$1500 smart gun hacked with $15 magnets

From toasters to cars and homes, everything is becoming ‘smart’. A German weapons manufacturer has decided to apply the concept to firearms, with the promise that the gun can only be fired by an authorized user, James Bond style.

The $1500 Armatix IP1 ships together with a watch – essentially an authentication token – that the user must wear for the gun to fire. Separate the two and the firearm no longer works. Smart, right? Well, at least one hacker going by the pseudonym ‘Plore’ wasn’t convinced.

Plore – who made a compelling presentation about hacking high-security electronic safe locks at Defcon last week – decided to put Armatrix’s claims to the test. Wired has him on video here.

Armed with an engineering degree and the tools to boot, Plore analyzed the watch’s RFID signature, noted the frequency on an oscilloscope, and created a more powerful RFID emitter capable of mimicking the signals. Distancing himself several feet away from the radio, Plore demonstrated how he could fire the smart gun without wearing the watch at all.

He didn’t stop there. Using a custom-built jamming device, he showed interviewers how the gun can be prevented from firing even when the user is wearing the watch. An attacker carrying such a device could, theoretically, prevent the victim from firing the weapon in defense.

Finally, he demonstrated how even the non-technical can hack the gun and fire it without the accompanying watch. With a set of $15 magnets that can be purchased online, the weapon can be tricked into releasing its safety lock, enabling anyone holding the gun to fire it without RFID authentication. Ironically, Plore discovered the dead-simple magnet hack last.

“I almost didn’t believe it had actually worked. I had to fire it again,” Plore said. “And that’s how I found out for $15 of materials you can defeat the security of this $1,500 smart gun.”

“If you buy one of these weapons thinking it’ll be safer, it should be,” the hacker added. “In this case, it was so easily defeated, in so many ways, that it really failed to live up to its side of that bargain…Misplaced trust is worse than no trust at all.”

Gun rights organizations (such as the National Rifle Association) are opposed to having “smart gun” technology mandated in the United States. In 2002, New Jersey passed a Childproof Handgun Law requiring all guns sold in the state be ‘smart’, in the sense that they would require some form of authentication.

However, for the IP1 it seems it was never meant to be. Not even in Jersey. In November 2014, John Jay Hoffman, the state’s Attorney General, released the following statement:

“After careful consideration of the iP1?s design, we have determined that it does not satisfy the statutory definition because, as a matter of design, the pistol may be fired by a person who is not an authorized or recognized user. That is, as long as the pistol is situated within 10 inches of the enabling wristwatch, it may be fired by anyone – the authorized user or any other person who is able to pull the trigger.”