Black Hat Researchers Hack Rifle for Fun

 
 
By Sean Michael Kerner  |  Posted 2015-08-06 Print this article Print
 
 
 
 
 
 
 
rifle hacking

VIDEO: Husband and wife security researchers explain how they hacked a Linux-powered TrackingPoint rifle and why they did it.

LAS VEGAS--In world where everything is connected and everything can be hacked, it shouldn't be a surprise that a rifle can be hacked to have a shooter change targets. That's precisely what independent security researcher Runa Sandvik and her husband Michael Augur detailed at the Black Hat USA conference here.

The two researchers acquired a TrackingPoint rifle and were able to hack it in multiple ways, including misdirecting the targeting system, such that when fired the gun would hit a different target than what it was aiming at. Why did Augur and Sandvik hack the TrackingPoint rifle? It was all about curiosity.

"The reason we started doing this in the first place is Runa [Sandvik] is from Norway and has a very romanticized vision of the U.S., so loving all things America, we needed to go to a gun show," Augur said.

At to the gun show, Sandvik became interested in the TrackingPoint weapon after learning that it is a Linux-powered device that could be connected to a phone via a mobile app.

"So she asked me if we could buy the gun and hack it, and I said, 'Let's do it,'" Augur said.

The TrackingPoint rifle has a wireless network that a mobile phone can connect to, as well as a pair of mobile apps. One of the apps is called shot view that lets the app user see what the shooter sees through the scope. The other app is calling tracking point and allows the user to change environmental settings like wind and temperature to improve targeting.

The actual hack of the TrackingPoint rifle was a process that took a year of effort and required going through multiple levels of technology, including physically taking the weapon apart and reverse-engineering the software.

Augur explained that the way the attacks work is they require the WiFi on the weapon to be turned on and the attacker has to be within range of the WiFi. Sandvik noted that as far as she can tell, there is no way to remotely attack the device.

That said, she noted that the updating mechanism on the TrackingPoint rifle connected insecurely to the update server, exposing it to potential risk. There are also vulnerabilities in how the API on the rifle validates code, which is how the two researchers were able to manipulate it to cause the gun to miss its intended target.

While there are risks with the TrackingPoint rifle, Augur emphasized that the attack surface is relatively low and there is little chance that the vulnerabilities that he and his wife found would be used in the wild as part of some kind of nation-state assassination attack. Augur added that TrackingPoint is currently in the process of patching the weapon.

Watch the full video from the Black Hat USA press conference below:

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

 
 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel