PLEASE NOTE THESE IMPORTANT CORRECTIONS:
While the investigators did have to disassemble the rifle to identify the vulnerabilities later exploited, the tools they put together will work on any TrackingPoint firearm (disassembled or not) as long as the wifi is on.
As for the custom software update; it can be uploaded it to any TrackingPoint firearm as long as the wifi is on and the attacker is within range as the scope does not authenticate the connection.
Lastly, modifying the OS is not required to gain shell access; they found remote code execution as well.
In summary: Ephemeral changes (ballistic data, wind, etc) can be set by an attacker if they are on the wifi network without a modified OS.
Perpetual changes (which will continue to exist even after a reboot) can be done by uploading a modified version of the scope OS and pushing that modified version of that OS does not require the user to "accept" the upgrade, and there's a good chance that they may not notice it occurring.
The original presenter's slide deck, videos and information about the disclosure timeline can be found here: http://media.encrypted.cc/files/HackingALinuxPoweredRifle.pdf
Yesterday we explained the reality of the TrackingPoint hacking "scandal" (if you want to call it that), but we would like to go a bit more in depth about the system itself and the simplified version available through Remington (aka the Remington 2020).
But first, we need to secure our filming location to ensure there are no hackers within 100 feet, as per TrackingPoint's recommendation!
You can see the previous part of our TrackingPoint coverage here:
Category: Accessory Reviews Uploaded: 08/13/2015