What If They Try to Hack Amazon's Drones?

Parrot AR.Drone Quadricopter
Not everyone is thrilled with the rise of civilian drones in American skies. Last week, after Amazon hyped its plan to deliver packages in half an hour via UAV (unmanned aerial vehicle), we wondered about the drone backlash happening in many part of the U.S. And while an angry few threatened to shoot down these delivery drones, a more pressing concern seems to be: What if people try to hack them?

Just last week, security researcher Samy Kamkar made news after announcing he had modified his Parrot AR.Drone quadcopter to hunt and hijack other drones. Employing simple hardware including a Raspberry Pi computer and a wireless transmitter, plus software tools such as aircrack-ng and Kamkar's own Skyjack, the pirate drone scans for nearby Parrot IP addresses. If it locates one, the drone will then hack the unencrypted Wi-Fi controls of its target and place the bot under Kamkar's control.

Kamkar says he designed Skyjack to "get people to pay a little attention to the potential security implications of drones flying around and becoming more ubiquitous in daily use."

Patrick Egan, drone advocate and editor of sUAS News, is not especially worried about Skyjack. Hackers can target Parrot drones, yes, but that's because those French recreational quadcopters run on Wi-Fi, not on radio frequencies. "The Parrot is something a father and [child] would play with in the yard."

Kamkar readily admits that there are limits to his hack. The Skyjack drone can stay in the air for only 10 minutes. Its strike range extends as far as its own Wi-Fi network, and it detects only those IP addresses associated with Parrot. But that's not the point. The drones that would be used for package delivery or other commercial uses in the future would be much harder to bring down, he says. But it's not impossible—and that's his point.

For example, high-tech pirates could target the unmanned aerial vehicle's GPS navigation system by jamming weak satellite signals, says Todd Humphreys, an aerospace engineering professor at University of Texas at Austin. "You can just get on the Internet and buy a so-called personal privacy device, and you can jam GPS receivers from about 10 meters to up to a mile away," Humphreys says. The more heavy-duty jammers cost only a few hundred dollars.

A drone with disrupted GPS navigation would be in trouble. In the best-case scenario, the vehicle could limp home by relying on its inertial measurement unit to provide a basic dead reckoning. A human operator could also help by remotely steering the drone with visual cues coming from onboard cameras.

But things get really dicey if an attacker jammed the communication link with the ground operator. Indeed, some of the "personal privacy devices" Humphreys mentions sport multiple antennas and are powerful enough to disrupt cellphone signals—which is what an Amazon drone probably would use for flying beyond line of sight, he says.

Even more insidious is spoofing GPS coordinates, whereby the drone is tricked into landing at (or crashing into) a location chosen by the attacker. "It is orders of magnitude more sophisticated, more complicated than jamming," Humphreys says, "but it has a bigger payoff in that the attack can go undetected."

The threat is not theoretical. In June 2012, Todd Humphreys and his research team spoofed and grounded an $80,000 drone during a demonstration for the Department of Homeland Security.

For now, the threats are being addressed incrementally. Georgia Tech, for example, has been conducting studies into autonomous vision-based navigation, while the Los Alamos National Laboratory wants to make robot movement less predictable.

"The advantage of acting unpredictably is that people who might want to exploit the robot cannot as easily anticipate where the robot might go next," says Los Alamos National Laboratory research engineer David Mascarenas.

Still, Humphreys is concerned about the proliferation of software-defined radios. Whereas GPS spoofing is still the purview of highly skilled ham radio operators, these new devices give computer hackers easy entrance into the field. One day, will teen hackers be able to just download a GPS spoofing program and hijack a drone as they would a computer?

"That's my worst fear," he says

Read more: What If They Try to Hack Amazon's Drones? - Popular Mechanics
Follow us: @PopMech on Twitter | popularmechanics on Facebook
Visit us at PopularMechanics.com
E-mail me when people leave their comments –

You need to be a member of diydrones to add comments!

Join diydrones


  •   A simple high power radio on your frequency with wide bandwidth broadcasting white noise will drop you immediately. If malicious enough a simple directional antenna added and they've a sophisticated drone gun! With an SDR simply set the various frequencies we use and the whole sky becomes - clear.

  • Some of these articles are a bit sensationalist, but this is also a real & serious problem.  

    "Hackers can target Parrot drones, yes, but that's because those French recreational quadcopters run on Wi-Fi, not on radio frequencies."

    APM uses unencrypted, unauthenticated radio communications links that may be even easier to interfere with than wifi, so don't think that you're safe.  (In fact it's easy to run the AR.Drone in WPA2 mode, so you would have more protection than with a 3DR radio).

  • Even better Criro!

  • Why not 3DRobotics to deliver directly?

  • People can steal a UPS truck too, but it would be illegal. One day I can have an Amazon Drone deliver my parts for my 3DRobotics Drone and thats cool!

  • Faked dropzones with people equipped with blankets waiting is also a possibility...

  • To heck with hacking. When the Amazon drone lands in my yard I'm tossing a blanket over it and keeping it!
  • God I hate these sensationalist FUD stories. You can't imagine how many MILLIONS of dollars are blown in the tech industry just because some fart head wants his name in a blog post. Managers can't understand the tech they are in charge of, and no one who wants to stay employed will pipe up and point out that the emperor has no clothes,  when they do, the manager says: "just fix it!" as they type into their blackberry how they are handling the situation.

    Yea, I'm on a rant over previous FUD events.

    I used to think that anyone was capable of actually understanding pretty much anything, but it's become apparent that all anyone ever reads is the screaming headline and that's all they need to push the panic button, no matter how stupid, impractical, un-usable, etc...

    I love how they use terms like "Strike Range" in reference to a Styrofoam phone toy, as if it delivers death to babies or something. Don't click on those links above, don't give them your traffic or reward them for posting stupid stuff like this.

  • If delivery drones get common they will be *somehow* ripped - and that's a plain fact.

    Hacking them might be possible but physical means are much easier.

    GPS / other frequency jamming may work but most likely your jammer will be on the ground and the GPS signal comes from above, so some coppershielding below the drones' GPS might avoid that. Onboard sensors' dead reckoning will not be easy but the onboard magnetometer will know the home direction (unless you place big electromagnets on the earth as well..) combine that with an airspeedsensor for tiltangle calculation and you will have a sufficient RTH. GPS Jamming will not take place at the starting point because the company couldn't launch their drones then - so it will inevitably regain GPS contact near its' homecompany and land (otherwise some optical laser flashlight could be recognized by onboard ccd as homepoint - even a sparkfun ccd unit will do that). So simple GPS jamming should never bring a properly designed drone down (baro keeps hight). Flying over it with a plane and feeding it with valid but incorrect GPS data to alter the flightpath is a different story (if hackers can do that).

    Thieves will probably follow the drone in a vehicle and get hold of it on landing - so secured places (rooftops) should be used. Other thieves might build some intercepting drone (copter/plane) equipped with some dangling sticks to destroy props or release a net - others might build a cheapo one way fpv foamy to ram the drone from the sky. So the props should be shielded.

    I would expect high losses of those delivery drones - since their parts are valuable no matter what they carry.

This reply was deleted.