Tracking Point's self-aiming rifles can be hacked
Security researchers have proved that it is possible to hack into smart self-aiming Tracking Point rifles Tracking Point

Security researchers have discovered that it is possible to hack into high-tech self-aiming sniper rifles and either disable the gun from firing or cause it to change targets, both of which could have very dangerous consequences.

Tracking Point is a Texas-based firm that specialises in precision-guided firearms (PGF) – a long-rage "smart" shooting system that helps gunmen aim and fire more accurately by correcting their aim while making allowances for environmental factors.

The TP750 rifle has its own computer running on Linux and Android and uses sensors to detect things like wind velocity and direction, compass heading and target velocity. The gun also connects to Wi-Fi networks to stream live video footage of what the shooter sees in his sights to an accompanying app.

But its smart features may lead to the product's downfall as security researchers Runa Sandvik and Michael Auger have revealed that it is possible to hack the system by exploiting security vulnerabilities found in its software and Wi-Fi connection. They intend to present the full results from their findings at the Black Hat USA 2015 conference in Las Vegas in early August.

You can mess with the gun, but not shoot it

In a video demonstration filmed with Wired, the researchers showed that they were able to jam the gun's operating system, as well as cause the rifle to miss its target, input new changes to the firearm's targeting system that cause the gun to aim incorrectly and hit a completely different target.

As it is essentially a computer on a gun, the system enables users to set a PIN code to lock other people from using the same gun. Hackers can hijack the system and lock the owner out of his gun by resetting the PIN, or disable the firing pin so that gun is prevented from firing at all.

On the plus side however, you can toy with the gun, but you cannot fire it remotely, as the gun relies on a mechanical system that has to be activated by the trigger being pulled manually.

"You can make it lie constantly to the user so they'll always miss their shot," said Sandvik, a former developer for the anonymity software Tor.

"If the scope is bricked, you have a $7,000 computer you can't use on top of a rifle that you still have to aim yourself."

However, in a combat situation, if one side was able to cause the rifles of their enemies to jam and not fire at all, this could lead to a massacre.

Gunmaker says shooters still need to take responsibility

The researchers found that the gun's Wi-Fi network has a default password that enables anyone within range to connect to it. A hacker could easily access the gun this way and then change key variables in its APIs.

Nevertheless, there are only about 1,000 of these guns in the world, and a hacker can only discover the key variables to change if they buy a rifle and dissect it as Sandvik and Auger did. They discovered the variables they needed to hack by connecting an eMMC reader to the computer using wires clipped to circuit board pins.

Tracking Point founder John McHale told Wired that his firm is keen to work with the researchers to develop a software update that can patch the security flaws they found in the gun, but he stressed that shooters need to fire the gun themselves and it is still the shooter's responsibility to check where their gun scope is aiming at before they fire.

He also says that it will be unlikely for Wi-Fi to be available in all situations, such as hunting out in wide land areas.

Auger and Sandvik argue that the hacking can be done before a Wi-Fi connection is lost, and that the changes that cause it to aim incorrectly or disable the gun from firing will still be in effect long after there is no Wi-Fi connection. Malware could even be programmed to trigger the desired malicious effect at a certain time.