Smart gun security cracked in a proof-of-concept hack

Security / Tech

Plore made it very clear that he wasn’t looking to stop the production of smart guns. He simply wanted to show that current implementations are definitely not without their problems.

Guns are in the news here in America far too often. No matter what the news may be, we hear about guns used inappropriately far too often. A recent implementation meant to decrease accidental firing and un-approved use is the smart gun. These guns require a second form of authentication, whether it be from a separate watch that talks to the gun, or a fingerprint scan on the gun itself. While this is a great step in an attempt to reduce gun violence, it’s still relatively new technology. Smart Gun security is definitely not completely secure, as a hacker was recently able to override the security of one particular gun. The hacker, who goes by “Plore” was able to fire the weapon without its requisite authentication, as well as render the entire system inert and unable to fire.

Plore made it very clear that he wasn’t looking to stop the production of smart guns. He simply wanted to show that current implementations are definitely not without their problems. In the test, Plore used an Armatix IPI, which requires its companion watch to be within a foot of the gun in order to fire. Plore was able to get around this limitation by simply using a strong magnet. The gun fired without issue (and without the companion watch) when a strong magnet was held up to the body of the gun. That was the most basic avenue taken, though Plore was able to circumvent the security in two other ways. Next, he jammed the gun’s radio signals, which allowed it to be fired without the companion watch. Finally, he created a low frequency interference, which blocked both the gun and the watch, preventing the gun from firing. The frequency emitted was 900mHz, the same frequency used by baby monitors and other household electronics, making it easy to see how that failure could be a problem in some cases.

Plore is presenting his findings at the Defcon security conference this week. Though his research and the tools he used to discover these weaknesses were rather costly, he mentions that the actual tools needed to crack the gun cost less than $50 USD. Armatix Managing Director Helmut Brandtner responded to CNN’s request for comment, but basically dismissed Plore’s findings as out of scope:

[The iP1] had been focused on suppressing the ability to shoot, when a third person (e.g. a child or a normal user) accesses the weapon in the heat of the moment and tries to use it. There was never the demand to avoid the usage by a well prepared attacker or a skilled hacker. If you have access to a safety device for a sufficient time, you are able to modify it and probably can misuse it.

Sure, I can see how a company might not expect for their guns to be used inappropriately, but clearly that has already been happening. If a $5 magnet can render the security on your smart gun useless, you may need to strengthen the security of your smart gun.

What do you think about smart guns? Should companies make every effort to keep them truly secure? Or is this type of hacking far enough outside of the standard use cases to not be a problem? Let us know in the comments below or on Google+, Twitter, or Facebook.

  Source: CNN
Comments
To Top