Smart Rifle’s Software Can Be Hacked To Shoot Off-Target
The internet of things that shouldn’t be online
TrackingPoint’s rifles are clever pieces of technology, merging cameras, sensors, and Linux software with a sniper rifle to create a gun very good at hitting targets far away, even when fired by an untrained shooter. Primarily marketed to hunters, last year the U.S. Army was also rumored to be evaluating them. A rifle that relies on software comes with a new risk: it can be hacked. Security researchers and wife-and-husband duo Runa Sandvik and Michael Auger have demonstrated a successful hack, fooling the rifle into software into misdirecting the bullet.
TrackingPoint’s rifle can connect to WiFi, allowing a computer to stream video from the rifle’s camera as the shooter points down the scope. This also allows the shooter to adjust the settings of the targeting system for certain varying qualities, such as bullet weight or windspeed.
When functioning normally, the shooter points the rifle at the target and hits a button marking exactly where they want the bullet to hit. This sets a crosshair on the rifle’s scope. Finally, the the shooter adjusts the orientation of the rifle, making sure the bullet will actually go the intended direction, then fires.
TrackingPoint is designed to account for wind speed, temperature, distance, bullet weight, and other factors that make the math of shooting hard to do on the fly, so when working as intended, it makes for very accurate shots. When hacked, however, the rifle’s settings can be radically adjusted without the shooter knowing about it, causing a shot to fly off chaotically, in very different directions than intended. As demonstrated, a bullet fired from the hacked rifle can easily miss by feet, potentially hitting something or someone located relatively far from the intended target.
The human still aims the rifle, so this hack isn’t quite as dangerous as turning the gun on its users. Besides making the aim on the rifle worse, the hacker can either keep the original user from accessing the software or just erasing it completely. That changes a high-tech, auto-aiming rifle into a regular dumb rifle with a heavy camera and computer system on top. It can even stop the gun from firing at all.
Lest you think this is easy, its important to note that the WiFi on the TrackingPoint rifle is off by default, and there are some modest security measures in place, like user identification numbers and default passwords, which pose obstacles to the would-be hacker. But a determined effort could readily get through.
Despite the potential for hacking, it’s hard to see exactly how it could become relevant. Someone who could get close enough to access the rifle by WufU is also well within range to destroy it with a small explosive or attack its user with a handgun. In professions like the armed forces where having an unhackable, super-accurate shot is required, there already exists an option we’ve had for centuries: well trained human snipers, using guns that don’t need software.