Last week, WIRED editor Andy Greenberg showed us how security experts Charlie Miller and Chris Valasek used a cellphone network to take over a QNX-powered Jeep.
This week, Greenberg is back with another report on security researchers Runa Sandvik and Michael Auger who have hacked into a pair of $13,000 TrackingPoint self-aiming rifles via its Wi-Fi connection.
These Wi-Fi capable computerized sniper rifles allows the shooter to live-stream or upload a video to a laptop or iPad. Vulnerabilities in the rifle’s software allowed Sandvik and Auger to use the rifle’s wireless connection to access its application program interface, where they essentially reprogrammed its targeting functions.
The researchers were able to make the rifle miss its target, disable the scope’s computer, prevent the gun from firing and even change the target system in a way that caused the shooter to hit a different target.
Fortunately, Sandvik and Auger were unable to get the gun to fire unexpectedly. TrackingPoint founder John McHale told Greenberg his company is developing a software update to patch the rifle’s flaws.
“It’s highly unlikely when a hunter is on a ranch in Texas, or on the plains of the Serengeti in Africa, that there’s a Wi-Fi Internet connection,” McHale said. “The probability of someone hiding nearby in the bush in Tanzania are very low.”
While the probability may be low, the crux of the issue should still be alarming and not smooth over the problem of internet capable products having security vulnerabilities.