The WiFi-connected sniper rifles can be disabled by hackers, and their auto-target function can be made to choose a different target.
TrackingPoint rifle hacked using WiFi exploit
Michael Auger and Runa Sandvik managed to hack the TrackingPoint rifles, which run Linux and Android, after working for a year to find a crack. The WiFi-connected rifles cost $13,000, and the fact that their targeting system can be compromised is a huge safety risk.
The pair managed to make the rifle completely unusable, and also gained root access to the targeting system. Despite being able to make the rifle aim at different targets than the shooter intended, they were not able to make the rifle fire without a human physically pulling the trigger.
According to a report in Wired magazine, the pair were able to show their hack by making bullets consistently miss the shooter’s target. “You can make it lie constantly to the user so they’ll always miss their shot,” said Sandvik.
Although the hackers have informed the rifle’s manufacturers about the exploit, they have received no response. TrackingPoint is no longer making or shipping the rifle, and has greatly reduced its number of staff. However there are approximately 1,000 in circulation.
Security a huge issue in the Internet of Things
Auger and Sandvik exploited a weakness in the rifle’s WiFi connection. The company later released a statement to Wired claiming that it would release a patch to fix the issue.
The company also defended the weakness in the WiFi connection, claiming that “it’s highly unlikely when a hunter is on a ranch in Texas, or on the plains of the Serengeti in Africa, that there’s a Wi-Fi internet connection.”
That sounds like a flimsy defense from a company which makes lethal weapons, and should take greater care to ensure safety and security. The case is interesting as it raises security issues linked to the increasing connectivity of devices in the Internet of Things.
As we move towards a world in which everyday items communicate with each other via the internet, manufacturers must place paramount importance on the security of their connections to avoid potentially crippling, or lethal, attacks from hackers.