Netrunner hackers will basically become wizards, able to blow everything up with a few lines of malicious code. The reality may be more boring, but given the introduction of DRM on trains not too long ago, fingers crossed that cyber wizards will be born in the next few decades. [The Bosch Rexroth NXA015S-36V-B, also known as a nutrunner, is a type of torque wrench that came into use nearly 100 years ago. We live in a world of beautiful coincidences.
As detailed in a report by security firm Nozomi. A team of security experts found a whopping 25 vulnerabilities in the wrench, which connects wirelessly to the manufacturer's internal network. The wrench also runs on Linux, or the Linux-based NEXO-OS.
Unlike the superfluous anti-competitive nonsense applied to the Polish train, Nutrunner's always-online wrench software actually has a good reason. Access to the application allows engineers to fine-tune the final torque level of fasteners.
"As an example, bolts, nuts, and fasteners used in power distribution panels must be properly torqued to ensure that connections between current carrying components, such as high voltage bus bars, maintain low resistance. Loose connections can result in high operating temperatures that can cause fires over time.
The sentence "there is a hackable wrench" is quite comical, but the potential security risks here are direly serious. Of course, there is a business aspect as well. Nozomi believes that these vulnerabilities could be used in ransomware attacks.
A more worrisome possibility is that these weaknesses could "allow a threat actor to hijack the tightening program while manipulating the on-board display, causing undetectable damage to the product being assembled or rendering it unsafe for use."
It's a worst nightmare scenario, a supervillain-level evil, but the concept of a string of industrial accidents caused invisibly, months after the attack, is genuinely a bit scary. This is not just a theory; the security team has done it perfectly:
"We managed to secretly change the settings of the tightening program, such as increasing or decreasing the target torque value. At the same time, by in-memory patching the GUI on the on-board display, we were able to display the normal values to the operator.
In an email statement picked up by Ars Technica, Bosch Rexroth said it "immediately incorporated this advice and is working on a patch to resolve the issue," which is expected to be released at the end of January 2024. What a time to have patches for wrenches.
Comments