Amazon drones, hax0r3d

Have you seen all that stuff in the news about Amazon’s proposed new delivery method? At first glance, it looked like an April Fool’s joke – but then I remembered it was December. My money’s on it being a project that nobody intends to come to fruition; but a very clever bit of marketing for a month when Amazon sees more business than it does in any other month of the year.

The idea here is that orders under five pounds weight will be delivered to your doorstep in 30 minutes by one of these little drones from 2015. Let’s put aside objectionable thoughts about getting civil aviation licences for thousands of drones at one time; about scalability; about range; and about the way people in certain of Amazon’s markets have a habit of keeping guns in the house and shooting things. It’s a nice bit of PR and it made me smile.

But I was particularly tickled to find several people email me Samy Kamkar’s other objection to the drone idea: namely that they’d be very simple to subvert if you happen to be the no-moral-compass type who wants to get their hands on other people’s shopping. And (astonishingly quickly, given that Amazon broke the news three days ago), he’s built a demonstration of just how you’d go about doing that. Samy’s SkyJack is an autonomous drone that seeks other drones within range of its WiFi and hacks them, turning them into zombies under its control. Samy says:

Using a Parrot AR.Drone 2, a Raspberry Pi, a USB battery, an Alfa AWUS036H wireless transmitter, aircrack-ng, node-ar-drone, node.js, and my SkyJack software, I developed a drone that flies around, seeks the wireless signal of any other drone in the area, forcefully disconnects the wireless connection of the true owner of the target drone, then authenticates with the target drone pretending to be its owner, then feeds commands to it and all other possessed zombie drones at my will.

We at Pi Towers are full of raucous glee. You can read more about SkyJack and Samy’s exploits, and find out how he did it, at his website.

Oh – and you can buy a Raspberry Pi from Amazon. 


meltwater avatar

I was reading about this about 1/2 hour ago.

I think this shows how important the Raspberry Pi will be in generations to come when viewing security issues.

There are many cases already where devices like the Raspberry Pi are highlighting the appalling state of security in modern systems.

We need this new generation of engineers who take security seriously, in order to build better systems and teardown the old.

If Amazon end up with lines of drones following a “Pi’d Piper” then they only have themselves to blame.

Lloyd Seaton avatar

These vehicles gives “drop shipping” a whole new dimension.

Aremvee avatar

OTOH it shows up a community ( with kids involved ) that has ease to hacking tools. Given the ease with which xenophobia takes over the media, it may be a case of “buy a Pi while it’s still legal”

meltwater avatar

Which is better?
Keeping it to a few people who can hack things or a whole new generation of people who are aware and will be able to build in protection against it.

Having said that, you can do a lot of damage with a few Pi’s, but then same goes for a netbook or laptop, even iPads if you try.

Aremvee avatar

agreed. entirely. Make them aware to build in the protection.

Its a topic that deserves its own thread in the forums, and i may start one( not tonight, 2  deadlines to meet ), but there is scope that within the communities ranks, we visibly start fleshing out ethical self management and such, otherwise the panic merchants will clobber us all with neaderthal legislation. We understand a lot of thhings aren’t practical, and all the why’s and wherefores that it will never happen, but we’re based in thentechnical realm. 

Non technorati dont think like us, at a detail technical level, As management types or polticial types they can only skim for keywords, and assemble a picture in their minds … nah, i’ll save it for the forums.

SergeantFTC avatar

Samy’s code can only command control of AR drones. Needless to say, Amazon won’t be using those. In fact, they have said that the drones will be fully autonomous, so it shouldn’t be possible to connect to them and tell them where to go. OTOH, you could try spoofing the GPS coordinates…. >:D

meltwater avatar

Yep, there are several middle eastern countries which have captured american dones like that.

GPS, again, oddly not that secure…

bertwert avatar

How big are they?

Crystal Cowboy avatar

The next step would be for someone to build a “honey pot” drone – fully autonomous, but pretending to use a wireless link for the express purpose of luring in a Samy pirate, which it then captures or shoots down.

I believe there was a television show a few years ago with battling robots – someone needs to take it to the air with drone dogfights.

Simon D avatar

There was an advert on UK TV for pipe tobacco on a similar thread.

Bloke sitting in a park by a duckpond pond enjoying his pipe.

Two yobbos come along with a noisy radio-controlled motorboat.

He reaches into his bag and gets out his remote: for a U-boat.

U-boat fires its torpedo and goes back down to the weed.


CaptainofSpray avatar

“Raucous glee”? A fine choice of vintage phrase indeed! Once again, the gang at Pi Towers prove themselves to be a cut above the ordinary.

Solar3000 avatar

Owwwwch! Who dropped that piano on my head!

Eric avatar

Amazon drones will don’t use WiFi !

Michal avatar

drones hacking drones, robots killing robots… frightening ;]

Greg avatar

I dont think Amazon will be using drones with weak security like that.

liz avatar

Well, like I said, I have a very strong suspicion that Amazon will not be using drones at all…

Niall avatar

Surely a simple Python script loaded into the Raspberrry Pi attached to the Amazon drone could then easily detect such devilish skyjack attempts and, given the GPIO capabilities of the Pi, could then be used to launch Pi-guided air-to-air missiles at said skyjacker drones.

Jings – I would even order stuff from Amazon just to be able to watch the ensuing dogfights. It would be better than the movies!!!

Bring it on…….. ;-)

Stewart Watkiss avatar

It’s good to see Waterstones have come up with their own solution. Here’s the British equivalent :-)

Just like the Amazon proposal there are a few minor things they need to work out before they start using them for real.

These are far more cute than the Amazon design and much harder to hack into.

Aaron avatar

Pfsh been there done that.
Been Done

meltwater avatar

Love the idea of the The Waterstones owls.

You wouldn’t want to mess with them though:

theo luckman avatar

haha much harder lol

Dutch_Master avatar

Following a few links I found that the original company does not sell outside the Continental US. I’m not sure of the legal status if you get one in Europe (provided Amazon actually ships these outside the US) so you could be in for a rough ride with local authorities… :(

H Brydon avatar

Well, what about the situation where you buy a Raspberry Pi from Amazon and it gets hijacked?

This wouldn’t just be a robot war, it would be RPi user war.

aTao avatar

Waterstones have their say

But the drone idea is serious, there are several companies champing at the bit, waiting for legislation to sort itself out. In the USA there are considerations regarding autonomous vs remote pilots. Pilot safety, issues concerning shooting something that flies over your house(a much simpler way of subverting a drone!)

David R avatar

Surely an easier solution is just to build a flying machine with a big net to harvest the drones. A less technical solution, but fairly effective. Might have to sort out homing devices etc….

Simon D avatar

We have enough hassle with the police helicopters flying/hovering overhead. One is tempted to reach for a Stinger some days.

Drone zapping could become a big sport.

In Glasgow a police chopper crashed into a pub. Although bigger than an Amazon drone, they would still be a threat.

What if it’s windy? Even the really great flying birds have difficulty on lots of days. Whilst the general wind might not be much round a building or alley the wind can get very strong and turbulent.

Even if one made it to my house, how would I know that it had arrived?

A bloke with a van is much more adaptable. And for low value there’s the Royal Mail.

meltwater avatar

Perhaps they will fall back to using a huge catapult. :)

Simon D avatar

You would still need the drones for the FOOs. Without them you have no QA loop to ensure delivery.

But even if they fire for effect on my garden; life being what it is they will all land in the pond. Or at the tops of the trees.

Pygar2 avatar

I think I just figured out where Skynet got started… next stop, aerial HK’s…

Chris Waddle avatar

On a more serious note, if you start sending things like fragile electronics by drone you’ll be depriving courier and postal staff across the land of their midmorning kick-about.

Pygar2 avatar

“Hey, Moe! What does “frag-ill-ee” mean?”

The Raspberry Pi Guy avatar

Haha! Excellent! I would love to see a thousand Amazon drones being controlled by a mighty Pi!

It won’t happen though… It was nothing more than a stunt for Bezos and Amazon

The Raspberry Pi Guy

Hove avatar

Puts a very literal meaning to “dropbox” – ouch!

Pygar2 avatar

Having seen far too many packages take a 2 or 3 day siesta a short drive from my home, I have to think this might be a good idea. On the other hand, maybe a droneport *near* an area would be a better idea. You get a call or text telling you the ETA, and go there so that you can get your package without much danger of it landing on your kid, dog, neighbor, koi pond or whatever. If you’re in that much of a hurry, you’d do it. Kind of like library dropboxes that serve as a mini library. We can assume reasonable security precautions to keep other customers from glomming *your* stuff. Packages to such a drop zone, since there is less danger of them causing damages, might be a bit cheaper than back-yard service (for those who *really* want such service, it’d still be available- at your responsibility and for a reasonable premium).

Crystal Cowboy avatar

“Go there”? Your GPS-enabled cell phone feeds it your precise coordinates, and it comes to you. Take delivery while walking in the park or reating lunch.

Pygar2 avatar

GPS is not always perfectly accurate. Accurate to a few feet, usually. Of course, you could put, perhaps, a laser reflector in a given spot, and after coming to your gross coordinates, it could seek out that one spot, identifiable by laser patterning… A thought for the future. It would keep the darn thing from landing in your koi pond, or your car, or whatever…

Dave avatar

Hacking toys ?

Mark Swope avatar

Meanwhile, TigerDirect is testing its new regional ballistic missile delivery system in time for the 2013 Holiday season!

David Comeka avatar

LOL, this is so funny how people think that a drone can hack a wifi signal as its travelling around. Even with the most powerful hash cracking network, it takes time to crack a WPA2 handshake password that is 8 characters. more time than a battery has. These things are pipe dreams or work on WEP or no encryption wifi networks….

Dutch_Master avatar

There are other ways to have a device loose it’s wifi connectivity involuntarily :o Besides, you’re assuming they use an encrypted signal. Encryption takes time to decipher, even if you have the correct key. In that time, the drone could have crashed, while flying it w/o encryption may have gotten the command that prevented a crash in time to execute it and keep the device airborne… :P

David Comeka avatar

lol still, then why install aircrack and pretend a RPi could remotely have the capability of cracking a network? And I do believe there is no way these drones will fly without a heavily encrypted signal. Now a 2 billion dollar predator, that is a possibility, especially with automated flights of 48 hours and high gain directional antennas. The .mil specs for avionic computers are ridiculous and highly efficient for space, possibly flying around with several TH/s of cracking power.

David Comeka avatar

And I know what you are talking about, in the first uses of military drones the insurgents could pickup live streams of pilots flying, as they couldn’t encrypt the data as the drone might crash, and it was very critical the time sensitivity of it, but with fully automated drones full encryption is the standard, its not 10-15 years ago anymore.

meltwater avatar

Didn’t they report at one point that their systems had viruses on? Encryption isn’t much good if one side is open.

Aaron avatar

I cant imagine that the drones would emit a wifi signal for anything. Nevertheless, the point remains the same, someone will hack them.
“Never underestimate people trying to prove other people wrong.”
by Me – Just now

Declan Malone avatar

LOL, this is so funny how people think that a drone can hack a wifi signal as its travelling around. Even with the most powerful hash cracking network, it takes time to crack a WPA2 handshake password that is 8 characters. more time than a battery has.

Have you considered that the drone sends the sniffed traffic back to base for cracking on more powerful hardware (eg, I’ve seen versions that run on desktop GPUs)? I don’t think it was mentioned anywhere that the actual cracking is done on the Pi… just the sniffing.

Scot avatar

Thats great, but how cool would it be if Amazon actually did this?

Kevin Bowers avatar

“people in certain of Amazon’s markets have a habit of keeping guns in the house and shooting things”. Yep! I hope Amazon uses my neighborhood as a test market; I could use some flying targets, especially the kind I don’t have to buy! Ever listen to the lyrics of Steve Earle’s “Copperhead Road”?

Enemby avatar

Couldn’t you combat this by only giving the drone an ethernet port and have it carry it’s own wi-fi hotspot?

Considering how autonomous drones are pricy already, I don’t see why not..

Neil avatar

How long before someone comes up with a RasPi-powered mantrid drone?

Pygar2 avatar

I liked the 790 drones better… they had *attitude*!

Jonathan avatar

You know this “Samy” person was arrested in 2005 for making worms on MySpace…

Pat Senn avatar

Can we incorporate the diode laser into the pirate drone to blind the cameras, and possibly engrave the propellers?? If it didn’t weaken them enough to brake it would leave enough of a mark to say “YOU HAVE BEEN TAGGED”

HangFire avatar

The drone delivery network idea is also in this recent TED talk. This proposes a fast delivery system for medical supplies.

No roads? There’s a drone for that.

Shipment rate quoted is ridiculously low and could be what attracted Amazon!

I wonder how long Amazon’s average order pick is? That’s coming out of this 30 minutes, it appears. To me it only feels practical over open country.

AndyS avatar

I can see an increase in the sales of air rifles. “Bagged me a book today . . . It was green”.

Davespice avatar

It would certainly be funny to fly one of these through the Amazon warehouse and come out the other side with this whole army following your drone.

CptBoots avatar

Would there be a way to have say broadcast towers around a building to provide advanced security options for detecting and re-routing surveillance hardware such as drones?

Pat Senn avatar

This would be a more appealing hack to me. Broadcast towers to send the surveillance drones to a different GPS coordinate, say the cess pools at the waste treatment plant, or into a local river.

Robert Downey avatar

Drone Wars… coming to a neighbourhood near you.


Comments are closed