A wireless connection and a smart sniper rifle don't make for a good mix, believe it or not. Cybersecurity researchers Runa Sandvik and Michael Auger have figured out how a hacker could take control of a TrackingPoint self-aiming sniper rifle, pointing the way away from its intended target or stopping it from firing altogether.
TrackingPoint has sold more than a thousand weapons since its inception in 2011, attracting customers with “self-aiming” technology that make it easy for shooters to take wind, temperature, the weight of the bullet being fired and other variables into consideration when they're aiming at a target. Shooters can also stream a video of their shot onto their laptop by enabling the gun's Wi-Fi system, which automatically uses a default password (meaning anyone in the area can connect to it). But, according to a new article and video demonstration at Wired, Sandvik and Auger have successfully manipulated the gun's functions, proving its possible to control the weapon from a remote computer.
“You can make it lie constantly to the user so they'll always miss their shot,” Sandvik told Wired, explaining that it's also possible to wipe out the TrackingPoint's entire file system. “If the scope is bricked, you have a six to seven thousand dollar computer you can't use on top of a rifle that you still have to aim yourself.”
TrackingPoint founder John McHale told Wired he's glad for the new insight into the weapon's system and plans to work with Auger and Sandvik, a former developer on the Tor anonymity software, to improve its security. But he also highlighted their inability to make the gun fire without pulling the trigger, a key safety measure.
“The shooter’s got to pull the rifle’s trigger, and the shooter is responsible for making sure it’s pointed in a safe direction. It’s my responsibility to make sure my scope is pointed where my gun is pointing,” McHale said. “The fundamentals of shooting don’t change even if the gun is hacked.”