Industry News

See how a self-aiming sniper rifle can be remotely hacked

I must admit I raised an eyebrow.

I’m not clear why any regular member of the public would really need a sniper rifle, let alone one which has a computer running Linux embedded inside it.

But, it turns out, there is a market for so-called “smart” self-aiming sniper rifles – in America at least.

And with help from the kind of modern technology built into the $13,000 Tracking Point TP750 rifle, even a lousy shot might find themselves shooting dead on target, as the computer-assisted weapon decides upon the very best time to shoot is to hit your intended target.

Husband-and-wife security research team Michael Auger and Runa Sandvik realised that if you add a WiFi connection to a rifle, you also potentially introduce vulnerabilities that hackers could exploit. The couple purchased two of the Linux-powered rifles, disembowelling one to access and reverse engineer its circuit board.

And, predictably, serious security holes have been found – making it possible to completely disable the rifle remotely, or deliberately miss its intended target.

In an interview with Wired, Auger and Sandvik described their findings:

The only alert a shooter might have to that hack would be a sudden jump in the scope’s view as it shifts position. But that change in view is almost indistinguishable from jostling the rifle. “Depending on how good a shooter you are, you might chalk that up to ‘I bumped it,'” says Sandvik.

Sandvik and Auger found that through the Wi-Fi connection, an attacker could also add themselves as a ‘root’ user on the device, taking full control of its software, making permanent changes to its targeting variables, or deleting files to render the scope inoperable. If a user has set a PIN to limit other users’ access to the gun, that root attack can nonetheless gain full access and lock out the gun’s owner with a new PIN. The attacker can even disable the firing pin, a computer controlled solenoid, to prevent the gun from firing.

Now, before you start having visions of SkyNet from the Terminator movies, let me reassure you with one thing. Although the researchers found a way of disabling the rifles, rendering them useless, they did not find a way to force the rifles to fire unexpectedly – as someone is still required to press the trigger.

Thankfully, the actual firing of the rifle is still a process that depends on hardware rather than software.

TrackingPoint founder John McHale says that owners of the self-aiming rifle will be sent an update on USB as soon as a fix is developed, and was keen to stress to Wired that – in his view – the gun’s safety is not in question:

“The shooter’s got to pull the rifle’s trigger, and the shooter is responsible for making sure it’s pointed in a safe direction. It’s my responsibility to make sure my scope is pointed where my gun is pointing. The fundamentals of shooting don’t change even if the gun is hacked.”

Whether TrackingPoint does manage to fix the security issue, and update its customers, is open to some question, as it has recently laid off most of its staff and stopped taking new orders for rifles. That’s a concern for Sandvik and Auger as well, who say they will not be releasing the full exploit code in fear that malicious parties could exploit it.

It may be that there aren’t enough owners of TrackingPoint’s “smart” self-aiming rifles to make this a vulnerability that is worth worrying about too much, but it does underline continuing and rising concerns about the risks posed by the internet of things.

Manufacturers. If you currently sell a product which isn’t “smart”, maybe it would be better if you didn’t try to make it “smart”. Sometimes the dumb old way things worked were much much safer.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

4 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • “Now, before you start having visions of SkyNet from the Terminator movies, let me reassure you with one thing. Although the researchers found a way of disabling the rifles, rendering them useless, they did not find a way to force the rifles to fire unexpectedly – as someone is still required to press the trigger.”

    Which left me wondering how long before someone does rig some mechanical linkage to the gun so it can be fired by computer.

    • Indeed a valid point. I thought of that too although I would rather not. The fact AI is increasing, and the fact some companies (Google comes to mind) do not understand (or in Google’s case, ‘care’) just how serious and dangerous it is, and the fact that killer robots aren’t banned (imo any person or organisation that works on or funds such things, should be sanctioned and heavily fined)… makes me wonder when it will happen. A very scary thought. It is yet another possible way that humans will wipe out the planet long before the sun dies (and that much is already a guarantee).

  • As its WiFi the terrorists or whoever will now be purchasing cheap WiFi gizmos of ebay, that’ll jam the WiFi signal. They’re already being used here in the UK by vehicle thieves.