The BBC has an article on so-called smart guns. Overall it’s not a bad article, it mostly covers what a smart gun is, how it works, and the political battle surrounding them. But one very stupid question is put forth:
Can it be hacked?
Yes. When the question is “Can it be hacked?” the answer is always yes. Granted the article does cover some of the ways in which radio-frequency identification (RFID) and biometric authentication systems have been hacked. But the conclusion by the BBC is that we don’t know if the iP1 authentication system can be hacked.
I’m here to tell you that it can be. We don’t know how but we do know it can be. That’s because every authentication system developed by us has been hacked because a security system can only buy time, it can’t entirely stop an unauthorized individual. Being that the RFID device used with the iP1 is new and, as the article explains, hasn’t seen much widespread use there is likely to be a plethora of bugs waiting to be discovered.
It’s likely that there will be a presentation at an upcoming security conference by a guy who figured out how to remotely enable and disable an iP1 from 100 feet away with an off the shelf RFID emulator. Authentication systems rarely survive their initial encounter with the hacker community.