TrackingPoint Smart Rifle: Security Team Hacks Weapon

30 Jul 2015 | Author: | No comments yet »

Hackers Can Break Into the Self-Aiming Rifle to Change Its Target.

The Black Hat hacker conference is just two weeks away and for a while, we’re going to be hearing a lot about how hackers can get into this and that thing, which we previously assumed was “secure.” Last week, for example, Wired had a piece about how cybersecurity experts Charlie Miller and Chris Valasek used a cellphone network to take over the controls of a Jeep being driven by Wired editor Andy Greenberg.Sniper rifles have gotten pretty fancy these days, but it’s those high-end gadgets that help expertly guide shots that could also be their biggest weakness.

Nearly everything is getting a high-tech makeover these days in the name of making objects more convenient in the connected world, but with added computerization comes the risk of hacking.TrackingPoint’s computer-augmented rifle sights, better referred to as the ShotView targeting system, have set off a wave of tilt and debate since they 1st debuted in 2014. This week, Greenberg has another piece for us, this one about how security researchers Runa Sandvik and Michael Auger hacked into a pair of $13,000 TrackingPoint self-aiming rifles via its Wi-Fi connection.

But add a wireless connection to that computer-aided weapon, and you may find that your smart gun suddenly seems to have a mind of its own—and a very different idea of the target. However, two security researchers found that the $13,000 rifle can be compromised, allowing a hacker to recalibrate the scope’s calculation so the shots land away from the intended target.

TrackingPoint has sold more than a thousand weapons, specially sniper rifles, since its inception in 2011, attracting customers with “self-aiming” technology that make it easy for shooters to take wind, temperature, the weight of the bullet being fired and other variables into consideration when they’re aiming at a target. According to a report from Wired, the married hackers have developed a way to break into the rifle via a WLAN connection and take command through a series of package exploits. this enables them close to complete control over the aiming and firing functions. In short, they were able to make the rifle miss its target, disable the scope’s computer, prevent the gun from firing and even change the target system in a way that caused the shooter to hit a different target. “It’s highly unlikely when a hunter is on a ranch in Texas, or on the plains of the Serengeti in Africa, that there’s a Wi-Fi Internet connection,” McHale said. “The probability of someone hiding nearby in the bush in Tanzania are very low.” That’s not the point, though, of course.

The first of these has to do with the Wi-Fi, which is off by default, but can be enabled so you can do things like stream a video of your shot to a laptop or iPad. The point is that lots of Internet capability is being added to all kinds of technology and gadgets — from guns to cars — without anyone thinking about the security from the bottom up.

Last we heard, however, the corporate was addressing financial troubles and wasn’t taking orders for brand new weapons thus this won’t be an excessive amount of of a problem. In the video, you can see the two dial in changes to the scope’s targeting system that sends a bullet straight to their own bullseye instead of the original target. From there, a hacker can treat the gun as a server and access APIs to alter key variables in its targeting application. (The hacker pair were only able to find those changeable variables by dissecting one of their two rifles and using an eMMC reader to copy data from the computer’s flash storage with wires they clipped onto its circuit board pins.) Sandvik and Auger found that through the Wi-Fi connection, an attacker could also add themselves as a “root” user on the device, taking full control of its software, making permanent changes to its targeting variables, or deleting files to render the scope inoperable. If a user has set a PIN to limit other users’ access to the gun, that root attack can nonetheless gain full access and lock out the gun’s owner with a new PIN.

TrackingPoint founder John McHale told Wired he’s glad for the new insight into the weapon’s system and plans to work with Auger and Sandvik, a former developer on the Tor anonymity software, to improve its security. Then, after the trigger is pulled, the computerized rifle itself chooses the exact moment to fire, activating its firing pin only when its barrel is perfectly oriented to hit the target.

Earlier this year though, Ars Technica pointed out that the company appeared to be experiencing financial trouble. “Due to financial difficulty TrackingPoint will no longer be accepting orders,” a message on the company’s home page in May read, according to Ars Technica. So on Auger’s next shot, Sandvik’s change of that single number in the rifle’s software made the bullet fly 2.5-feet to the left, bullseyeing an entirely different target.

But that change in view is almost indistinguishable from jostling the rifle. “Depending on how good a shooter you are, you might chalk that up to ‘I bumped it,’” says Sandvik. But he argued that the software vulnerabilities don’t fundamentally change the gun’s safety. “The shooter’s got to pull the rifle’s trigger, and the shooter is responsible for making sure it’s pointed in a safe direction.

It’s even possible (although likely difficult), they suggest, to implant the gun with malware that would only take effect at a certain time or location based on querying a user’s connected phone. The company’s silence until WIRED’s inquiry may be due to its financial problems: Over the last year, TrackingPoint has laid off the majority of its staff, switched CEOs and even ceased to take new orders for rifles. And with only a thousand vulnerable rifles in consumers’ hands and the hack’s limited range, it may be unlikely that anyone will actually be victimized by the attack. But the rifles’ flaws signal a future where objects of all kinds are increasingly connected to the Internet and are vulnerable to hackers—including lethal weapons. “There are so many things with the Internet attached to them: cars, fridges, coffee machines, and now guns,” says Sandvik. “There’s a message here for TrackingPoint and other companies…when you put technology on items that haven’t had it before, you run into security challenges you haven’t thought about before.”

Here you can write a commentary on the recording "TrackingPoint Smart Rifle: Security Team Hacks Weapon".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site