Hacker unlocks a ‘secure’ smart gun with $15 magnets

For all its technology and security, this $1,500 smart gun was felled by a shockingly simple thing: a cheap set of magnets.

As gun violence rates continue to rise, some safety advocates have turned to technology to help solve tragedies like shooting accidents and stolen weapons. The latest answer has been a smart gun, which could be tracked and locked remotely if it were ever in the wrong hands. But like all technology, it turns out even guns can be hacked.

The latest example is the IP1, a smart gun from German manufacturer Armatix, which marketed itself as the first smart gun to be sold. Released in 2014, the weapon boasts a smart lock on the pistol that the company says will not fire unless it is in range of a special watch that transmits a radio signal to unlock the gun.

The radio signal is supposed to communicate with a firing pin lock, which releases when it receives a security token from the watch.

That is until a hacker known as "Plore" found a way to shoot the gun without needing the watch, essentially turning the firearm back into a regular pistol.

Plore talked about how he did it at Defcon, the massive gathering of hackers from around the world held in Las Vegas this week.

It turns out, he said, that all it took was three magnets, a piece of wood and a screw to trick this smart gun. The crowd gathered to see his surprisingly low-tech hack responded with a roar of laughter. 

"I know what you're thinking: 'Fucking magnets, how do they work?,'" Plore said during his presentation. 

The answer is diabolically simple, but first the back story.

When he was surfing the web in 2015, Plore saw a post criticizing the Armatix and asking what hackers from Defcon would be able to do to it. He saw it as a challenge and got his hands on the connected firearm.

Originally, Plore thought he'd have to develop a high-tech solution to hack the watch's signal, so he built radio extenders to theoretically allow the gun to fire further from the watch. He was able to fire the gun up to 20 feet away from the security watch, much further than the 10 inches Armatix says its guns allow.

Then, he read the company's patents for the gun's technology and realized the lock was rather rudimentary. It turned out to be a metal plug that locks the firing pin. It's released by an electromagnetic signal transmitted from the watch. This signal, he said, is easy to duplicate.

"When all you need is some magnets from Amazon, the threshold's pretty low there. It's the sort of thing that seems so obvious in hindsight," Plore said. "It's a fairly obvious flaw."

Ultimately, he was able to unlock the watch by holding a $15 set of magnets to the pistol at a specific angle.

"I was almost a little surprised myself that it worked like it did. I pulled the trigger and it went 'bang,'" Plore said.

At first, he almost didn't believe it. So he tested it again, only this time he got it on film. 

Plore said he spoke with Armatix about the hack in April and the company thanked him. Sadly, Plore said, this hack exposes a flaw in the hardware that likely can be fixed only with a recall. Armatix did not respond to requests for comment.

Plore said the whole ordeal highlights how smart guns are still "immature." he also expects even more guns will be hacked at future Defcons. 

That's part of why he's publicizing this hack. He wants to at least warn future smart gun companies to avoid Armatix's mistake.

"It's part of the hope that the future of smart guns will learn from this lesson and make a better product," he said.