When IoT Attacks: Hacking a Linux-Powered Rifle
Let's place a computer on a gun, and give it WiFi. DefCon Response: Let's hijack it, and install our own malicious updates.
💻 Derek Ardolf
- Premise: Let's place a computer on a gun, and give it WiFi.
- DefCon Response: Let's hijack it, and install our own malicious updates.
This is one of my DefCon 23 Debriefs, from the blog archives back in 2015! If you ever have the opportunity to get your work to ship you to Defcon, take it. If you ever get the opportunity to ship yourself, don't think: just go.
- Presentation Title: When IoT Attacks: Hacking a Linux-Powered Rifle
- The Presenters: Runa Sandvik and Michael Auger
- The Twitters: @RunaSand /// @LM4K
- The YouTubes: Runa A. Sandvik
If you weren't aware, TrackingPoint creates guns that use "lock-and-launch technology found in military fighter jets in its Precision-Guided Firearms." Using a Linux OS, these guns allow for the ability to strengthen your abilities to shoot targets. Gun scopes on these can even record your hunts, and you can use the WiFi on the rifle to upload photos or view live stream feeds.
They even sell smart glasses that sync with the rifle, which "empowers you to shoot around corners and record your hunt." You know, in case what you are hunting is shooting back.
Though, something is amiss! There is currently a warning on the TrackingPoint Official Site:
Valued TrackingPoint Community,
Wired Magazine recently reported that information security consultants discovered software vulnerabilities in TrackingPoint guns. We are working with the consultants to verify their assessment and will provide you with a software update if necessary. Until then, please note the following: Since your gun does not have the ability to connect to the internet, the gun can only be compromised if the hacker is actually physically with you. You can continue to use WiFi (to download photos or connect to ShotView) if you are confident no hackers are within 100 feet.
We will keep you updated, and hope you continue to have exhilarating TrackingPoint shooting experiences!
In addition to articles out there, like the one linked above for Wired magazine (which has a nice video), Runa also posted a link to her slides and links to a good handful of YouTube videos.
Some YouTube Demos by Runa:
💻 Derek Ardolf
Person on the Internet that wants to connect to your Second Brain || Automate and document all the things! Docs-as-Code / DevOps / AWS / Python