be taken over in the same way.