A security researcher who goes by the nickname of Plore has bypassed the security locks of the Armatix IP1 smart pistol by using only three magnets worth $15.
The researcher showed off his findings at this year's DEF CON security conference, held in Las Vegas last week.
The gun uses a simple locking system to prevent unauthorized firing. For someone to shoot the small pistol, he needs to wear a watch that sends an authorization token via radio signals to the gun and activates the trigger.
Armatix launched the IP1 smart gun in 2014 and marketed it as a way to prevent thieves or children from firing the gun. The IP1 is currently sold for prices varying from $1,400 to $1,800.
In his presentation, Plore says he found two ways of defeating the IP1's security system. The first relies on using a specially-built device that either causes a denial of service (DoS) state preventing the owner from shooting, or extends the watch's radio signal to a greater distance, allowing someone to shoot it near the gun's real owner.
By default, the authorization watch needs to be 25 centimeters or closer to the gun in order to fire. Plore said the device he built extends this authorization distance to almost 20 feet.
This was Plore's first attempt to find a way to shoot the gun. As he spent more time analyzing the Armatix IP1 and its inner design, he soon realized that the trigger lock was made up of a simple electromagnet.
It didn't take long for the experienced security researcher to figure out that he could disturb this electromagnet's field with other nearby magnets and lift the trigger lock, allowing anyone to fire the gun.
The researcher says that three magnets bought off Amazon did the job. The attacker needs to bring the magnets near the smart gun's trigger lock at a certain angle.
Plore says he informed Armatix about the design flaw, but even he realized it was too late for the company to fix the issue. Nonetheless, the researcher hopes that by exposing the IP1's design flaw, other smart gun manufacturers will avoid making the same mistake.