The Armatix IP1 is the world’s first commercially produced “smart gun,” an electronically controlled pistol. And surprise, surprise, it can be hacked. Actually, you might be impressed on how easily one hacker was able to overcome the pistol’s lockout systems.
A smart gun is a personalized firearm. Without the right authorization, the gun won’t fire. In the case of the IP1, the gun only works when the shooter is wearing a special wristwatch. Unless you hack it, of course.
One of the ways smart guns authenticate known users is with wireless electronics. These electronics vary in quality from simple RFID systems like the ones used in security tags to more robust rolling code remotes similar to car alarms.
Critics of these systems have frequently pointed out that wireless systems can be pretty easily interfered with. That’s exactly where hacker “Plore” started with the IP1.
After locating the broadcasting system built into the the IP1, Plore was able to pinpoint the broadcasting frequency of the gun’s watch detection system. With about $20 in parts, he was able to copy and boost the signal out to over 10 feet away, well outside the watch’s personal range.
Plore also succeeded at completely jamming the watch with simple breadboard electronics. He created a transmitter that runs at the same frequency as the watch and pistol which completely broke the gun and watch.
Ultimately he was able to completely bypass the security system with a few magnets. After studying the pistol’s locking mechanism Plore discovered what appears to be a simple firing pin safety.
“So essentially with $15 worth of magnets, I cracked the $1.500 smart gun.” By using magnets he was able to disengage the safety and shoot the IP1 without the watch or any other electronics.
The microcontroller inside the grip frame of the pistol controls the firing pin safety with an electromagnet. “When we squeeze the grip and pull the trigger halfway,” Plore said, “the magnet is activated.”
“However, when you take a really big external magnet that can stand in for the electrical magnet, it doesn’t matter if the gun is authorized to fire. It doesn’t even matter if the gun has batteries in it,” he added.
It would be even simpler to take out the firing pin safety altogether, forever removing the complicated electronic security system.
Safeties like these can always be messed with, altered and completely circumvented. It’s not that the quality of the electronics is in question. There isn’t a foundation for this type of security to stand on.
Still, we expect to see companies continue to promote this sort of technology as a proxy for gun control. If that’s enough to keep companies like Armatix in business, there will always be new smart guns to buy — and to hack.