Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Foray Into US Life Led Hacker Couple to Crack Smart Rifle

Las Vegas  – A dive into a gun-loving side of US culture by a pair of computer security researchers led them to hack into a digitally-enhanced sniper rifle.

Las Vegas  – A dive into a gun-loving side of US culture by a pair of computer security researchers led them to hack into a digitally-enhanced sniper rifle.

Husband and wife hackers Michael Auger and Runa Sandvik will share their work on Friday at the notorious Def Con hacker gathering in Las Vegas, a day after making a presentation at the Black Hat cyber defense conference.

“Runa is from Norway with a romanticized vision of the United States, loving all things American,” Auger said as he and his wife discussed their findings at Black Hat.

“I told her we needed to go to a gun show, it doesn’t get more American than that.”

While at a gun show, the couple spied a TrackingPoint self-aiming rifle that boasted sophisticated features, including a smart scope powered by the Linux operating system and smartphone applications.

TrackingPoint Rifle Hacked to Modify ScopeSandvik said she immediately wanted to get her hands on it, to hack in and see what they could find. She easily convinced her husband they should buy one of the $13,000 rifles.

The couple made a side-project of hacking into the weapon, finding a way to remotely reset parameters used by the computerized scope to tell the rifle where to shoot.

“It was a fun day, tearing apart a $13,000 rifle,” Auger said.

Squeezing the trigger of the rifle is done manually, so, while hackers could alter the aim, they could not fire the weapon, according to Sandvik and Auger.

Advertisement. Scroll to continue reading.

They could, however, remotely prevent the rifle from firing and by tapping into the smartphone app they could see what the person using the rifle sees through the scope.

Hackers would typically need to be within 100 feet or less to connect with the rifle’s wireless computing system, which must be turned on by whoever is using the weapon.

Make rifles misbehave

Aside from tinkering with parameters such as wind that influence aim, the couple found a way to make permanent updates to their software powering the scope.

“At that point, their rifle would misbehave wherever they are,” Sandvik said.

The couple downplayed concerns that hackers could illicitly cause a shooter to miss his aim and endanger the wrong target, saying that the rifle is the first of its kind and only a thousand or so of them have been sold.

“I wouldn’t be particularly worried,” Auger said.

“Most people aren’t going to be out using it for assassination, they will be using it for hunting. And almost nobody is using the Wi-Fi feature.”

A half dozen of the rifles were bought by the US military for evaluation, according to Auger, who noted there has been no public word regarding what came of that.

Versions of the rifle are said to be able to lock onto targets as far as a mile away.

“Your shot accuracy goes through the roof, even for someone who does not know how to shoot,” Auger said of the self-aiming rifle.

He was bracing himself for a Def Con crowd likely to be unhappy they won’t get a live demonstration.

The couple left the rifle at home to avoid the administrative hassles and delays involved with carting a high-powered weapon through airports and hotels.

The couple said that TrackingPoint has been working with them to shore up vulnerabilities.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.