TrackingPoint will be familiar to anybody following weapons research. The company sells rifles that lets you bullseye the target, every time, thanks to complex software in its scope. Critics have called it “skill-free killing,” and they’re about to have more complaints; it turns out TrackingPoint hasn’t secured its software.
A duo of hackers bought two of the rifles, tore down one, and found a series of worrying vulnerabilities. Easily the worst is the fact that if WiFi is enabled on the rifle, you can access the software using a default password. From there, the team found that the software on-board the scope will accept any variable you feed it. Tell it that a bullet weighs as much as a toddler, and it will cheerfully agree and calculate accordingly.
In turn, this allows them to manipulate a shot, skewing the bullet left or right. Or they can make themselves “root” on the Linux device easily, destroying the rifle by deleting files or permanently altering key variables. The only good news is that the WiFi connection is off by default, and somebody at least had the presence of mind to ensure the gun only fires when a user pulls the trigger.
TrackingPoint, as a company, is struggling, and only about a thousand of these rifles have been sold. That said, these vulnerabilities are especially worrying as the military has unveiled smart munitions using similar techniques. One hopes DARPA is paying at least enough attention to change the WiFi password.
(Via Wired)