Wired magazine broke the story that TrackingPoint rifles can be hacked. Was it surprising? A little bit. Was it unpredictable? Not at all.
TrackingPoint is, or perhaps was, the leader in the field of Precision Guided Rifles. By using a host of meters and sensors these rifles are able to predict the flight path of bullets fired out to extreme distances, taking all of the back-of-the-napkin math out of long-range shooting.
At close ranges shooters can rely on guess work and rules of thumb but at longer ranges calculating ballistics precisely is critical to getting on target. For the level of precision TrackingPoint sought, factors including the rifle’s angle and cant, altitude, barometric pressure, and even latitude and direction were added to the calculation, to compensate for as much as possible, including the Coriolis effect.
So it’s handy to have a computer do this kind of math. In the process of building this ballistics calculator on steroids, TrackingPoint asked what else can they do? Being a computer, with the capabilities of a smartphone or tablet, they networked it.
The idea was to duplicate the image displayed in the scope on a nearby tablet, in order to assist the shooter as a spotter or trainer might, as well as add the ability to record video taken from the shooter’s viewpoint. It was through this optional, disabled-by-default connection that hackers Runa Sandvik and Michael Auger were able to alter how the PGR functioned.
“You can make it lie constantly to the user so they’ll always miss their shot,” Sandvik told Wired. By altering the pre-programmed ballistics data stored in the scope, they could shift the point of impact of the rifle.
They were able to do this remotely with a rifle that had its wireless function enabled, after a complete teardown. By clipping sensors directly to the contact points on the circuit boards they were able to read the data passing through the scope and reverse-engineer it.
In addition to having the ability to screw with the scope’s windage and elevation, they were able to “brick” it as well. One thing they couldn’t, and cannot do, is force the gun to fire. “The shooter’s got to pull the rifle’s trigger,” explained TrackingPoint chairman John McHale.
A TrackingPoint rifle can’t shoot without pulling the trigger, like any properly-functioning firearm. The electronic component of the PGR can’t take any shots unless the shooter has the scope on-target — or in this case, off-target — and then pulls the trigger.
There are two things that come out of this. First, if there are electronics involved, someone will find any exploits and take advantage of them. “There are so many things with the Internet attached to them: cars, fridges, coffee machines, and now guns,” Sandvik added. “There’s a message here for TrackingPoint and other companies … when you put technology on items that haven’t had it before, you run into security challenges you haven’t thought about before.”
The second thing is that this exploit, for all the hype, is fairly limited. While not harmless — the duo is not releasing the exploit’s code to minimize real-world damage — it’s akin to wirelessly turning the knobs on a mechanical scope. And you can only do it with one brand, assuming you’re within range, and it has its wireless function enabled.
Electronic aiming devices, guided rifles and munitions … the future of this technology will roll over this like a coin on a rail track.
There is no doubting that researchers at DARPA and ARDEC are plugging away at this technology, and that private optics manufaturers are as well. TrackingPoint is the first of many companies and organizations that will develop optics like theirs, it’s only that now, security will take a higher priority.