Hackers Disable ‘Smart’ Rifle and Change Its Target, Remotely

Hackers have devised the means to remotely hack a pair of ‘self-aiming smart rifles’ which run Linux and Android along with a Wi-Fi connection. The hack is so comprehensive that the rifle can be remotely disabled or choose a new target (!)

Two security researchers have uncovered vulnerabilities in a $13,000 smart rifle which can be connected to Android smartphones or tablets over Wi-Fi and is ‘smart’ enough to let novice marksmen hit targets half a mile away. The researchers discovered that anyone within a close vicinity to the rifle can remotely hack and tweak the controls of the weapon over a Wi-Fi connection, according to a report in Wired.

A TrackingPoint rifle merges cameras, embedded sensors and a piece of Linux software with a sniper rifle, turning it into a ‘smart’ weapon. Although the US Army was rumored to be looking into such hardware, the rifle is primarily geared and marketed to hunters.

Here’s how the smart-rifle works:

  • The rifle can be connected to Wi-Fi which helps in having a computer stream and record video from the rifle’s camera while the shooter looks down the scope.
  • With additional algorithms to improve accuracy, the shooter can then tweak the settings of the targeting system.
  • Important variables such as wind-speed, temperature, distance and bullet weight are considered in order to find the target accurately.
  • The shooter then points the rifle at the target before pressing a button to mark where they want the bullet to land. This button sets the crosshair on the scope of the rifle for the shooter to aim at.

A hacked weapon

Husband-and-wife duo Michael Auger and Runa Sandvik demonstrated the hack successfully to Wired, tricking the rifle using software to misdirect the bullet. The hacker couple have devised an exploit to allow an attacker gain complete control of the rifle using its Wi-Fi connection and intend to demonstrate the hack at the Black Hat hacker conference in two weeks.

Their foray into making the discovery was spurred on when they happened to notice TrackingPoint’s booth at the Nation’s Gun Show.

“We were reading their marketing material that said you could connect it to your phone,” Sandvik said. “That’s when I suggested we buy one and hack it.”

Auger dismantled the computer scope in the weapon after purchasing a .308 model retailing for $12,995. He discovered two glaring concerns while studying the hardware.

  • Every rifle contains a built-in network password that’s default and cannot be changed.
  • The weapon is keen to listen to instructions remotely. Anyone with administrator access can remotely hack the weapon over Wi-Fi, instead of granting such authority to the weapon-holder.

Sandvik added that she spoke to TrackingPoint to make them aware of the vulnerabilities. “They seemed… interested in fixing the issues we identified,” she concluded.