Analecta Cyber Company Blog: Hackers Can Disable a Sniper Rifle—Or Change Its Target


Hackers Can Disable a Sniper Rifle—Or Change Its Target

It seems that these days everything with a computer system can be hacked. Now even a sniper rifle has been added to the long list. An auto-aiming rifle developed by TrackingPoint has a built-in networked tracking scope and upgradeable software. The company has sold more than a thousand of these high-end, Linux-powered rifles with a self-aiming system. This system helps a novice shooter turn into a world-class marksman hitting targets as far as a mile away. But this technology also lead hackers to compromise the rifle itself and exploit vulnerabilities found in its software.

At a hacker conference, married security researchers presented the results of their year-long work on a pair of $13,000 TrackingPoint self-aiming rifles. They were able to alter the variables in the scope’s system and force it to strangely miss its target. They compromised the rifle’s system through its WiFi connection. Also, they were able to permanently disable the scope’s computer and even prevent the gun from firing.

A single number alters aim

The couple found that they could take advantage of the vulnerabilities in the rifle’s software and take control of those self-aiming functions. They made a demonstration of what they can do with these rifles at a West Virginia firing range using only a laptop connected to the rifle via WiFi. A single number altered in its software made the bullet fly several feet away from the original target. They added that they can take full control of its software making several other alterations possible. But the two researchers pointed out one thing their attack can’t do, that is to cause the gun to fire unpredictably.

The company founder said in a statement that he appreciated the research conducted by the couple, and that the company will work with them to patch the rifle’s hackable flaws as quickly as possible. A software update will then be sent to customers on a USB drive. He also argued that the rifle’s software vulnerabilities don’t fundamentally change its safety. And with only about a thousand vulnerable rifles are out in public and the limited range of the possibility of hacking via WiFi, they claimed that there’s a very little chance that anyone will actually be victimized.