Hacking smart TrackingPoint sniper rifle can make it fire at the wrong target

29 Jul 2015

A Tracking Point smart sniper rifle. Image via Tracking Point

As if a smart sniper rifle that allows anyone to become a skilled marksman through laser guidance wasn’t terrifying enough, a team of security researchers has shown that one of the world’s most advanced rifles can be hacked to shoot the wrong target.

The concept of a smart sniper rifle has been in the works for a number of years now and threatens to either eradicate the need for the skill of marksmanship perfected over the decades, or turn snipers into programmers.

However, the recent findings by security researchers Runa Sandvik and Michael Auger, who analysed the vulnerability of the TrackingPoint TP750 rifle valued at US$13,000, showed that a relatively simple Wi-Fi hack can turn it into an altogether more deadly weapon.

According to Wired, the user of the TrackingPoint rifle is able to use a smart scope, which uses laser precision to tell the person firing the gun when they are in line for a perfect shot, but is also Wi-Fi enabled so as to be socially connected and stream footage from the scope to a nearby device.

With the Wi-Fi capability of the rifle switched on, Sandvik and Auger were able to use the fact that any devices within range of the rifle could be connected, but using their own code were able to go deeper into the rifle’s network and, through APIs, target the rifle’s targeting parameters.

Can make the marksman shoot an entirely different target

These targeting parameters include variables like the weight of the rifle’s ammunition or the current wind speed, which the pair found could be altered with the change of a simple numerical value.

So, for example, they showed how changing the weight of a bullet in the rifle’s system from 11g to 32kg made it miss its target by 2.5m. hitting the bullseye of a completely different target.

Further examination of their code shows that if the hacker of the rifle wanted to it could effectively take over total control of its capabilities, rendering it useless or permanently changing its targeting parameters.

As manufacturers of the rifle, TrackingPoint has refuted suggestions that there is any issue with the rifle following the discovery, and while a patch for the software has been administered its founder John McHale said there was little likelihood of the rifle being made vulnerable through Wi-Fi in the open world.

Meanwhile, the security researchers’ retort says that, contrary to this dismissal, it’s still possible to upload a virus for a timed activation, but this would be quite difficult.

Colm Gorey was a senior journalist with Silicon Republic