When IoT Attacks: Hacking a Linux-Powered Rifle

Presented at Black Hat USA 2015, Aug. 6, 2015, 2:30 p.m. (50 minutes).

TrackingPoint is an Austin startup known for making precision-guided firearms. These firearms ship with a tightly integrated system coupling a rifle, an ARM-powered scope running a modified version of Linux, and a linked trigger mechanism. The scope can follow targets, calculate ballistics and drastically increase its user's first shot accuracy. The scope can also record video and audio, as well as stream video to other devices using its own wireless network and mobile applications.

In this talk, we will demonstrate how the TrackingPoint long range tactical rifle works. We will discuss how we reverse engineered the scope, the firmware, and three of TrackingPoint's mobile applications. We will discuss different use cases and attack surfaces. We will also discuss the security and privacy implications of network-connected firearms.


Presenters:

  • Michael Auger
    Michael Auger is an experienced IT security specialist with extensive experience in integrating and leveraging IT security tools. He has leveraged a wide range of IT security solutions, integrating them, to deliver leading edge incident response and security operations capabilities. His 15+ year career includes: Supporting security incidents during the event and the subsequent remediation phases Implementing and managing IT security infrastructures for public and private organizations. Design and implement global SIEM infrastructure for F100 organizations Delivering training on advanced SIEM solutions and network discovery tools Presenting and publishing security articles on security vulnerabilities and best practices.
  • Runa A. Sandvik
    Runa A. Sandvik is a privacy and security researcher, working at the intersection of technology, law and policy. She regularly teaches digital security to journalists and helps media organizations improve their security posture. She is also a technical advisor to both the Freedom of the Press Foundation and the TrueCrypt Audit project. She tweets as @runasand.

Links:

Similar Presentations: