Hacker cracks smart gun security to shoot it without approval

Hacker shows how he cracked a smart gun
Hacker shows how he cracked a smart gun

Smart guns are supposed to be safer than traditional weapons. They're designed to only fire when paired with a second piece of technology that identifies the shooter, like an electronic chip or a fingerprint.

Supporters say they could stop accidental shootings or misfires. And they've been lauded by law enforcement to prevent criminals from using stolen or misplaced guns.

However, like any technology, they're not unhackable.

A hacker known by the pseudonym Plore doesn't want to put a stop to smart guns, but he wants the firearm industry that's increasingly manufacturing these devices to know that they can be hacked.

The model Plore hacked is called the Armatix IPI. It pairs electronically with a smart watch so that only the person wearing the watch can fire it. The devices authenticate users via radio signals, electronically talking to each other within a small range.

Plore broke the security features in three different ways, including jamming radio signals in the weapon and watch so the gun couldn't be fired, and shooting the gun with no watch nearby by placing strong magnets next to the weapon.

"Future smart guns might use different authorization mechanisms," Plore said. "But you'd want to make future smart guns robust against interference, intentional or unintentional, even if it doesn't use radio signals."

One hack involved breaking the gun's range restrictions. The gun is only supposed to work if it's within a foot of the watch. But Plore extended the range by using radio devices to trick the gun into thinking the watch was closer than it was.

Another hack involved stopping the gun from firing. Plore created a device that emits the same 900 megahertz frequency of the gun and watch -- devices like baby monitors or cordless phones use this frequency, too. His device simulated interference, effectively confusing the gun and watch and rendering them useless.

Related: Mac malware caught silently spying on computer users

The main reason people are interested in smart guns is to ensure only the owners can control them. But it's possible to fire the weapon without the watch around, Plore found.

The hacker placed strong magnets next to the body of the gun. That simple solution allowed the gun to be fired.

Armatix does not dispute Plore's findings, but says the hack was beyond the scope of the gun's design. "[The iP1] had been focused on suppressing the ability to shoot, when a third person (e.g. a child or a normal user) accesses the weapon in the heat of the moment and tries to use it," wrote Helmut Brandtner, Amratix's managing director, in an email to CNN Tech. "There was never the demand to avoid the usage by a well prepared attacker or a skilled hacker."

Comparing the iP1 to any secure system, Brandtner added, "If you have access to a safety device for a sufficient time, you are able to modify it and probably can misuse it."

Plore is presenting his findings at the Defcon security conference this week. He says that while the instruments he used to study the problem cost thousands, the tools he created to execute the three attacks cost less than $50.

It's not the first time magnets have been used to hack smart devices. A similar tactic was used to hack into a safe.

"You see the same mistakes repeated," he said. "Safes and guns aren't the same devices, but conceptually it was the same attack."

There are many smart-gun skeptics. Two Arizona lawmakers recently said the technology is still too new and could be dangerous. The NRA has said that while it's not against smart guns, it does not support legislative restrictions on acquiring non-smart guns.

Smart guns are not yet widespread, and the Armatix IPI was the only weapon of its type easily accessible to Plore, he said. So while it's cheap to execute these hacks, a real-world scenario is relatively unlikely.

Plore wants to make sure manufacturers are aware of these flaws in order to make future smart guns safer.

"If you're going to buy one, you should get what's on the label," he said. "You should be able to really get something that provides meaningful security."

CNNMoney Sponsors