TrackingPoint Rifle Hacked

The smart rifle has been outsmarted.

Over the course of a year, security researchers Runa Sandvik and Michael Auger studied and reverse-engineered the TrackingPoint aiming system, which enables shooters to accurately place shots in a variety of shooting conditions, in an attempt to discover its vulnerabilities.

The couple discovered that the system's Wi-Fi connection, which is included to allow shooters to stream video of their shots to computers, let them change variables within the targeting system.

Their control of the targeting software allowed them to accurately control shot placement, causing the rifle to miss by either an inch or a foot or more, depending on their input. This was achieved by changing the weight of the bullet in the software. The two hackers changed the bullet weight from .4 ounces to 72 pounds.

https://www.youtube.com/watch?v=BJPCYdjrNWs

"You can set it to whatever crazy value you want and it will happily accept it," Sandvik told Wired.

The hack also allowed them to permanently disable the scope, thus making it impossible to aim at any distance. They even found that they could prevent the rifle from firing, because the firing pin is controlled by an electronic solenoid.

The hacking duo said they could even program the rifle to malfunction at a certain time or place by linking the system's wireless with a user's phone.

In fact, the only thing they couldn't do was make the rifle fire independently of the shooter. Despite its advanced electronics, the system still relies on the shooter's manual input to fire the weapon.

TrackingPoint Founder John McHale told Wired that the software vulnerabilities don't fundamentally change the gun's safety.

"The shooter's got to pull the rifle's trigger, and the shooter is responsible for making sure it's pointed in a safe direction. It's my responsibility to make sure my scope is pointed where my gun is pointing," McHale said. "The fundamentals of shooting don't change even if the gun is hacked."

Sandvik and Auger will present the full findings of their research at the Black Hat hacker conference this week.

---