Wednesday, 29 July 2015

Hackers Can Now Remotely Attack A Gun, Change Its Target, And Lock The Owner Out

(jayRaz)

(Not the gun that was hacked. Photo: jayRaz)


Over the past few years we’ve heard a lot about the smart, connected devices that make up the internet of things. From ceiling fans to cars and cameras, they’re everywhere. Unfortunately, anything that can connect to the internet can be hacked through the internet… and now, it seems, that includes guns.

Wired has reported today on a husband and wife security team that will be presenting their newest hack at a security conference in August. Their project? They’ve spent the last year hacking a pair of sniper rifles.

The TrackingPoint self-aiming rifles come with a fully-computerized, Linux-powered scope that allows the user to designate a target, then set variables like wind, temperature, and ammunition type. When the shooter pulls the trigger, the computer takes over and chooses the specific moment to fire, only activating when the gun is perfectly aimed, Wired explains. The weapon “can allow even a gun novice to reliably hit targets from as far as a mile away.”

That is, as long as nobody’s come along on wifi and stuck their fingers in the gun’s code.

The weapon’s wifi is turned off by default, which is the good news. The bad news is, as soon as it’s turned on, it’s vulnerable. The rifle uses a default password that allows anyone in range to communicate with it. Once connected, a hacker can access the weapon’s APIs to muck around with its targeting application and other features.

(Why does a gun have wifi at all, you may ask? “So you can do things like stream a video of your shot to a laptop or iPad,” Wired explains.)

The researchers demonstrated to Wired the range of control they had remotely over the gun. By assigning new values to variables the scope tracks, they were able to completely change its targets or even to disable the gun entirely. They were also able to interfere with the gun’s security, altering the PIN a user can set to limit others’ access to lock out the owner.

Happily, they were not able to fire the rifle remotely — doing that still requires manually pulling the trigger.

The risks from this particular hack, of this particular rifle, are low. Researchers had to acquire and dismantle one of the rifles in order to discover the full extent of its vulnerabilities. The guns are luxury items that go for $13,000 apiece, Wired reports, and about a thousand have been sold. They are far from the most common firearms being purchased and carried today.

But the potential pitfalls in the category of “smart gun” are something that buyers will have to be keenly aware of going forward. Using technology to increase security features on firearms isn’t itself a bad idea — but providing insecure internet connections opens it up to a whole world of problems.

In the same way that very few people thought about the network security of their cars until last week, very few people are thinking about the default password and exploitable wifi code embedded in firearms today. The problem is larger than one gun, one phone, one printer, one car, or one camera. It’s a whole world of default passwords and poor security that consumers don’t usually even know they need to change.

Hackers Can Disable a Sniper Rifle—Or Change Its Target [Wired]


by Kate Cox via Consumerist

No comments:

Post a Comment