Cybersecurity researchers Runa Sandvik and Michael Auger have discovered a design flaw that allows someone to take control of a TrackingPoint self-aiming sniper rifle. The husband and wife team found that the hack could allow a person to remotely point the rifle away from its intended target, permanently disable the scope’s computer, or even stop it from firing altogether.
The $13,000 sniper rifles use the same advanced target-tracking technology found in drones, fighter jets, and other weapon systems. To date, more than a thousand customers have bought the weapon, attracted by the self-aiming technology which makes it easy for shooters to take wind, temperature, the weight of the bullet being fired and other variables into consideration when they’re aiming at a target.
Sandvik and Auger found they could use vulnerabilities in the rifle’s software to take control of its self-aiming functions. The weapon has a Wi-Fi system which allows shooters to stream a video of their shot onto a laptop or iPad. According to Wired, when the Wi-Fi is enabled, the gun’s network has a default password that allows anyone within Wi-Fi range to connect to it. From there, a hacker can treat the gun as a server and access APIs to alter key variables in its targeting application. A networked attack on the rifle can’t make it fire, however.
“You can make it lie constantly to the user so they’ll always miss their shot,” says Sandvik, a former developer for the anonymity software Tor. “If the scope is bricked, you have a six to seven thousand dollar computer you can’t use on top of a rifle that you still have to aim yourself.”
The researchers plan to present the results of a year’s work on exploiting two of the rifles at the upcoming black hat conference in Las Vegas. TrackingPoint founder John McHale said his company is developing a software update to patch the rifle’s flaws, and was dismissive over the dangers the vulnerability posed.
“It’s highly unlikely when a hunter is on a ranch in Texas, or on the plains of the Serengeti in Africa, that there’s a Wi-Fi Internet connection,” McHale said. “The probability of someone hiding nearby in the bush in Tanzania are very low.”