Bypassing locking mechanisms of a smart gun with $15 worth of magnets

Pierluigi Paganini July 30, 2017

The hacker ‘Plore’ demonstrated that it possible to bypass security measures implemented by German manufacturer Armatix for its smart gun.

The story I’m going to tell you demonstrates how fragile could be smart objects, some times cheap and off-the-shelf devices could be used to compromise them.
This is the case of certain models of smart guns, the Armatix IP1.
The hacker who uses the moniker ‘Plore’ demonstrated that it possible to bypass security measures implemented by the German manufacturer Armatix GmbH Smart System for its smart gun.
Armatix IP1 “smart” gun is a weapon that would only fire by its owners who wears an accompanying smartwatch to be recognized.
“The IP1 purports to limit who can fire it by requiring that the shooter wear a special Armatix watch. If the gun and the watch can’t connect via a short-range radio signal that extends just a few inches, the gun won’t fire. That’s the idea, anyway. But Plore showed that he can extend the range of the watch’s radio signal, allowing anyone to fire the gun when it’s more than ten feet away. ” reads a report published by Wired.
Plore found three ways to hack into the Armatix IP1 smart gun and use it without the smartwatch.

Plore placed $15 magnets near the barrel of the gun, this simple action allowed him to bypass the security measures implemented by the smart gun Armatix IP1.

When the gun first fired without authentication “I almost didn’t believe it had actually worked. I had to fire it again,” the researcher said. “And that’s how I found out for $15 (£11.50) of materials you can defeat the security of this $1,500 (£1,150) smart gun.” said Plore.

Plore demonstrated that he was also able to jam the radio frequency band (916.5Mhz) used by the smart gun from ten feet away by using a cheap transmitter device $20 (£15).

The radio waves emitted by the transmitter device prevent the owner from firing the gun even when he is wearing the smartwatch.

“He built a $20 transmitter device that simply emits radio waves at roughly the same 900 megahertz frequency as the gun and watch, overwhelming their communications. From as far as 10 to 15 feet away, the handheld transmitter can reliably jam the gun no matter how close it is to the owner’s watch. ” continues W

Plore also bypassed the security mechanism implemented for the smart gun by using a custom-built $20 RF amplifier to extend the range of the smartwatch. When the owner squeezes the trigger, the gun sends out a signal to check whether the watch is there or not.

The researcher was able to intercept the signal sent by the smart gun to check for the presence of the watch when the owner was trying to fire. The custom device allows extending the range by up to 12 feet, an attacker could bypass the security measure wearing the watch distance.

“When the shooter squeezes the gun’s handle, it sends out an RFID signal to check if the watch is present. But Plore showed he could place one of his radio devices near the watch to intercept the signal, and relay it to another gadget as far as 12 feet away. That means the gun doesn’t need to be next to the shooter’s wrist, as intended, but can instead be held by someone else, breaking its tight identity restrictions.” reported Wired.

Evidently smart guns are not so smart.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – smart gun, hacking)

[adrotate banner=”13″]

you might also like

leave a comment