Hacking

Bypassing locking mechanisms of a smart gun with $15 worth of magnets

The hacker ‘Plore’ demonstrated that it possible to bypass security measures implemented by German manufacturer Armatix for its smart gun.

The story I’m going to tell you demonstrates how fragile could be smart objects, some times cheap and off-the-shelf devices could be used to compromise them.
This is the case of certain models of smart guns, the Armatix IP1.
The hacker who uses the moniker ‘Plore’ demonstrated that it possible to bypass security measures implemented by the German manufacturer Armatix GmbH Smart System for its smart gun.
Armatix IP1 “smart” gun is a weapon that would only fire by its owners who wears an accompanying smartwatch to be recognized.
“The IP1 purports to limit who can fire it by requiring that the shooter wear a special Armatix watch. If the gun and the watch can’t connect via a short-range radio signal that extends just a few inches, the gun won’t fire. That’s the idea, anyway. But Plore showed that he can extend the range of the watch’s radio signal, allowing anyone to fire the gun when it’s more than ten feet away. ” reads a report published by Wired.
Plore found three ways to hack into the Armatix IP1 smart gun and use it without the smartwatch.
Plore placed $15 magnets near the barrel of the gun, this simple action allowed him to bypass the security measures implemented by the smart gun Armatix IP1.

When the gun first fired without authentication “I almost didn’t believe it had actually worked. I had to fire it again,” the researcher said. “And that’s how I found out for $15 (£11.50) of materials you can defeat the security of this $1,500 (£1,150) smart gun.” said Plore.

Plore demonstrated that he was also able to jam the radio frequency band (916.5Mhz) used by the smart gun from ten feet away by using a cheap transmitter device $20 (£15).

The radio waves emitted by the transmitter device prevent the owner from firing the gun even when he is wearing the smartwatch.

“He built a $20 transmitter device that simply emits radio waves at roughly the same 900 megahertz frequency as the gun and watch, overwhelming their communications. From as far as 10 to 15 feet away, the handheld transmitter can reliably jam the gun no matter how close it is to the owner’s watch. ” continues W
ired.

Plore also bypassed the security mechanism implemented for the smart gun by using a custom-built $20 RF amplifier to extend the range of the smartwatch. When the owner squeezes the trigger, the gun sends out a signal to check whether the watch is there or not.

The researcher was able to intercept the signal sent by the smart gun to check for the presence of the watch when the owner was trying to fire. The custom device allows extending the range by up to 12 feet, an attacker could bypass the security measure wearing the watch distance.

“When the shooter squeezes the gun’s handle, it sends out an RFID signal to check if the watch is present. But Plore showed he could place one of his radio devices near the watch to intercept the signal, and relay it to another gadget as far as 12 feet away. That means the gun doesn’t need to be next to the shooter’s wrist, as intended, but can instead be held by someone else, breaking its tight identity restrictions.” reported Wired.

Evidently smart guns are not so smart.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – smart gun, hacking)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Published by
Pierluigi Paganini
Tags: Armatix IP1DEF CON 25Hackingrelay attacksmart gun
7 years ago

Recent Posts

Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug

Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…

1 hour ago

Sweden’s liquor supply severely impacted by ransomware attack on logistics company

A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …

3 hours ago

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…

14 hours ago

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…

21 hours ago

DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion in illegal transactions

The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…

21 hours ago

Google fixed critical Chrome vulnerability CVE-2024-4058

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…

1 day ago

This website uses cookies.