If it can be hacked, it can…

by Miles

It seems that hacking into commercial technology is all the rage these days, including the ability to hack into Tracking Points digital scope that pretty much shoots a rifle for the shooter. In a piece by Wired, a hacker couple recorded how they got into the wifi system and changed the input for the scope for variables such as bullet weight, velocity, and the zero, thus making the rifle almost useless when shooting. Although this isn’t as harmful as jacking a Jeep and causing an accident, if Tracking Point has any future with a military contract, this would put quite the damper in their works. However, the hackers seem to have gotten in touch with Tracking Point about the vulnerability, and are working with the company to fix it.

At the Black Hat hacker conference in two weeks, security researchers Runa Sandvik and Michael Auger plan to present the results of a year of work hacking a pair of $13,000 TrackingPoint self-aiming rifles. The married hacker couple have developed a set of techniques that could allow an attacker to compromise the rifle via its Wi-Fi connection and exploit vulnerabilities in its software. Their tricks can change variables in the scope’s calculations that make the rifle inexplicably miss its target, permanently disable the scope’s computer, or even prevent the gun from firing. In a demonstration for WIRED (shown in the video above), the researchers were able to dial in their changes to the scope’s targeting system so precisely that they could cause a bullet to hit a bullseye of the hacker’s choosing rather than the one chosen by the shooter.

“You can make it lie constantly to the user so they’ll always miss their shot,” says Sandvik, a former developer for the anonymity software Tor. Or the attacker can just as easily lock out the user or erase the gun’s entire file system. “If the scope is bricked, you have a six to seven thousand dollar computer you can’t use on top of a rifle that you still have to aim yourself.


But Sandvik and Auger found that they could use a chain of vulnerabilities in the rifle’s software to take control of those self-aiming functions. The first of these has to do with the Wi-Fi, which is off by default, but can be enabled so you can do things like stream a video of your shot to a laptop or iPad. When the Wi-Fi is on, the gun’s network has a default password that allows anyone within Wi-Fi range to connect to it. From there, a hacker can treat the gun as a server and access APIs to alter key variables in its targeting application. (The hacker pair were only able to find those changeable variables by dissecting one of the two rifles they worked with, using an eMMC reader to copy data from the computer’s flash storage with wires they clipped onto its circuit board pins.)


One thing their attack can’t do, the two researchers point out, is cause the gun to fire unexpectedly. Thankfully TrackingPoint rifles are designed not to fire unless the trigger is manually pulled.

Thankfully TrackingPoint rifles are designed not to fire unless the trigger is manually pulled.

In a phone call with WIRED, TrackingPoint founder John McHale said that he appreciates Sandvik and Auger’s research, and that the company will work with them to develop a software update to patch the rifle’s hackable flaws as quickly as possible. When it’s ready, that update will be mailed out to customers as a USB drive, he said. But he argued that the software vulnerabilities don’t fundamentally change the gun’s safety. “The shooter’s got to pull the rifle’s trigger, and the shooter is responsible for making sure it’s pointed in a safe direction. It’s my responsibility to make sure my scope is pointed where my gun is pointing,” McHale says. “The fundamentals of shooting don’t change even if the gun is hacked.”

They did a demonstration of everything they claimed.

I like this caption that they had for one of the pictures-

have figured out how to hack into a Tracking Point TP750 rifle to control the trajectory of the bullets fired

If these hackers figured out a way to actually control the trajectory of the rounds fired, the breakthrough in the study of physics would be quite a contribution to humanity! (I understand it is a typical press misunderstanding of firearms terminology, but can’t help and laugh)

One of the Hackers working away at the computer screen.

Infantry Marine, based in the Midwest. Specifically interested in small arms history, development, and usage within the MENA region and Central Asia. To that end, I run Silah Report, a website dedicated to analyzing small arms history and news out of MENA and Central Asia.Please feel free to get in touch with me about something I can add to a post, an error I've made, or if you just want to talk guns. I can be reached at miles@tfb.tv

More by Miles

Join the conversation
2 of 63 comments
  • Tassiebush Tassiebush on Aug 03, 2015

    I can't understand how people who are clearly smarter than average build such foreseeable flaws into thing like this.

  • Core Core on Aug 03, 2015

    Anything can be hacked. The simple solution is disabling wifi, or using a physical cable connect. Just like the old days, keep it compartmentalized. Constant on wifi uses too much energy anyway, who would want it? Bluetooth security is a joke...