By Heather Hamilton, contributing writer
The allure of a “smart” gun has long been on the minds of gun control advocates, and the mass distribution of such a product may soon be a reality. Like a phone or computer requiring users to verify their identity, these smart guns would change the way that gun control works.
Unfortunately, a hacker who goes by the name Plore will demonstrate at Defcon the critical vulnerabilities in the Armatix IP1, a German smart gun touted as ushering in a new era of gun safety, according to their website.
At a remote firing range in Colorado, Plore demonstrated to Wired magazine how he could hack the gun, which appears on a video on their website.
Armatix claims to administrate who can fire its IP1 gun by requiring the use of a compatible watch. The watch and radio signal connect via short-range radio signal only a few inches wide, and if they aren’t connected, the gun doesn’t fire. Plore can, however, extend the range of the radio signal, which allows anyone to fire the gun when it is more than 10 feet away.
Plore can also jam the gun’s signals, preventing the owner from firing it. Additionally, he can disable the locking mechanism on the gun through the use of simple magnets along the barrel, which works when the watch is nowhere to be seen.
The hacker expressed to Wired that he isn’t opposed to a smart gun requiring authentication but criticized the debate over smart guns for failing to examine the question of whether they provide the security that manufacturers promise. “If you buy one of these weapons thinking [that] it’ll be safer, it should be,” said Plore. “In this case, it was so easily defeated in so many ways that it really failed to live up to its side of that bargain. Misplaced trust is worse than no trust at all.”
Advocates for gun rights typically oppose smart guns because they believe that they’re merely an attempt to regulate other types of firearms. Plore stumbled upon such a conversation on Calguns.net, in which a poster posed the question (edited for language), “Could you imagine what the guys at Defcon could do with this?”
While Plore’s last project revolved around cracking electronic safes, he soon pursued this new challenge, and over the course of six months, he developed three escalating attacks on the IP1’s security systems.
Before using magnets, Plore tried a more technical relay attack, which Hackaday calls “one of the oldest tricks in the book.” It cost him about $20. This type of attack takes advantage of the radio-based safety mechanism, causing an RFID signal to check if the watch is present when the trigger is pulled. He could intercept the signal by placing a radio near the watch as far as 12 feet away.
Plore also hijacked the security mechanisms by building a $20 transmitter device that emitted radio ways at the same frequency as the gun and the watch, which interfered with communications from 10 to 15 feet away, jamming the gun. But going the DIY route is unnecessary: Plore explains that even a cordless phone could trigger interference. If an assailant knew that his victim carried an Armatix handgun, that person could be easily disarmed at range.
Finally, Plore looked at Armatix’s patent diagrams and found that an electromagnet moves a metal plug to unlock the firing pin after the radio signal from the watch authorizes the gun to fire. He ordered some magnets from Amazon ($15) and placed them beside the body of the gun at a certain angle, which meant that he could fire whenever. “And that’s how I found out [that,] for $15 of materials, you can defeat the security of this $1,500 smart gun,” he said.
Plore informed Armatix of the hack in early April, but they didn’t offer much of a response. Armatix spokesman Georg Jahnen told Wired that the exploit was already known by the company; it didn’t find them easy or practical to pull off. “I do not think that you have appropriate magnets with you when you act in the heat of the moment,” he said. He later conceded that Plore’s research will make smart guns safer in the future.
While Plore knows that exposing the flaws in the weapons may enable someone to act dangerously, he says that the small number makes him feel better. In the United States, many stores wouldn’t carry them because of opposition by guns rights advocates.
Plore told Wired that he hopes that this will ultimately make guns safer and free of design errors. He hopes that there is a future for smart guns — but that it is safer.
Learn more about Electronic Products Magazine