Samy Kamkar (born December 10, 1985) is a privacy and security researcher, computer hacker, whistleblower and entrepreneur. At the age of 17, he co-founded Fonality, a unified communications company, which raised over $46 million in private funding. He is possibly best known for creating and releasing the fastest spreading virus of all time, the MySpace worm Samy, and being subsequently raided for it by the United States Secret Service, under the Patriot Act. He is also known for creating SkyJack, a custom drone which hacks into any nearby Parrot drones allowing them to be controlled by its operator, and for creating the Evercookie, which appeared in a top-secret NSA document revealed by Edward Snowden and on the front page of The New York Times. He is also known for his work with The Wall Street Journal and his discovery of the illicit mobile phone tracking where the Apple iPhone, Google Android and Microsoft Windows Phone mobile devices transmit GPS and Wi-Fi information to their parent companies. His mobile research led to a series of class-action lawsuits against the companies and a privacy hearing on Capitol Hill.
Samy has co-founded Fonality, Inc., an IP PBX company, and on the side has focused on evolutionary and genetic algorithmic software development, Voice over IP software development, automated security and vulnerability research in network security, reverse engineering, and network gaming. When not strapped behind the Matrix, Samy can be found stunt driving or getting involved in local community service projects.
In October 2005, Samy Kamkar went looking for friends — specifically, friends on MySpace. Unfortunately, Kamkar chose to do so by writing and executing a cross-site scripting exploit dubbed the Samy worm, which became one of the first major worms to hit a Web 2.0 app (read more about it in the Oct. 27, 2005, WS newsletter). The Samy worm attempted to infect as many MySpace profiles as possible. The payload seemed relatively harmless: it merely tagged your profile with the phrase “but most of all, Samy is my hero” and added Kamkar as a friend. But the infection grew wildly. At one point, Kamkar had accrued over a million bogus friends and was getting more, at the rate of thousands every few seconds. The MySpace servers choked under the onslaught. MySpace removed the infection and patched the code vulnerability that allowed Samy to execute. The attack led to Kamkar’s being charged with a felony; he was subsequently sentenced to three years’ probation, ordered to perform 90 days of community service, and required to pay restitution to MySpace. During his probation, Kamkar was allowed to use a computer and the Internet only for work-related purposes. Kamkar’s probation is over and he’s back.
On his new, Kamkar warns people to change the default settings of their routers. (Note: This and other links to Kamkar’s site have been removed because they aren’t trustworthy.) This is sound advice, but coming from Kamkar, the warning is also a bit sinister — especially when his site provides a number of different proof-of-concept programs that can be used to attack routers.
In 2013, Kamkar created SkyJack, a combination of open source software and hardware to run on an unmanned aerial vehicle which was "engineered to autonomously seek out, hack, and wirelessly take over other Parrot drones within wifi distance, creating an army of zombie drones". The entire software and hardware specification was released as open source and detailed on his website. The software was released one day after Amazon.com announced Amazon Prime Air, a possible future delivery service using drones to deliver small packages in as early as 2015.