Put a computer on a sniper rifle, and it can turn the most amateur shooter into a world-class marksman. But add a wireless connection to that computer-aided weapon, and you may find that your smart gun suddenly seems to have a mind of its own—and a very different idea of the target.
Security researchers Runa Sandvik, left, and husband, Michael Auger, right, have figured out how to hack into a Tracking Point TP750 rifle to control the trajectory of the bullets fired.Click to Open Overlay Gallery
Security researchers Runa Sandvik, left, and husband Michael Auger have figured out how to hack into a Tracking Point TP750 rifle to disable it or control the trajectory of its bullets. Greg Kahn for WIRED
At the Black Hat hacker conference in two weeks, security researchers Runa Sandvik and Michael Auger plan to present the results of a year of work hacking a pair of $13,000 TrackingPoint self-aiming rifles. The married hacker couple have developed a set of techniques that could allow an attacker to compromise the rifle via its Wi-Fi connection and exploit vulnerabilities in its software. Their tricks can change variables in the scope’s calculations that make the rifle inexplicably miss its target, permanently disable the scope’s computer, or even prevent the gun from firing. In a demonstration for WIRED (shown in the video above), the researchers were able to dial in their changes to the scope’s targeting system so precisely that they could cause a bullet to hit a bullseye of the hacker’s choosing rather than the one chosen by the shooter.
“You can make it lie constantly to the user so they’ll always miss their shot,” says Sandvik, a former developer for the anonymity software Tor. Or the attacker can just as easily lock out the user or erase the gun’s entire file system. “If the scope is bricked, you have a six to seven thousand dollar computer you can’t use on top of a rifle that you still have to aim yourself.”
The exposed circuitboards of the Tracking Point TP750.Click to Open Overlay Gallery
Sandvik and Auger got their hands on two of the $13,000 TP750 rifles, and dissected this one to access its circuit board and reverse engineer its software. Greg Kahn for WIRED
Since TrackingPoint launched in 2011, the company has sold more than a thousand of its high-end, Linux-power rifles with a self-aiming system. The scope allows you to designate a target and dial in variables like wind, temperature, and the weight of the ammunition being fired. Then, after the trigger is pulled,...