LAS VEGAS -- Computers are showing up in everything from coffee makers to cars -- and now even guns.
But that wireless connection can also be exploited by a hacker to make the TrackingPoint TP750 rifle change targets or stop it from shooting all together, according to security researchers Runa Sandvik and Michael Auger.
The married duo is presenting their research, first reported on by Wired, at the Black Hat USA and DEF CON cybersecurity conferences in Las Vegas this week.
TrackingPoint has said that it is attempting to verify the researchers' conclusions. It "will provide you with a software update if necessary," according to a statement posted to its Web site. Auger said the pair is working with the company on a fix.
The problem, the researchers say, is that the rifle's network comes with a default password. That could allow a nearby bad guy to gain access to the gun's targeting system and change where the gun will aim, according to the researchers. Getting the gun to miss its intended target could be as simple as changing the wind and temperature setting by using the company's own app, the researchers say.
But getting the gun to hit a different target, not just miss the shooter's mark, required more work: The researchers said they had to take the gun apart and access the system's digital storage system. In a video demonstration for Wired, the duo was able to change the gun's target -- hitting a bullseye chosen by the person on the computer instead of the one chosen by the shooter.
There are some limits to the vulnerability: First, the hacker must be in close range of the gun to take advantage of the exploit.
"You can continue to use WiFi (to download photos or connect to ShotView) if you are confident no hackers are within 100 feet," TrackingPoint said in its statement.
And, the researchers said, they were not able to make the gun shoot on their own. While they could alter the target, the shooter still needed to pull the trigger. Sandvik and Auger also said they found a way to load custom software onto the gun, potentially enabling them to make long-lasting changes to the gun's targeting system.
But "TrackingPoint did take security into account when they designed this," said Sandvik. For instance, she said that the company tried to limit what customers could do with the rifle, including disabling its USB ports while the system boots up so hackers couldn't hijack the system during that process.
The likelihood of the vulnerability being used to harm someone in the real world is limited, Auger acknowledged, noting that the hack requires a lot of research and that the gun is not widely used.
It is also unclear whether TrackingPoint is still selling the high-tech rifle. Earlier this year, the company's Web site included a banner that said it would no longer be accepting orders due "to financial difficulty." Product pages currently feature a phone number for placing an order, but no one picked up when The Washington Post called.
The company also did not immediately respond to an e-mailed inquiry about the security vulnerability research by press time.
The hack may serve as a sort of warning as more and more weaponry gets taken over by computers. For example, the U.S. military's experimental branch DARPA has a program, Extreme Accuracy Tasked Ordinance or EXACTO, that's developing things like self-steering bullets.