Published Date: 2015-07-29
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident happened in July 2015. [37995, 38012] |
| System | 1. TrackingPoint TP750 rifle's network system with default password [38968, 37995, 38012] 2. TrackingPoint TP750 rifle's targeting system [38968, 37995, 38012] 3. TrackingPoint TP750 rifle's software vulnerabilities [37995, 38012] |
| Responsible Organization | 1. Hackers Runa Sandvik and Michael Auger were responsible for causing the software failure incident by exploiting vulnerabilities in the TrackingPoint TP750 rifle's software and network connection [38968, 37995, 38012]. |
| Impacted Organization | 1. TrackingPoint - The software failure incident impacted TrackingPoint, the company that manufactures the smart rifles with computer-guided scopes that were vulnerable to being hacked [37995, 38012]. 2. Users of the TrackingPoint TP750 rifle - Users of the TrackingPoint TP750 rifle were impacted as the software vulnerability allowed hackers to take control of the rifle, change targets, disable the scope, and potentially make long-lasting changes to the gun's targeting system [37995, 38012]. |
| Software Causes | 1. The software failure incident was caused by the default password in the rifle's network, allowing hackers to gain access to the gun's targeting system and change where the gun will aim [38968, 37995, 38012]. 2. Vulnerabilities in the rifle's software, particularly related to the Wi-Fi connection, allowed hackers to exploit the system, alter key variables in its targeting application, and take control of the self-aiming functions [37995, 38012]. 3. The software flaw allowed hackers to change variables in the scope's calculations, causing the rifle to miss its target, disable the scope's computer, or prevent the gun from firing [37995, 38012]. 4. The software vulnerability enabled hackers to make the rifle aim at a different target chosen by the hacker, rather than the one chosen by the shooter [37995, 38012]. 5. The software issue allowed hackers to add themselves as a "root" user on the device, taking full control of its software, making permanent changes to its targeting variables, or rendering the scope inoperable [37995]. 6. The software flaw also allowed hackers to disable the firing pin, a computer-controlled solenoid, to prevent the gun from firing [37995]. 7. The software vulnerability was exploited by the researchers to demonstrate how they could change the target by feeding inaccurate data to the targeting computer, without the gun firing unless the trigger was manually pulled by the shooter [38012]. |
| Non-software Causes | 1. The default password on the gun's network allowed anyone within Wi-Fi range to connect to it, leading to potential exploitation by hackers [#37995, #38012]. 2. The vulnerability required physical access to the gun to take advantage of the exploit, as the hacker must be in close range of the gun to manipulate its targeting system [#38968]. 3. The financial difficulties faced by the company, TrackingPoint, which led to layoffs, CEO changes, and the cessation of new orders for rifles, may have impacted the response to the security vulnerability [#37995]. |
| Impacts | 1. The software failure incident allowed hackers to exploit the wireless connection of TrackingPoint rifles, enabling them to change targets or prevent the gun from shooting altogether [38968, 37995, 38012]. 2. The vulnerability in the rifle's software allowed hackers to alter the gun's targeting system, causing it to miss its intended target or hit a different target chosen by the hacker [38968, 37995, 38012]. 3. The hackers were able to take control of the rifle remotely, changing variables in the scope's calculations that made the rifle miss its target, disable the scope's computer, or prevent the gun from firing [37995, 38012]. 4. The incident highlighted security flaws in the rifles, leading to concerns about the safety and reliability of computer-aided weapons [37995, 38012]. 5. The software vulnerability raised questions about the security of smart guns and the potential risks associated with connecting lethal weapons to the internet [37995, 38012]. |
| Preventions | 1. Implementing strong security measures such as unique and complex passwords instead of default passwords for the rifle's network access could have prevented the software failure incident [38968, 37995, 38012]. 2. Regularly updating and patching the software to fix vulnerabilities identified by security researchers could have prevented the exploit of the rifle's targeting system [38968, 37995, 38012]. 3. Conducting thorough security testing and audits of the software to identify and address potential weaknesses before the product is released to customers could have prevented the hack [38968, 37995, 38012]. 4. Limiting the access and control that external devices or connections have over critical functions of the rifle's software could have prevented unauthorized manipulation of the targeting system [38968, 37995, 38012]. 5. Ensuring prompt and effective communication and collaboration with security researchers who identify vulnerabilities in the software to quickly develop and deploy necessary security updates could have prevented the exploit from being used maliciously [38968, 37995, 38012]. |
| Fixes | 1. Providing a software update to address the vulnerabilities in the rifle's software, particularly related to the default password and network security issues [38968, 37995, 38012]. 2. Developing a patch to fix the hackable flaws in the rifle's software and prevent unauthorized access and control of the weapon [37995, 38012]. 3. Implementing security measures to prevent unauthorized access to the gun's targeting system, such as changing default passwords and enhancing network security protocols [38968, 37995, 38012]. | References | 1. Security researchers Runa Sandvik and Michael Auger [38968, 37995, 38012] 2. TrackingPoint company [38968, 37995, 38012] 3. Wired [37995, 38012] 4. Black Hat USA and DEF CON cybersecurity conferences [38968] 5. The U.S. military's experimental branch DARPA [38968] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization | (a) The software failure incident related to the hack of TrackingPoint rifles has happened again within the same organization. Security researchers Runa Sandvik and Michael Auger presented their research on hacking TrackingPoint rifles at the Black Hat USA and DEF CON cybersecurity conferences in Las Vegas [38968]. They demonstrated how the rifles' Wi-Fi connection and default password could be exploited to change targets, prevent firing, or disable the scope completely. The researchers worked on two TrackingPoint self-aiming rifles for a year, showing vulnerabilities in the rifles' software [37995]. The incident highlighted security flaws in the rifles, and the researchers have been in touch with TrackingPoint to address the vulnerability [38012]. (b) The software failure incident related to the hack of TrackingPoint rifles has not been reported to have happened at other organizations or with their products and services. The focus of the articles was on the specific vulnerabilities found in TrackingPoint rifles and the research conducted by Sandvik and Auger on these rifles [38968, 37995, 38012]. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident related to the design phase is evident in the articles. The incident occurred due to vulnerabilities introduced during the development of the TrackingPoint self-aiming rifles. Security researchers discovered that the rifles had a default password for the Wi-Fi connection, allowing hackers to exploit the system and change the gun's target or disable it completely [Article 37995]. The researchers were able to access the rifle's targeting system by dissecting it and accessing the digital storage system, demonstrating how they could alter the target chosen by the shooter [Article 38968]. (b) The software failure incident related to the operation phase is also present in the articles. The incident involved the misuse of the TrackingPoint rifles' Wi-Fi connection, which allowed hackers to remotely take control of the rifles and manipulate their targeting systems. The hackers could change variables in the scope's calculations, causing the rifle to miss its target, prevent it from firing, or disable the scope entirely [Article 38012]. The attack required the Wi-Fi connection to be active, and the hackers could even add themselves as a "root" user on the device, gaining full control over its software and targeting variables [Article 37995]. |
| Boundary (Internal/External) | within_system, outside_system | (a) within_system: - The software failure incident in the articles is primarily within the system. The failure occurred due to vulnerabilities in the software of the TrackingPoint self-aiming rifles, specifically related to the Wi-Fi connection and default password allowing hackers to access and manipulate the targeting system [37995, 38012]. - The security researchers were able to exploit these vulnerabilities to change variables in the scope's calculations, causing the rifle to miss its target, disable the scope's computer, or prevent the gun from firing [37995, 38012]. - The hackers demonstrated that they could take control of the self-aiming functions of the rifle by accessing APIs through the Wi-Fi connection and altering key variables in the targeting application [37995]. - The software vulnerabilities allowed the hackers to make precise changes to the targeting system, causing the gun to hit a bullseye chosen by the hacker instead of the shooter's intended target [37995]. - The researchers were also able to add themselves as a "root" user on the device through the Wi-Fi connection, gaining full control of the software and making permanent changes to the targeting variables [38012]. (b) outside_system: - The software failure incident also involved factors originating from outside the system. For example, the vulnerability required the hacker to be in close range of the gun to take advantage of the exploit [38968]. - The likelihood of the vulnerability being used to harm someone in the real world was considered limited, as the hack required a lot of research and the gun was not widely used [38968]. - The company, TrackingPoint, mentioned that the Wi-Fi range of the hack would limit its real-world use, as it is unlikely for a hunter to have a Wi-Fi internet connection in remote locations [38012]. - The company also stated that the fundamentals of shooting, where the shooter must manually pull the trigger, remain unchanged even if the gun is hacked [38012]. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident occurring due to non-human actions: - In the case of the TrackingPoint TP750 rifle, the software failure incident was due to a vulnerability in the rifle's network that allowed a hacker to exploit the wireless connection and change the gun's target or prevent it from shooting altogether. This vulnerability was related to the default password in the rifle's network, which could be accessed by a nearby bad actor [38968, 37995, 38012]. (b) The software failure incident occurring due to human actions: - The software failure incident in the TrackingPoint TP750 rifle was also influenced by human actions, specifically by security researchers Runa Sandvik and Michael Auger who demonstrated how they could hack the rifle via its Wi-Fi connection and exploit vulnerabilities in its software. They were able to alter the rifle's targeting system, causing it to miss its target, disable the scope's computer, or prevent the gun from firing. The researchers actively worked on finding and exploiting these vulnerabilities [37995, 38012]. |
| Dimension (Hardware/Software) | hardware, software | (a) The software failure incident occurring due to hardware: - The software failure incident involving the TrackingPoint TP750 rifle was due to a vulnerability in the hardware, specifically the rifle's network system with a default password that allowed hackers to gain access and change the gun's targeting system [#, #]. - The researchers were able to exploit vulnerabilities in the rifle's software by dissecting the rifle and accessing its digital storage system, indicating a hardware-related vulnerability [#, #]. - The hack required physical access to the gun to make it hit a different target, showcasing a hardware-related aspect of the vulnerability [#, #]. (b) The software failure incident occurring due to software: - The software failure incident was primarily caused by vulnerabilities in the software of the TrackingPoint TP750 rifle, such as the default password in the network system that allowed hackers to access and manipulate the gun's targeting system [#, #]. - The researchers were able to alter the rifle's targeting system by changing variables in the scope's calculations, indicating a software-related vulnerability [#, #]. - The hack involved exploiting the software vulnerabilities to control the rifle remotely, change targets, or disable the weapon completely, highlighting the software-related nature of the incident [#, #]. |
| Objective (Malicious/Non-malicious) | malicious, non-malicious | (a) The software failure incident in the articles is malicious in nature. Security researchers Runa Sandvik and Michael Auger demonstrated how they could exploit vulnerabilities in the TrackingPoint self-aiming rifles via their Wi-Fi connection to change variables in the scope's calculations, causing the rifle to miss its target, disable the scope's computer, or prevent the gun from firing [37995, 38012]. They were able to alter the rifle's targeting system to hit a bullseye chosen by the hacker instead of the one chosen by the shooter, showcasing the potential for malicious manipulation of the system [37995]. The researchers also found that through the Wi-Fi connection, an attacker could add themselves as a "root" user on the device, taking full control of its software, making permanent changes to its targeting variables, or even disabling the firing pin to prevent the gun from firing [37995]. (b) The software failure incident is non-malicious in the sense that the vulnerabilities exploited by the researchers were not intentionally introduced to harm the system. The default password for the gun's network, which allowed hackers to gain access to the targeting system, was a contributing factor that was not designed with malicious intent [37995, 38012]. Additionally, TrackingPoint founder John McHale mentioned that the company appreciates the researchers' work and will work on developing a software update to patch the vulnerabilities, indicating a non-malicious response to the identified security flaws [38012]. |
| Intent (Poor/Accidental Decisions) | poor_decisions, accidental_decisions | (a) The intent of the software failure incident was due to poor decisions made in the design and implementation of the software system. The incident involved the TrackingPoint TP750 rifle, which had a default password for its network that could be exploited by hackers to change targets or disable the gun from shooting [38968, 37995, 38012]. The default password vulnerability allowed nearby individuals to gain access to the gun's targeting system and manipulate where the gun would aim, potentially causing it to miss the intended target or hit a different target chosen by the hacker [38968, 37995, 38012]. Additionally, the researchers were able to alter the gun's target by accessing the system's digital storage system, highlighting a significant security flaw in the rifle's design [38968, 37995, 38012]. (b) The software failure incident was also a result of accidental decisions or unintended consequences. The security researchers, Runa Sandvik and Michael Auger, discovered vulnerabilities in the TrackingPoint rifles' software that allowed them to compromise the rifles via their Wi-Fi connection and exploit weaknesses in the software [37995, 38012]. The researchers demonstrated that by manipulating variables in the scope's calculations, they could cause the rifle to miss its target, disable the scope's computer, or prevent the gun from firing altogether [37995, 38012]. These unintended consequences of the software vulnerabilities showcased how accidental decisions or design flaws could lead to significant security risks in the smart rifles [37995, 38012]. |
| Capability (Incompetence/Accidental) | development_incompetence, accidental | (a) The software failure incident in the articles can be attributed to development incompetence. Security researchers Runa Sandvik and Michael Auger discovered vulnerabilities in the TrackingPoint TP750 rifle's software that allowed them to exploit the Wi-Fi connection and manipulate the gun's targeting system [38968, 37995, 38012]. The researchers were able to change variables in the scope's calculations, causing the rifle to miss its target, disable the scope's computer, or prevent the gun from firing altogether. They were also able to alter the gun's targeting system by loading custom software onto it, showcasing the lack of robust security measures in the rifle's design. This incident highlights the potential risks associated with integrating computers into firearms without adequate security measures in place. (b) The software failure incident can also be considered accidental. The vulnerabilities exploited by the researchers were not intentional design choices but rather unintended weaknesses in the software and network configuration of the TrackingPoint TP750 rifle [38968, 37995, 38012]. The default password for the rifle's network, the ability to access APIs to alter targeting variables, and the lack of secure authentication mechanisms all contributed to the accidental exposure of the rifle to potential hacking. The hackers were able to manipulate the rifle's targeting system without the shooter's knowledge, demonstrating how accidental flaws in the software can lead to unauthorized control over critical functions of the firearm. |
| Duration | temporary | The software failure incident described in the articles can be categorized as a temporary failure. The security researchers were able to exploit vulnerabilities in the TrackingPoint rifles' software through the Wi-Fi connection, allowing them to change variables in the scope's calculations, causing the rifle to miss its target, disable the scope's computer, or prevent the gun from firing. However, the hackers were not able to make the gun fire without the trigger being pulled by the shooter [Article 37995]. The vulnerabilities in the software were demonstrated by the researchers at a firing range, showing how they could change the target by feeding inaccurate data to the targeting computer, but the gun would not fire without the shooter pulling the trigger [Article 38012]. |
| Behaviour | crash, value, other | (a) crash: Failure due to system losing state and not performing any of its intended functions - The software failure incident in the articles can be categorized as a crash as the hackers were able to exploit vulnerabilities in the TrackingPoint self-aiming rifles' software to cause the rifle to miss its target, disable the scope's computer, or prevent the gun from firing altogether [37995]. - The researchers were able to demonstrate how their techniques could cause the rifle to miss its target, disable the scope, or prevent firing, indicating a crash in the system's intended functions [38012]. (b) omission: Failure due to system omitting to perform its intended functions at an instance(s) - The software failure incident does not specifically mention any instances where the system omitted to perform its intended functions at an instance(s). (c) timing: Failure due to system performing its intended functions correctly, but too late or too early - The software failure incident does not involve any issues related to the timing of the system's functions. (d) value: Failure due to system performing its intended functions incorrectly - The software failure incident can be classified as a value failure as the hackers were able to alter the rifle's targeting system to hit a different target chosen by the hacker instead of the one chosen by the shooter [37995]. (e) byzantine: Failure due to system behaving erroneously with inconsistent responses and interactions - The software failure incident does not exhibit characteristics of a byzantine failure. (f) other: Failure due to system behaving in a way not described in the (a to e) options - The other behavior exhibited in the software failure incident is the ability of the hackers to take control of the rifle remotely, change its target, disable the weapon, and even make the rifle hit a bullseye chosen by the hacker instead of the shooter [37995]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | sensor, network_communication, embedded_software | (a) sensor: Failure due to contributing factors introduced by sensor error - The software failure incident was related to the sensor layer of the cyber physical system. The failure was due to the vulnerability in the rifle's network, specifically the wireless connection that could be exploited by hackers to change targets or stop the gun from shooting altogether. This vulnerability was related to the default password in the rifle's network, allowing unauthorized access to the gun's targeting system [38968, 37995, 38012]. (d) network_communication: Failure due to contributing factors introduced by network communication error - The failure was also related to the network communication layer of the cyber physical system. The vulnerability exploited by the hackers involved the Wi-Fi connection of the smart rifle, which had a default password that allowed anyone within Wi-Fi range to connect to it. This network communication flaw enabled the hackers to access the rifle's targeting application and alter key variables in its targeting system [37995, 38012]. (e) embedded_software: Failure due to contributing factors introduced by embedded software error - Additionally, the software failure incident was related to the embedded software layer of the cyber physical system. The hackers were able to take control of the self-aiming functions of the rifle by exploiting vulnerabilities in the rifle's software. They were able to change variables in the scope's calculations, causing the rifle to miss its target, disable the scope's computer, or prevent the gun from firing. This manipulation was achieved by altering the software of the rifle's targeting system [37995, 38012]. |
| Communication | link_level, connectivity_level | The software failure incident reported in the articles is related to the communication layer of the cyber physical system that failed at the connectivity_level. The failure was due to vulnerabilities in the Wi-Fi connection of the TrackingPoint self-aiming rifles, which allowed hackers to exploit the network and access the targeting system of the rifles remotely. The default password for the Wi-Fi connection enabled anyone within range to connect to the gun and manipulate its targeting variables, leading to scenarios where the gun could miss its target, be disabled, or have its scope completely compromised [Article 37995, Article 38012]. |
| Application | TRUE | The software failure incident described in the articles was related to the application layer of the cyber physical system. This failure was due to contributing factors introduced by bugs, operating system errors, unhandled exceptions, and incorrect usage. The failure in this case was related to the application layer as security researchers were able to exploit vulnerabilities in the software of TrackingPoint's self-aiming rifles. They were able to compromise the rifles via their Wi-Fi connection and exploit vulnerabilities in the software, allowing them to change variables in the scope's calculations, causing the rifle to miss its target, disable the scope's computer, or prevent the gun from firing [Article 37995]. Additionally, the hackers were able to take control of the rifle using its default password and manipulate the rifle's targeting system by altering key variables in its targeting application. They were able to change the target by feeding inaccurate data to the targeting computer, demonstrating the vulnerability at a firing range [Article 38012]. Therefore, the software failure incident described in the articles was indeed related to the application layer of the cyber physical system, as it involved exploiting software vulnerabilities to manipulate the rifle's targeting system and functionality. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | property, non-human, theoretical_consequence | (a) death: People lost their lives due to the software failure - There is no mention of people losing their lives due to the software failure incident in the articles [38968, 37995, 38012]. (b) harm: People were physically harmed due to the software failure - There is no mention of people being physically harmed due to the software failure incident in the articles [38968, 37995, 38012]. (c) basic: People's access to food or shelter was impacted because of the software failure - There is no mention of people's access to food or shelter being impacted due to the software failure incident in the articles [38968, 37995, 38012]. (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident impacted the TrackingPoint TP750 rifles, which are high-end rifles with a self-aiming system. The hackers were able to take control of the rifles, change targets, disable the scope, and even prevent the gun from firing [37995, 38012]. (e) delay: People had to postpone an activity due to the software failure - There is no mention of people having to postpone an activity due to the software failure incident in the articles [38968, 37995, 38012]. (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident impacted the TrackingPoint TP750 rifles, which are computerized weapons with self-aiming capabilities. The hackers were able to exploit vulnerabilities in the rifles' software, change targets, and disable the scope [37995, 38012]. (g) no_consequence: There were no real observed consequences of the software failure - The software failure incident had real observed consequences related to the security vulnerabilities in the TrackingPoint TP750 rifles, as hackers were able to take control of the rifles and manipulate their targeting systems [37995, 38012]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The potential consequences discussed include the ability for a hacker to make the gun shoot on its own, implant malware for future effects, and persistently alter the rifle even after the Wi-Fi connection is broken [37995, 38012]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - There are no other consequences of the software failure incident mentioned in the articles [38968, 37995, 38012]. |
| Domain | information, finance, government | (a) The failed system was related to the information industry as it involved the production and distribution of information. The software failure incident involved TrackingPoint rifles that use computers to give shooters perfect aim, featuring a scope with a wireless connection for streaming videos of shots to devices [38968, 37995, 38012]. (h) The incident also had implications for the finance industry as TrackingPoint, the company behind the smart rifles, faced financial difficulties and had to stop accepting orders due to financial problems [37995, 38012]. (m) The incident could also be related to the defense industry as the smart rifles were acquired by the US army for testing, indicating a connection to defense and military applications [38012]. |
Article ID: 38968
Article ID: 37995
Article ID: 38012