Samy Kamkar, Hacker: We can take any drones, hack into them and control them
Article information and share options
Samy Kamkar, privacy and security researcher, computer hacker, whistleblower and entrepreneur hacked a drone live at the 'Insurance in the age of drones' conference at the Swiss Re Centre for Global Dialogue. The event brought drone experts, drone racers, regulators, lawyers, and a hacker together with Swiss Re clients, to examine how drone technology will impact casualty and aviation insurance in the near and long term.
Find out more here.
Read a text version of Samy Kamkar's interview below:
"We can take any drones in any industry and hack into them, take over and control them. Some of the techniques are really interesting. Some things that we use every single day like GPS that you'd use to navigate in your car. That's exactly what drones use to autonomously pilot, but GPS is unencrypted, it's unauthenticated. You can use 300 dollar hardware with free software to take over GPS and to control GPS, that would be one example of hacking into a drone.
I think it's a shock for the insurance industry and other industries that you can use commodity hardware, consumer-based equipment to take over and hack into tens of thousands of dollars worth of equipment. You're talking about a 50,000 dollar drone that can be hacked into. It's demonstrated just a few months ago with a 100 dollars in equipment, so yeah, it's very shocking. I think we're going to see this continue. Just as the price of drones has come down because of the equipment inside, it's the same thing with the same tools to break into them.
The insurance industry can essentially hike up rates for example, if a drone is not using a certain security mechanism. What I would do, personally, if I were in their shoes, is I would say, "I want to understand what are additional security mechanisms that we can put in place on a drone and say this is much less risky?" Sure there's still some risk but I am much more confident in this because it uses encryption, authentication, multiple levels of sensors, and not just depending on one consumer sensor, and I think that will help mitigate risk.
An event like this is extremely interesting to me, because I had not idea this existed. I had no idea there was such a large population of people dedicated to solving this problem. I never even thought about the problem. I'm on the other side and I'm trying to develop and push forward some of this technology. I completely now see it from another angle that I didn't before. I think it will hopefully make me think twice when developing new things, and how I can implement, maybe, a better implementation to prevent issues that we're trying to solve here."