Al sinds dat bekend werd dat de smart rifles van TrackingPoing draaide op Linux, hebben we dit product (ondanks dat we verder niks met vuurwapens hebben) nauwlettend in de gaten gehouden, want: LINUX. Nu heeft het bedrijf de nodige problemen omtrent zijn productie en andere ongein, en daar komt nu bij dat hackers er in geslaagd zijn om het Targeting systeem te hacken en kunnen deze nu zo beïnvloeden dat hun het doel bepalen en niet de schutter. Wat een behoorlijk enge ontwikkeling is. Het hele artikel kan je hier lezen en hier onder een kleine stukje daar uit.

Since TrackingPoint launched in 2011, the company has sold more than a thousand of its high-end, Linux-power rifles with a self-aiming system. The scope allows you to designate a target and dial in variables like wind, temperature, and the weight of the ammunition being fired. Then, after the trigger is pulled, the computerized rifle itself chooses the exact moment to fire, activating its firing pin only when its barrel is perfectly oriented to hit the target. The result is a weapon that can allow even a gun novice to reliably hit targets from as far as a mile away.

But Sandvik and Auger found that they could use a chain of vulnerabilities in the rifle's software to take control of those self-aiming functions. The first of these has to do with the Wi-Fi, which is off by default, but can be enabled so you can do things like stream a video of your shot to a laptop or iPad. When the Wi-Fi is on, the gun's network has a default password that allows anyone within Wi-Fi range to connect to it. From there, a hacker can treat the gun as a server and access APIs to alter key variables in its targeting application. (The hacker pair were only able to find those changeable variables by dissecting one of the two rifles they worked with, using an eMMC reader to copy data from the computer's flash storage with wires they clipped onto its circuit board pins.)