Armatix "Smart Gun" - Possible Interference from Portable Phones

Several weeks ago, I sent the following inquiry to Armatix, the makers of the "Smart System iP1", a "smart gun" secured by a RFID watch. Today I recieved an email stating that they will not be answering my questions because the information is "company confidential". My original letter and the resulting email string are as follows.

Hello, I am a Cyber Security professional and am writing to inquire about the safety and security features in the Smart System iP1.

Specifically, I'm interested in how the communication between the pistol (FCCID ZYXSMARTIP1) and "smart watch" (FCCID ZYXSMARTIW1) are secured.

Which RFID technologies are in use?

Is RFID communication authenticated? What protocol?

Is RFID communication encrypted? What encryption method?

Has "fuzz testing" been performed against the pistol and smart watch? In case you are not familiar with it, "fuzz testing" is a process which is used in software testing to check for vulnerabilities by sending invalid, unexpected, or random data.

Should a security vulnerability be identified in the smart watch or pistol, how will a consumer obtain and install a patch to correct the vulnerability?

According to the FCC notice in the user's manuals, the devices must "accept any interference received, including interference that may cause undesired operation." What are the known effects of radio interference with these devices? Could it prevent firing in a situation which would leave the weapon holder unable to defend him/herself? Could it result in an accidental discharge of the weapon? Could it result in permanent disabling of the watch or weapon?

Does the pistol or watch have a permanent "killswitch" which could be remotely triggered? If so, who has access to this killswitch, and how is it secured?

Your help in answering the above questions, as well as any other relevant information, would be greatly appreciated.

Thank you,

Ken Buckler
Caffeine Security

I response was received from Armatix, asking for clarification as to what I wanted the information for...

Dear Mr. Buckler, thank you for your interest in our products and technology. Unfortunately, some of the requested informations are company confidential and/or classified. To understand the reasons for your inquiry please provide additional information regarding your personal and professional background, your connected enterprise and the context in which you might see the benefit for your and our company to share technological details. We look forward to hearing from you. Best regards,

Valentin Weidl
Sales Department
Armatix GmbH
Feringastr. 4
85774 Unterföhring

To which I happily replied...

Certainly! I am a cyber security professional with experience in penetration testing and risk management. I run a cyber security blog at which averages approximately 8,000 views per month.

I feel that these questions are very important to the public interest, so that the public knows and understands how well secured your system is from malicious or unintentional interference.

Any information which you can provide which can be disclosed publicly would be of great interest to my readers.



Today I received this rather disappointing response.

Dear Mr. Bucker, thank you for your elaboration. At the moment we must however decline to answer your inquiry as the information that you are requesting is company confidential. Kind regards,

Valentin Weidl
Sales Department
Armatix GmbH
Feringastr. 4
85774 Unterföhring
In short, Armatix is invoking "security through obscurity", which those of us in the cyber security realm consider just about as good as no security at all. As a security professional, I must recommend that no one purchase this weapon system until Armatix has made public the details of the security in place to protect from outside interference, intentional and unintentional.

With that said, let's take a look at the public information about the Smart System iP1 which is not company confidential. Most of this information can be obtained from the FCC.

I would like to once again remind the readers of the FCC notice the the weapon system must "accept any interference received, including interference that may cause undesired operation."

Personally, I consider undesired operation in any weapon system an extreme safety hazard.

Now unfortunately I don't have the funds available to purchase the Smart System iP1. However, if I did, I would be very interested to see how the system functions when harmful interference is transmitted on its frequencies.  And for those interested, the frequencies used by the system are also available from the FCC test report:
5.3 kHz
32.768 kHz
4 MHz
916.35 MHz (appears to be main frequency according to pages 19-20 of the report)

Based upon the above information, an attacker could theoretically prevent communication between the pistol and smart watch by broadcasting noise on 916.35 MHz. Of course, if you don't have expensive radio jamming equipment, you could just use a VTech t2415 phone (UPDATE: For clarification, this is a "portable" home phone, not a cellular phone), which happens to transmit on the same frequency. And if you just happen to own a phone which uses that frequency, hope that you don't need to dial 911 while using the Smart System iP1 to defend yourself. The gun might not fire due to interference from the phone. Unfortunately this is all theoretical, since Armatix refuses to answer my inquiries and I do not have the test equipment needed.  However, it is as fair and open a security assessment that I can conduct based upon the limited resources available to me.

I'd like to encourage Armatix to come forward with relevant data showing that this system is indeed safe and secure. Please, prove my theories wrong, and I will happily update this post with whatever information you provide.

Once again, I request that comments discuss the cyber security aspects of this gun only, and that this does not become a forum for debating for/against gun control.

No comments:

Post a Comment