TrackingPoint has been out for a little while now, and we had a chance to play with one of the rifles at SHOT Show 2015. Well, it just recently came back in the news when a couple of computer security researchers got in the news for being able to hack one and cause problems with its ballistic calculations.
Surprise surprise, the mainstream media vastly overstated the problems and dolled up the story to get maximum shock value out of it. Want to know what the real deal is? Let us explain…
PLEASE NOTE THESE IMPORTANT CORRECTIONS:
While the investigators did have to disassemble the rifle to identify the vulnerabilities later exploited, the tools they put together will work on any TrackingPoint firearm (disassembled or not) as long as the wifi is on.
As for the custom software update; it can be uploaded it to any TrackingPoint firearm as long as the wifi is on and the attacker is within range as the scope does not authenticate the connection.
Lastly, modifying the OS is not required to gain shell access; they found remote code execution as well.
In summary: Ephemeral changes (ballistic data, wind, etc) can be set by an attacker if they are on the wifi network without a modified OS.
Perpetual changes (which will continue to exist even after a reboot) can be done by uploading a modified version of the scope OS and pushing that modified version of that OS does not require the user to “accept” the upgrade, and there’s a good chance that they may not notice it occurring.
The original presenter’s slide deck, videos and information about the disclosure timeline can be found here: