Wednesday, 04 December 2013 13:41

Amazon's Drone Scheme is a Nightmare Waiting to Happen

Written by

Reading time is around minutes.

When you order something online these days you put your money and trust in the companies that are responsible for getting the package to you. I do not think there is anyone out there that has not received a package that is a little more beat up that it should be after spending its time with UPS or FedEx. There seems to be an unwritten rule that says package delivery services must take out their frustration on the poor boxes that are in their care. Between worrying about the state of our orders and if they will actually get to our doorstep things can get annoying.

So what about the new proposals from Amazon, UPS and other carriers to use automated drones to quickly deliver goods to customers? From the announcements we are hearing using drones will make things so much simpler, faster and cheaper to operate. Little details like lost or damaged goods will be a things of the past… Then again I have yet to see announcements of new good or services that really talk about potential downsides and delivery drones are no exception. In our first article on the subject we talked about regulator, technological and logistical issues with trying to use drones to deliver products. Now we are diving in a little deeper and looking at a few other more concerning issues with drone delivery.

Insecure GPS -
One of the biggest issues we can see with using fully automated drones is simply that the current GPS system is not secure. It is all too easy to force a drone off course and either intercept it or simply crash it (talk about damage in shipping). The technology behind GPS would need to be drastically improved before this type of system would be even close to safe for use in populated areas. Even more sophisticated drone have this vulnerability in them and it is not until you get into more military oriented products (which cost much more to own and operate) do they truly become secure enough to avoid this simple hack.

Just shoot’em down -
This one made me laugh until I realized that there are a few places that are considering drone bounties. Can you imagine having your newly purchased product shot out of the sky by someone? How would Amazon, UPS or FedEx cover that? There are a large number of people that might simply take the shot just to grab some free loot even without the bounties. It is a sobering thought for more than one reason including from a liability standpoint.

Automated Drones are easy to hack -
Now we come to another security issue with using these drones. It seems that the drones use a very insecure for of wireless to talk back to their owner. The tools needed to hack this and take control of the drone are not only easy to get, but simple to use. According to Samy Kamkar you can do it with a perl application he created called Sky Jack. It looks for and breaks any connections that drones have (right now only Parrot AR Drones) and then fools them into thinking that you are the owner. From there you can do anything you want to with the drone.

Looking at the GitHub page this was something Samy put together in about a day which puts this last item in the “oh shit” category for companies considering drone use.

# skyjack, by samy kamkar
# this software detects flying drones, deauthenticates the
# owner of the targetted drone, then takes control of the drone
# by samy kamkar, This email address is being protected from spambots. You need JavaScript enabled to view it.
# http://samy.pl
# dec 2, 2013

Samy was also able to identify the mac range that Parrot uses for their drones making the attack specific to their products. It would be pretty simple to alter this to attack other manufacturer’s products.

# mac addresses of ANY type of drone we want to attack
# Parrot owns the 90:03:B7 block of MACs and a few others
# see here: http://standards.ieee.org/develop/regauth/oui/oui.txt

The idea that small automated drones will be flying through our skies delivering packaged to smiling customers is a fantasy for the foreseeable future. With the existing technology there are far too many issues to even consider trying to put this into operation. Amazon or any other company that did this would lose money from day one and also would lose consumer confidence in their ability to do their job (deliver goods that have been purchased). The people that are saying that these drones will be in use by 2015 are fooling themselves (or simply ignorant of the way things work). We stand by our initial comment, this is not a technology that will (or should) see daylight for at least 10-15 years.

Tell us what you think in our Forum

Read 2497 times Last modified on Wednesday, 04 December 2013 19:34

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.