SkyJack is an unmanned aerial vehicle created by Samy Kamkar which specifically seeks out other Parrot drones and hijacks them through their wireless network, giving the SkyJack pilot the ability to control and view the camera sources of the affected drone.
Parrot AR.Drone is a radio controlled flying quadcopter helicopter built by the French company Parrot. The drone is designed to be controlled by mobile or tablet operating systems such as the supported iOS or Android. No authentication or encryption is used by the Parrot to secure the connection with the pilot.
According to the project's website:
SkyJack is a drone engineered to autonomously seek out, hack, and wirelessly take over other drones within wifi distance, creating an army of zombie drones under your control.
Using a Parrot AR.Drone 2, a Raspberry Pi, a USB battery, an Alfa AWUS036H wireless transmitter, aircrack-ng, node-ar-drone, node.js, and my SkyJack software, I developed a drone that flies around, seeks the wireless signal of any other drone in the area, forcefully disconnects the wireless connection of the true owner of the target drone, then authenticates with the target drone pretending to be its owner, then feeds commands to it and all other possessed zombie drones at my will.
The SkyJack software seeks out other Parrot drones wirelessly by their organizationally unique identifier without requiring any previous knowledge of the targeted drones. The only security currently in the Parrot drones prevents a second pilot from taking over, however SkyJack uses Aircrack-ng to perform a "deauthentication attack" against the pilot, exploiting a mechanism in wireless security. The SkyJack software then takes over the drone as the primary pilot and provides full control and camera access to the SkyJack pilot.
- Goodin, Dan (2013-12-08). "Flying hacker contraption hunts other drones, turns them into zombies". Ars Technica.
- "Samy Kamkar - SkyJack".
- "AR.Drone coming to Android, gets new multiplayer games". 2010-06-08.
- "SkyJack source code". 2013-12-08. Retrieved 2013-12-08.