Even smart rifles can be hacked

30 Jul 2015 | Author: | No comments yet »

Hackers Can Disable a Sniper Rifle—Or Change Its Target.

The Black Hat hacker conference is just two weeks away and for a while, we’re going to be hearing a lot about how hackers can get into this and that thing, which we previously assumed was “secure.” Last week, for example, Wired had a piece about how cybersecurity experts Charlie Miller and Chris Valasek used a cellphone network to take over the controls of a Jeep being driven by Wired editor Andy Greenberg.Sniper rifles have gotten pretty fancy these days, but it’s those high-end gadgets that help expertly guide shots that could also be their biggest weakness.Nearly everything is getting a high-tech makeover these days in the name of making objects more convenient in the connected world, but with added computerization comes the risk of hacking.

Runa Sandvik and Michael Auger have spent a year develop techniques to hack the TrackingPoint self-aiming rifles, gaining entry via the weapon’s Wi-Fi connection and then taking advantage of software flaws. But add a wireless connection to that computer-aided weapon, and you may find that your smart gun suddenly seems to have a mind of its own—and a very different idea of the target.

According to a report from Wired, the married hackers have developed a way to break into the rifle via a WLAN connection and take command through a series of package exploits. this enables them close to complete control over the aiming and firing functions. However, two security researchers found that the $13,000 rifle can be compromised, allowing a hacker to recalibrate the scope’s calculation so the shots land away from the intended target. But, as reported by a new article and video demonstration at Wired, the husband and wife duo have successfully manipulated the gun’s functions, proving its possible to control the weapon from a remote computer.

TrackingPoint has sold more than a thousand weapons, specially sniper rifles, since its inception in 2011, attracting customers with “self-aiming” technology that make it easy for shooters to take wind, temperature, the weight of the bullet being fired and other variables into consideration when they’re aiming at a target. In short, they were able to make the rifle miss its target, disable the scope’s computer, prevent the gun from firing and even change the target system in a way that caused the shooter to hit a different target. “It’s highly unlikely when a hunter is on a ranch in Texas, or on the plains of the Serengeti in Africa, that there’s a Wi-Fi Internet connection,” McHale said. “The probability of someone hiding nearby in the bush in Tanzania are very low.” That’s not the point, though, of course. The first of these has to do with the Wi-Fi, which is off by default, but can be enabled so you can do things like stream a video of your shot to a laptop or iPad.

The point is that lots of Internet capability is being added to all kinds of technology and gadgets — from guns to cars — without anyone thinking about the security from the bottom up. In the video, you can see the two dial in changes to the scope’s targeting system that sends a bullet straight to their own bullseye instead of the original target. From there, a hacker can treat the gun as a server and access APIs to alter key variables in its targeting application. (The hacker pair were only able to find those changeable variables by dissecting one of their two rifles and using an eMMC reader to copy data from the computer’s flash storage with wires they clipped onto its circuit board pins.) Sandvik and Auger found that through the Wi-Fi connection, an attacker could also add themselves as a “root” user on the device, taking full control of its software, making permanent changes to its targeting variables, or deleting files to render the scope inoperable. If a user has set a PIN to limit other users’ access to the gun, that root attack can nonetheless gain full access and lock out the gun’s owner with a new PIN.

As manufacturers of the rifle, Tracking Point have refuted that there is any issue with the rifle following the discovery and that while a patch for the software has been administered, its founder John McHale said the likelihood of the rifle being made vulnerable through Wi-Fi in the open world. However if there is one thing we can be thankful for is that the hack can’t make the gun fire by itself, since this will actually require the user to pull the trigger. Then, after the trigger is pulled, the computerized rifle itself chooses the exact moment to fire, activating its firing pin only when its barrel is perfectly oriented to hit the target.

Earlier this year though, Ars Technica pointed out that the company appeared to be experiencing financial trouble. “Due to financial difficulty TrackingPoint will no longer be accepting orders,” a message on the company’s home page in May read, according to Ars Technica. So on Auger’s next shot, Sandvik’s change of that single number in the rifle’s software made the bullet fly 2.5-feet to the left, bullseyeing an entirely different target. But that change in view is almost indistinguishable from jostling the rifle. “Depending on how good a shooter you are, you might chalk that up to ‘I bumped it,’” says Sandvik. It’s even possible (although likely difficult), they suggest, to implant the gun with malware that would only take effect at a certain time or location based on querying a user’s connected phone.

In fact, Auger and Sandvik have been attempting to contact TrackingPoint to help the company patch its rifles’ security flaws for months, emailing the company without response. The company’s silence until WIRED’s inquiry may be due to its financial problems: Over the last year, TrackingPoint has laid off the majority of its staff, switched CEOs and even ceased to take new orders for rifles. And with only a thousand vulnerable rifles in consumers’ hands and the hack’s limited range, it may be unlikely that anyone will actually be victimized by the attack.

But the rifles’ flaws signal a future where objects of all kinds are increasingly connected to the Internet and are vulnerable to hackers—including lethal weapons. “There are so many things with the Internet attached to them: cars, fridges, coffee machines, and now guns,” says Sandvik. “There’s a message here for TrackingPoint and other companies…when you put technology on items that haven’t had it before, you run into security challenges you haven’t thought about before.”

Here you can write a commentary on the recording "Even smart rifles can be hacked".

* Required fields
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site