As if the mere existence of computer-augmented, self-aiming rifles wasn’t worrisome enough, a pair of security experts claim to have discovered how someone could remotely gain access to the firearms, shutting them down or changing the target to one of the hacker’s own choosing.
According to Engadget, computer safety experts Runa Sandvik and Michael Auger have come up with a method that allows them to break into rifles using the TrackingPoiny ShotView computer-augmented targeting system via Wi-Fi, then use several software exploits to assume control of the weapon’s aiming and firing functions.
The method enables hackers to alter the trajectory calculations of the scope, permanently disable its aiming computer, or even prevent the gun from being fired at all. Their findings will be presented at next month’s Black Hat conference in Las Vegas.
Sandvik and Auger gave a demonstration of their techniques to Wired, and the website reported that they were able to “dial in their changes to the scope’s targeting system so precisely that they could… hit a bullseye of the hacker’s choosing rather than the one chosen by the shooter.”
Gun can be compromised, but cannot be fired remotely
“You can make it lie constantly to the user so they’ll always miss their shot,” Sandvik, a former developer for the anonymity software Tor, told Wired. The hacker could also lock out the user or erase the entire file system of the gun, rendering the $13,000 system unusable. There are a series of vulnerabilities in the rifle’s software and its Wi-Fi capabilities that allow this kind of hacking.
The researchers explained that the rifle’s Wi-Fi is off by default, but if activated, uses a default password that gives anyone in range the ability to connect to it. Once connected, hackers can use the device like a service, accessing APIs to alter key targeting system variabilities discovered by the duo by taking apart and analyzing the systems and circuit boards of one of the rifles.
In their demonstration, they were able to change the weight of the ammunition, causing the bullet fired by the gun to fly wildly off target. Higher weights caused bullets to miss to the left and lower ones made it miss to the right, and the only thing that could alert the shooter that the rifle has been compromised is a sudden jump in the scope’s view as it changes position.
They also found that they could use the Wi-Fi connection to add themselves as a user, assuming control of its software, making permanent changes to its targeting variables or deleting files required by the scope to operate. They were also able to disable the firing pin, preventing the gun from shooting, but were not able to cause the gun to fire remotely.