Foray into US life led hacker couple to crack smart rifle

LAS VEGAS, USA – A dive into a gun-loving side of US culture by a pair of computer security researchers led them to hack into a digitally-enhanced sniper rifle.

Husband and wife hackers Michael Auger and Runa Sandvik will share their work on Friday at the notorious Def Con hacker gathering in Las Vegas, a day after making a presentation at the Black Hat cyber defense conference.

“Runa is from Norway with a romanticized vision of the United States, loving all things American,” Auger said as he and his wife discussed their findings at Black Hat.

“I told her we needed to go to a gun show, it doesn’t get more American than that.”

While at a gun show, the couple spied a TrackingPoint self-aiming rifle that boasted sophisticated features, including a smart scope powered by the Linux operating system and smartphone applications.

Sandvik said she immediately wanted to get her hands on it, to hack in and see what they could find. She easily convinced her husband they should buy one of the $13,000 rifles.

The couple made a side-project of hacking into the weapon, finding a way to remotely reset parameters used by the computerized scope to tell the rifle where to shoot.

“It was a fun day, tearing apart a $13,000 rifle,” Auger said.

Squeezing the trigger of the rifle is done manually, so, while hackers could alter the aim, they could not fire the weapon, according to Sandvik and Auger. 

They could, however, remotely prevent the rifle from firing and by tapping into the smartphone app they could see what the person using the rifle sees through the scope.

Hackers would typically need to be within 100 feet or less to connect with the rifle’s wireless computing system, which must be turned on by whoever is using the weapon.

– Make rifles misbehave – 

Aside from tinkering with parameters such as wind that influence aim, the couple found a way to make permanent updates to their software powering the scope.

“At that point, their rifle would misbehave wherever they are,” Sandvik said.

The couple downplayed concerns that hackers could illicitly cause a shooter to miss his aim and endanger the wrong target, saying that the rifle is the first of its kind and only a thousand or so of them have been sold. 

“I wouldn’t be particularly worried,” Auger said.

“Most people aren’t going to be out using it for assassination, they will be using it for hunting. And almost nobody is using the Wi-Fi feature.”

A half dozen of the rifles were bought by the US military for evaluation, according to Auger, who noted there has been no public word regarding what came of that. 

Versions of the rifle are said to be able to lock onto targets as far as a mile away.

“Your shot accuracy goes through the roof, even for someone who does not know how to shoot,” Auger said of the self-aiming rifle.

He was bracing himself for a Def Con crowd likely to be unhappy they won’t get a live demonstration. 

The couple left the rifle at home to avoid the administrative hassles and delays involved with carting a high-powered weapon through airports and hotels.

The couple said that TrackingPoint has been working with them to shore up vulnerabilities. – Glenn Chapman, AFP/Rappler.com