14 DAY TRIAL // Two researchers, Michael Auger and Runa Sandvik, will present today, at the Black Hack conference in Las Vegas, their recent findings into the world of computerized weapons security.
After having recently visited the US where they participated at a gun show, the two were fascinated by a new "smart" weapon introduced to the market by the TrackingPoint, Inc.
The gun in question was a top-shelf sniper rifle that comes bundled with a modified Linux operating system that helps customers improve their aim.
The gun also comes with wi-fi capabilities, along with an Android app that allowed another person to view what the customer was seeing through their scope.
Taking a hard hit to their budget, the two purchased the gun, which was being sold for $13,000 / €11,900, and went on to analyze it for security vulnerabilities.
According to their disclosures to Wired, they managed to access the weapon's operating system, where they were able to tamper with the self-targeting system.
The "smart" sniper rifle was hacked via wi-fi
Additionally, using the gun's wi-fi connection, they were also able to create a root-level user, which they used to make permanent changes to targeting variables, prevent the gun from shooting, disable the scope feature, and even change the user's existing PIN if present.
Their findings, even if quite worrisome, are not that bad as they first appear.
For instance, the weapon has built-in safety systems that they were unable to tamper with, like the gun's ability to shoot, which only functions if a human is present to press the trigger.
Also, due to the wi-fi's limitations, hackers would need to be within a 100-foot / 30-meter distance from the gun to be able to exploit it.
Only 1,000 of these computerized weapons were produced
After the Wired article was published, TrackingPoint started showing this message on its homepage:
"Wired Magazine recently reported that information security consultants discovered software vulnerabilities in TrackingPoint guns. We are working with the consultants to verify their assessment and will provide you with a software update if necessary. Until then, please note the following: Since your gun does not have the ability to connect to the internet, the gun can only be compromised if the hacker is actually physically with you. You can continue to use WiFi (to download photos or connect to ShotView) if you are confident no hackers are within 100 feet."
It is also worth mentioning that the company produced only 1,000 units of this type of sniper rifles which, due to their very high retail price, are not as common as, per example, AK47s. So unless you're seeing someone carrying a Halo-like weapon on the streets in the near future, it's pretty safe to go outside!
The two researchers recorded a demo video, which you can view below, along with a presentation of the TrackingPoint smart sniper rifle's capabilities.
