A new hardware hack could alter the intended path of a high-power rifle’s bullet.
Runa Sandvik and Michael Auger, a married pair of computer security experts, have successfully used their skills to access and fundamentally alter how one type of Wi-Fi-enabled hunting rifle operates. In the hack, Sandvik and Auger demonstrate how it is possible to tinker with a rifle’s ammunition weight data in order to shoot something other than the intended target. For this to happen, the gun must within range (pun intended?) of a Wi-Fi network.
A demonstration of this hack at a West Virginia firing range saw Sandvik and Auger fire the demo gun normally once before changing its ammo weight variable to (a preposterous) 72 pounds in order to hit a bullseye 2.5 feet away from the bullet’s original mark.
This vulnerability enables other destructive scenarios too: malicious actors might gain root access control of the weapon, where they could make permanent changes to a Linux-powered device’s targeting variables. They could also delete essential files, rendering the gun’s electronics completely unusable, or even lock out the rightful owner from using the weapon by creating a new PIN code.
Importantly, the couple’s hack does not enable them to remotely fire the gun. To do so is still only possible with the manual press of a finger on the trigger. It’s this simple fact that has TrackingPoint CEO John McHale ultimately unworried about the vulnerability his product—Sandvik and Auger conducted their experiments by buying two of his company’s TP750 models.
Sandvik and Auger tried repeatedly to contact the company with news of their discoveries, but it wasn’t until they told Wired their story that the company responded. “The shooter’s got to pull the rifle’s trigger, and the shooter is responsible for making sure it’s pointed in a safe direction,” said McHale. “It’s my responsibility to make sure my scope is pointed where my gun is pointing. The fundamentals of shooting don’t change even if the gun is hacked.”
TrackingPoint is collaborating with Sandvik and Auger on a patch to repair these vulnerabilities. All TrackingPoint customers using susceptible hardware will be able to update their gun with free software to be mailed to them on USB thumbdrives.