TheBlaze

Scary: Hackers Infiltrate High-Tech Rifle System, Causing Shooters to Miss Targets or Disable It All Together

Liz Klimas

Nearly everything is getting a high-tech makeover these days in the name of making objects more convenient in the connected world, but with added computerization comes the risk of hacking.

Take what hackers demonstrated in a Jeep Cherokee last week.

If having a vehicle hijacked electronically is frightening, how about a firearm?

TrackingPoint, a “precision guided firearm,” boasts that its Xact System is “the most accurate shooting system in the world.”

Perhaps, but not after security researchers like Runa Sandvik and Michael Auger infiltrated its system through a Wi-Fi connection and software flaws and found they could change its aim or disable it all together.

Security researcher Runa Sandvick demonstrates how the TrackingPoint system works and how she and her husband managed to hack it. (Image source: Wired)

The hackers, who plan to present some of their findings at the Black Hat security conference in Las Vegas next week, demonstrated to Wired how they were able to “change variables in the scope’s calculations that make the rifle inexplicably miss its target, permanently disable the scope’s computer, or even prevent the gun from firing.”

“You can make it lie constantly to the user so they’ll always miss their shot,” Sandvik told Wired. “If the scope is bricked, you have a six to seven thousand dollar computer you can’t use on top of a rifle that you still have to aim yourself.”

Here’s how the hackers exploited the system, as reported by Wired:

But Sandvik and Auger found that they could use a chain of vulnerabilities in the rifle’s software to take control of those self-aiming functions. The first of these has to do with the Wi-Fi, which is off by default, but can be enabled so you can do things like stream a video of your shot to a laptop or iPad. When the Wi-Fi is on, the gun’s network has a default password that allows anyone within Wi-Fi range to connect to it. From there, a hacker can treat the gun as a server and access APIs to alter key variables in its targeting application. (The hacker pair were only able to find those changeable variables by dissecting one of their two rifles and using an eMMC reader to copy data from the computer’s flash storage with wires they clipped onto its circuit board pins.)

[…]

Sandvik and Auger found that through the Wi-Fi connection, an attacker could also add themselves as a “root” user on the device, taking full control of its software, making permanent changes to its targeting variables, or deleting files to render the scope inoperable. If a user has set a PIN to limit other users’ access to the gun, that root attack can nonetheless gain full access and lock out the gun’s owner with a new PIN. The attacker can even disable the firing pin, a computer controlled solenoid, to prevent the gun from firing.

Watch the demo they gave Wired:

Fortunately, the security researchers found that they could not cause the gun to remote fire. The trigger still has to be pulled by the user for the firearm to shoot.

TrackingPoint Founder John McHale told Wired the company would be developing and issuing a software update as soon as possible in light of Sandvik and Auger’s exploit. The hackers though told Wired they’ve tried to get a response from TrackingPoint on what they’ve found for months.

McHale told the tech site he still stands behind the gun’s safety aspects as well.

“The shooter’s got to pull the rifle’s trigger, and the shooter is responsible for making sure it’s pointed in a safe direction,” he said.

He also added that the fact that this hack requires a Wi-Fi connection to exploit, makes it a more remote possibility that someone would infiltrate the firearm’s system for nefarious reasons.

“It’s highly unlikely when a hunter is on a ranch in Texas, or on the plains of the Serengeti in Africa, that there’s a Wi-Fi Internet connection,” McHale told Wired.

Sandvik and Auger warned that a hacker could mess with the gun’s system in a way that would continue even after the weapon is out of Wi-Fi range, Wired reported.

A couple of years ago when the rifle system became available, TrackingPoint reported sales were strong enough to have people on a wait list. Earlier this year though, Ars Technica pointed out that the company appeared to be experiencing financial trouble.

“Due to financial difficulty TrackingPoint will no longer be accepting orders,” a message on the company’s home page in May read, according to Ars Technica. It’s a message that no longer appears on the website.

McHale told Wired that TrackingPoint is currently “working through an internal restructuring.”