Smart guns are supposed to be safer than traditional weapons. They’re designed to only fire when paired with a second piece of technology that identifies the shooter, like an electronic chip or a fingerprint.
Supporters say they could stop accidental shootings or misfires. And they’ve been lauded by law enforcement to prevent criminals from using stolen or misplaced guns.
However, like any technology, they’re not unhackable.
A hacker known by the pseudonym Plore doesn’t want to put a stop to smart guns, but he wants the firearm industry that’s increasingly manufacturing these devices to know that they can be hacked.
The model Plore hacked is called the Armatix IPI. It pairs electronically with a smart watch so that only the person wearing the watch can fire it. The devices authenticate users via radio signals, electronically talking to each other within a small range.
Plore broke the security features in three different ways, including jamming radio signals in the weapon and watch so the gun couldn’t be fired, and shooting the gun with no watch nearby by placing strong magnets next to the weapon.
“Future smart guns might use different authorization mechanisms,” Plore said. “But you’d want to make future smart guns robust against interference, intentional or unintentional, even if it doesn’t use radio signals.”
One hack involved breaking the gun’s range restrictions. The gun is only supposed to work if it’s within a foot of the watch. But Plore extended the range by using radio devices to trick the gun into thinking the watch was closer than it was.
Another hack involved stopping the gun from firing. Plore created a device that emits the same 900 megahertz frequency of the gun and watch — devices like baby monitors or cordless phones use this frequency, too. His device simulated interference, effectively confusing the gun and watch and rendering them useless.
Related: Mac malware caught silently spying on computer users
The main reason people are interested in smart guns is to ensure only the owners can control them. But it’s possible to fire the weapon without the watch around, Plore found.
The hacker placed strong magnets next to the body of the gun. That simple solution allowed the gun to be fired.
The company has not yet responded to CNN Tech’s request for comment. It previously told Wired the hacks were possible under specific situations with particular equipment.
The spokesman for Armatix also said the company was aware of the gun’s vulnerabilities.
“Our experiences with the strengths and weaknesses of the iP1 system will flow into the next generation of [the] smart gun system,”he said.
Plore is presenting his findings at the Defcon security conference this week. He says that while the instruments he used to study the problem cost thousands, the tools he created to execute the three attacks cost less than $50.
It’s not the first time magnets have been used to hack smart devices. A similar tactic was used to hack into a safe.
“You see the same mistakes repeated,” he said. “Safes and guns aren’t the same devices, but conceptually it was the same attack.”
There are many smart-gun skeptics. Two Arizona lawmakers recently said the technology is still too new and could be dangerous. The NRA has said that while it’s not against smart guns, it does not support legislative restrictions on acquiring non-smart guns.
Smart guns are not yet widespread, and the Armatix IPI was the only weapon of its type easily accessible to Plore, he said. So while it’s cheap to execute these hacks, a real-world scenario is relatively unlikely.
Plore wants to make sure manufacturers are aware of these flaws in order to make future smart guns safer.
“If you’re going to buy one, you should get what’s on the label,” he said. “You should be able to really get something that provides meaningful security.”
from Business and financial news – CNNMoney.com http://ift.tt/2tNMNlG
via IFTTT