Parrot drones 'vulnerable to flying hack attack'

Image caption, Parrot's drones allow their owners to see video taken from an altitude of 165m (540ft)
  • Author, Leo Kelion
  • Role, Technology reporter

A security researcher has created a flying contraption that he says can hijack control of other flying drones made by one of the industry's leading manufacturers, Parrot.

Samy Kamkar said he was able to achieve the feat because the company's products do not support a way of encrypting or authenticating the wi-fi data they use.

The 大象传媒 understands that the company is looking into the allegation.

Other experts said Parrot appeared to have ignored well-known guidelines.

Image caption, Mr Kamkar says that Parrot drones can be hijacked as they are operated through a "entirely open network"

However, they played down Mr Kamkar's suggestion that the technique might one day be adapted to hijack drones used by Amazon and others.

A spokesman for Parrot said he was unable to comment yet.

Mr Kamkar has previously made a name for himself by developing malware that exposed a flaw in the MySpace social network and for revealing that several smartphones were sending back location data identifying their owners' movements to the makers of their operating systems.

"I think it's critical that drones have some additional protection," he told the 大象传媒.

"While the drones I'm demonstrating this attack on are consumer-based, they're still flying unmanned-vehicles, and the fact that they're this easy to take over is scary, especially when they will be much more ubiquitous soon."

'Design blunder'

In his latest blog - - he reveals how he combined a Parrot Drone with a Raspberry Pi computer, a wi-fi transmitter, a battery pack, existing hacking software and his own code.

"The Parrots actually launch their own wireless network which is how the owner of the drone connects," he explained.

"We take over by deauthenticating the owner, then connecting now that the drone is waiting for its owner to connect back in, exploiting the fact that we destroyed their wireless connection."

He said that the hack took advantage of the fact that Parrot's drones used a specific block of publicly registered MAC addresses to identify themselves, meaning the attack drone could pick them out from other wi-fi connected equipment in the area.

Video caption, CES 2013: A flying drone for amateur film-makers

Mr Kamkar added that the SkyJack technique could also be run from computer equipment on the ground to hijack Parrot drones flying overhead.

"This appears to be a basic design blunder," Prof Ross Anderson, head of the University of Cambridge's computer security research group, told the 大象传媒.

He explained Parrot had two easily implemented options to prevent the hack:

  • Use a secret key, shared by the controller and the drone, to authenticate each command message sent to the drone
  • Encrypt the data sent between the machines, which has the added benefit of ensuring the content of any message remains private

Parrot targets its drones at enthusiasts who want to take videos or photos from above, controlling the devices via their smartphones or tablets.

The firm's latest model can fly at up to 40km/h (25mph) and at altitudes of 165m (540ft).

The has highlighted the fact that at least half a million Parrot drones have been sold since 2010.

Delivery drones

Mr Kamkar's blog appears to have been inspired by Amazon's announcement that it is carrying out tests of .

Image caption, Amazon is testing the use of drones to make deliveries

"How fun would it be to take over drones, carrying Amazon packages鈥 or take over any other drones, and make them my little zombie drones?" Mr Kamkar wrote.

Package service UPS and Domino's Pizza are among other companies to have declared they are investigating a similar use of the technology.

However, one security consultant suggested such firms would be unlikely to ignore security guidelines if they ever brought their products to market.

"Both the ISO27001 and PCI DSS voluntary best practice standards state that any management traffic must be authenticated and encrypted," said Vladimir Jirasek from Jirasek Consulting Services.

"If Parrot is not following good practice this could lead to security incident, potentially followed by an accident. Imagine a drone disturbing traffic on a motorway.

"But I do not think Amazon would be lax in its security measures."