A pair of security researchers has shown that with a bit of ingenuity and a laptop computer, a TrackingPoint scope can be hacked to hit any target you want.
Researchers Runa Sandvik and Michael Auger, a married hacking couple, broke into the backend of a TrackingPoint scope. By changing several values, the pair were able to effectively shift the point of impact to their whim, all without the user’s knowledge.
Sandvik and Auger exploited the device’s Wi-Fi connection, which is normally used to stream a live video feed from the TrackingPoint scope to a nearby computer. Once inside the system, the pair forced the scope’s computer to recalculate trajectory by modifying the bullet’s weight and wind.
With two targets set up side by side, they were able to aim at one target, fire, and hit the other target. Clearly, the hackers knew the shot would be off, but in a real world scenario, the operator would have no visual indication that their system was compromised.
So how does this security flaw affect TrackingPoint scopes? According to TrackingPoint founder John McHale, not all that much. And in truth, he’s probably right. After all, the point of impact of can only be shifted so much, and most high-end snipers probably will be using a traditional scope. In addition, the scope’s Wi-Fi range isn’t that far.
Even still, McHale is already working on a patch and will be sending it out to TrackingPoint owners via a USB drive as soon as it’s completed.
“The shooter’s got to pull the rifle’s trigger, and the shooter is responsible for making sure it’s pointed in a safe direction,” said McHale. “It’s my responsibility to make sure my scope is pointed where my gun is pointing. The fundamental of shooting don’t change even if the gun is hacked.”
Sandvik warns that with the increasing rate of pairing technology to everyday items, more and more security risks will present themselves, especially when it comes to guns.
“There are so many things with the Internet attached to them: cars, fridges, coffee machines, and now guns,” said Sandvik. “There’s a message here for TrackingPoint and other companies… when you put technology on items that haven’t had it before, you run into security challenges you haven’t though about before.”