Hackers Find a Way to Remotely Switch a ‘Smart’ Sniper Rifle’s Target
After uncovering vulnerabilities in a sniper rifle, two hackers have developed an exploit which can take control of the ‘smart’ sniper rifle and change the intended target by hacking it remotely.
Security researchers have discovered a way to remotely hack into a self-aiming ‘smart’ rifle by exploiting its vulnerabilities in its Linux-powered software, in a report published by Wired.
Researchers Runa Sandvik and Michael Auger, a married hacker couple have developed and devised the exploit for over a year after working on a pair of self-aiming rifles manufactured by TrackingPoint which retails for $13,000 each.
Smart rifles are advanced sniper rifles modified with computers and a camera that’s attached to the weapon. Data is communicated back and forth between devices including Android smartphones and tablets and the whole mechanism is geared to help hunters, who are the targeted market for such weapons. The ‘smart’ features help novice marksmen to accurately hit targets half a mile away.
Essentially, the rifle along with cameras, custom Linux software and embedded sensors come together to become a ‘smart weapon.’
Here’s how a smart rifle works:
- The rifle is always hooked onto a Wi-Fi connection. Data is transmitted to a computer to stream and record video that’s recorded from the camera on the rifle. The camera records the image being seen by the shooter when looking into the sniper’s scope.
- Accuracy is greatly improved with advanced algorithms that are constantly being worked on by the Linux system which helps to get a fix on the target.
- The fix or ‘lock’ occurs after important variables are determined in real-time. They include temperature, wind speed, bullet weight and the distance to the target.
- With the help of a button (not to be mistaken with the trigger), a crosshair is computed and determined by the computerized scope on the rifle. This helps the shooter in finding his targets accurately.
This video shows how a smart sniper rifle works:
Hacking a ‘Smart’ Weapon
The hacker duo have found a way to exploit the vulnerabilities inherent in the design and software development of the rifle. The process in developing an exploit to hack the weapon started when the couple noticed a TrackingPoint booth at a Gun Show last year.
“We were reading their marketing material that said you could connect it to your phone,” Sandvik said. “That’s when I suggested we buy one and hack it.”
After purchasing two lower-end precision-guided .308 model rifles, Auger dismantled the scope to study the hardware. Two vulnerabilities were immediately discovered.
- Both rifles had a built-in network password by default. They quickly found out it got worse, the password couldn’t be changed.
- Contrary to the common notion that the computerized rifle only listens to the actual weapon-holder, it is in-fact constantly listening for instructions remotely, over Wi-Fi. They realized then that hackers would have a field day with such a weapon.
By changing a single number in the rifle’s on board software, a bullet shot missed a target by 2.5 feet to the left, taking out a completely different target altogether.
The duo demonstrated their hack to Wired in a video here.
The two hackers intend to present the results and further detail the vulnerabilities discovered at the Black Hat hacker conference that’s scheduled in two weeks.
Image from Youtube.