ohland
08-03-2015, 03:12 PM
Folks, I shake my head... Imagine going through an airport, or a transportation terminal. Everyone goes past only a few points, making detection much easier. I dunno how long logging in as root takes, or if the scope has to be on in order to be accessed... It might not be as easy as it first appears.
How touching, it only fires manually... But if the scope is compromised, does that really matter?
http://www.wired.com/2015/07/hackers-can-disable-sniper-rifleor-change-target/
But Sandvik and Auger found that they could use a chain of vulnerabilities in the rifle’s software to take control of those self-aiming functions. The first of these has to do with the Wi-Fi, which is off by default, but can be enabled so you can do things like stream a video of your shot to a laptop or iPad. When the Wi-Fi is on, the gun’s network has a default password that allows anyone within Wi-Fi range to connect to it. From there, a hacker can treat the gun as a server and access APIs to alter key variables in its targeting application.
He also pointed out that the Wi-Fi range of the hack would limit its real-world use. “It’s highly unlikely when a hunter is on a ranch in Texas, or on the plains of the Serengeti in Africa, that there’s a Wi-Fi internet connection,” he says. “The probability of someone hiding nearby in the bush in Tanzania are very low.”
But Auger and Sandvik counter that with their attack, a hacker could alter the rifle in a way that would persist long after that Wi-Fi connection is broken. It’s even possible (although likely difficult), they suggest, to implant the gun with malware that would only take effect at a certain time or location based on querying a user’s connected phone.
How touching, it only fires manually... But if the scope is compromised, does that really matter?
http://www.wired.com/2015/07/hackers-can-disable-sniper-rifleor-change-target/
But Sandvik and Auger found that they could use a chain of vulnerabilities in the rifle’s software to take control of those self-aiming functions. The first of these has to do with the Wi-Fi, which is off by default, but can be enabled so you can do things like stream a video of your shot to a laptop or iPad. When the Wi-Fi is on, the gun’s network has a default password that allows anyone within Wi-Fi range to connect to it. From there, a hacker can treat the gun as a server and access APIs to alter key variables in its targeting application.
He also pointed out that the Wi-Fi range of the hack would limit its real-world use. “It’s highly unlikely when a hunter is on a ranch in Texas, or on the plains of the Serengeti in Africa, that there’s a Wi-Fi internet connection,” he says. “The probability of someone hiding nearby in the bush in Tanzania are very low.”
But Auger and Sandvik counter that with their attack, a hacker could alter the rifle in a way that would persist long after that Wi-Fi connection is broken. It’s even possible (although likely difficult), they suggest, to implant the gun with malware that would only take effect at a certain time or location based on querying a user’s connected phone.