Hackers Can Disable a Sniper Rifle—Or Change Its Target

0
119
Video sniper rifle from shooter

In the video demonstration for WIRED at a West Virginia firing range, Auger first took a shot with the unaltered rifle and, using the TrackingPoint rifle’s aiming mechanism, hit a bullseye on his first attempt. Then, with a laptop connected to the rifle via Wi-Fi, Sandvik invisibly altered the variable in the rifle’s ballistic calculations that accounted for the ammunition’s weight, changing it from around .4 ounces to a ludicrous 72 pounds. “You can set it to whatever crazy value you want and it will happily accept it,” says Sandvik.

Sandvik and Auger haven’t figured out why, but they’ve observed that higher ammunition weights aim a shot to the left, while lower or negative values aim it to the right. So on Auger’s next shot, Sandvik’s change of that single number in the rifle’s software made the bullet fly 2.5-feet to the left, bullseyeing an entirely different target.

The only alert a shooter might have to that hack would be a sudden jump in the scope’s view as it shifts position. But that change in view is almost indistinguishable from jostling the rifle. “Depending on how good a shooter you are, you might chalk that up to ‘I bumped it,’” says Sandvik.

The two hackers’ wireless control of the rifle doesn’t end there. Sandvik and Auger found that through the Wi-Fi connection, an attacker could also add themselves as a “root” user on the device, taking full control of its software, making permanent changes to its targeting variables, or deleting files to render the scope inoperable. If a user has set a PIN to limit other users’ access to the gun, that root attack can nonetheless gain full access and lock out the gun’s owner with a new PIN. The attacker can even disable the firing pin, a computer controlled solenoid, to prevent the gun from firing.

See also  The Top 5 Duck Decoy Companies: Enhancing Your Waterfowl Hunting Experience

One thing their attack can’t do, the two researchers point out, is cause the gun to fire unexpectedly. Thankfully TrackingPoint rifles are designed not to fire unless the trigger is manually pulled.

In a phone call with WIRED, TrackingPoint founder John McHale said that he appreciates Sandvik and Auger’s research, and that the company will work with them to develop a software update to patch the rifle’s hackable flaws as quickly as possible. When it’s ready, that update will be mailed out to customers as a USB drive, he said. But he argued that the software vulnerabilities don’t fundamentally change the gun’s safety. “The shooter’s got to pull the rifle’s trigger, and the shooter is responsible for making sure it’s pointed in a safe direction. It’s my responsibility to make sure my scope is pointed where my gun is pointing,” McHale says. “The fundamentals of shooting don’t change even if the gun is hacked.”

Previous article2020 Mathews VXR Bow Review
Next articleAlabama Turkey Season 2023: New Rules & Dates!
Ethan Smith is a seasoned marine veteran, professional blogger, witty and edgy writer, and an avid hunter. He spent a great deal of his childhood years around the Apache-Sitgreaves National Forest in Arizona. Watching active hunters practise their craft initiated him into the world of hunting and rubrics of outdoor life. He also honed his writing skills by sharing his outdoor experiences with fellow schoolmates through their high school’s magazine. Further along the way, the US Marine Corps got wind of his excellent combination of skills and sought to put them into good use by employing him as a combat correspondent. He now shares his income from this prestigious job with his wife and one kid. Read more >>