The gears of war have gotten pretty fancy these days, but it’s those high-end gadgets that expertly help to guide shots that could also be their biggest weakness.
Security researchers Runa Sandvik and Michael Auger has discovered a way to take control of a TrackingPoint self-aiming sniper rifle, pointing the way away from its intended target or stopping it from firing altogether.
TrackingPoint has sold more than a thousand weapons, specially sniper rifles, since its inception in 2011, attracting customers with “self-aiming” technology that make it easy for shooters to take wind, temperature, the weight of the bullet being fired and other variables into consideration when they’re aiming at a target. Shooters can also stream a video of their shot onto their laptop by enabling the gun’s Wi-Fi system, which automatically uses a default password (meaning anyone in the area can connect to it). But, according to a new article and video demonstration at Wired, the husband and wife duo have successfully manipulated the gun’s functions, proving its possible to control the weapon from a remote computer.
Sandvik and Auger found vulnerabilities in the rifle’s software and were able to use the gun’s wireless connection to access its application program interface, where they essentially reprogrammed its targeting functions. In short, they were able to make the rifle miss its target, disable the scope’s computer, prevent the gun from firing and even change the target system in a way that caused the shooter to hit a different target.
If there’s any good news, it is that Sandvik and Auger were unable to get the gun to fire unexpectedly.
Greenberg says he contacted TrackingPoint founder John McHale, who said his company is developing a software update to patch the rifle’s flaws. He also pointed out that it would be difficult for someone in the real world to use Wi-Fi and hack into the rifle.
TrackingPoint founder John McHale told Wired he’s glad for the new insight into the weapon’s system and plans to work with Auger and Sandvik, a former developer on the Tor anonymity software, to improve its security. But he also highlighted their inability to make the gun fire without pulling the trigger, a key safety measure.
“The shooter’s got to pull the rifle’s trigger, and the shooter is responsible for making sure it’s pointed in a safe direction. It’s my responsibility to make sure my scope is pointed where my gun is pointing,” McHale said. “The fundamentals of shooting don’t change even if the gun is hacked.”
This is the second Wired exclusive on the flimsiness of computer firewalls and anti-tampering measures installed in modern consumer devices. Last week, the magazine ran a piece about how cybersecurity experts Charlie Miller and Chris Valasek used a cellphone network to take over the controls of a Jeep being driven by Greenberg again. These two stories ought to make the conversation at the upcoming Black Hat hacker conference in just two weeks a lot more interesting.