Self-aiming sniper rifle can be pwned over the Internet

The $13,000 Trackingpoint sniper rifle is vulnerable to wifi-based attacks that allow your adversary to redirect bullets to new targets of their choosing.

Attackers can also brick the rifle, rendering its computer-based targeting permanently inoperable. The attack allows the adversary to gain root on the targeting system, giving them the ability to make long-lasting changes to the system that persist even when the rifle is offline, including permanently disabling the firing pin. However, networked attacks can't cause the rifle to fire — that's controlled by a mechanical system that needs a finger on the trigger.

The vulnerabilities were repeatedly reported over a period of months to the manufacturer by Runa Sandvik (from the Tor Project) and her husband, Michael Auger. They have not had any response. The company itself is undergoing "internal restructuring" and has laid off the majority of its staff, and no longer takes orders for new rifles.

Given TrackingPoint’s financial straits, Sandvik and Auger say they won’t release the full code for their exploit for fear that the company won’t have the manpower to fix its software. And with only a thousand vulnerable rifles in consumers’ hands and the hack’s limited range, it may be unlikely that anyone will actually be victimized by the attack.

But the rifles’ flaws signal a future where objects of all kinds are increasingly connected to the Internet and are vulnerable to hackers—including lethal weapons. “There are so many things with the Internet attached to them: cars, fridges, coffee machines, and now guns,” says Sandvik. “There’s a message here for TrackingPoint and other companies…when you put technology on items that haven’t had it before, you run into security challenges you haven’t thought about before.”

Hackers Can Disable a Sniper Rifle—Or Change Its Target [Andy Greenberg/Wired]