Inquiry to Armatix Regarding Security of "Smart Gun"

In response to this article from Fox News (, I have sent an inquiry to Armatix, the manufacturer of the "Smart System iP1" which was recently offered for sale in California.

I will keep you updated if a response is received. You can read the full inquiry below. Also, for those interested, the user manuals can be obtained by performing a Google search for the FCC IDs in the letter below.

Hello, I am a Cyber Security professional and am writing to inquire about the safety and security features in the Smart System iP1.

Specifically, I'm interested in how the communication between the pistol (FCCID ZYXSMARTIP1) and "smart watch" (FCCID ZYXSMARTIW1) are secured.

Which RFID technologies are in use?

Is RFID communication authenticated? What protocol?

Is RFID communication encrypted? What encryption method?

Has "fuzz testing" been performed against the pistol and smart watch? In case you are not familiar with it, "fuzz testing" is a process which is used in software testing to check for vulnerabilities by sending invalid, unexpected, or random data.

Should a security vulnerability be identified in the smart watch or pistol, how will a consumer obtain and install a patch to correct the vulnerability?

According to the FCC notice in the user's manuals, the devices must "accept any interference received, including interference that may cause undesired operation." What are the known effects of radio interference with these devices? Could it prevent firing in a situation which would leave the weapon holder unable to defend him/herself? Could it result in an accidental discharge of the weapon? Could it result in permanent disabling of the watch or weapon?

Does the pistol or watch have a permanent "killswitch" which could be remotely triggered? If so, who has access to this killswitch, and how is it secured?

Your help in answering the above questions, as well as any other relevant information, would be greatly appreciated.

Thank you,

Ken Buckler
Caffeine Security

Please feel free to weigh in with your own thoughts below, but I ask that you keep your posts to a "cyber security" related discussion, and please do not turn this into a for/against discussion on gun control.

No comments:

Post a Comment