Network Connected Wrenches Are A Thing, And Of Course They’re Insecure
Throwing The Works In A Wrench
On first read you might be shaking your head at the thought of picking up a wrench which has network connectivity seems ridiculous, but the Bosch Nutrunner wrenches in question are used in manufacturing and can provide a specific amount of torque in the assembly of equipment. Considering the recent 737 Max 9 incident, you can perhaps see why that would be very important. Unfortunately the designers didn’t bother to think about security as there are over a dozen vulnerabilities attackers can take advantage of, ranging from an CVE rated 5.3 up to several rated at an 8.8.
The wrenches use NEXO-OS firmware, and happily accept commands from unauthenticated sources over it’s web-based management interface. It is possible to encrypt the wrenches, rendering them useless but there is a worse choice that hackers could make. Apparently it is possible to adjust the tolerances of the wrench, while still having it report the original values, leading to under or overtightened bolts. That can have rather disastrous results on equipment that has been certified as ready to go and delivered to customers.
Ars Technica was told that patches for the wrenches should arrive before the end of January, and hopefully manufacturers install them quickly. For now, maybe don’t buy recently manufactured heavy equipment, if that is possible.
Researchers have unearthed nearly two dozen vulnerabilities that could allow hackers to sabotage or disable a popular line of network-connected wrenches that factories around the world use to assemble sensitive instruments and devices.
More Tech News From Around The Web
- Decryptor for Babuk ransomware variant released after hacker arrested @ Bleeping Computer
- Apple sets new 16,000-foot iPhone drop test after 737 fuselage fail @ The Register
- Duolingo Relying More On AI, Says It Will Lay Off 10% of Its Contractors @ Slashdot
- Apache OFBiz zero-day pummeled by exploit attempts after disclosure @ The Register
- Intel CES 2024 Announcements – Including 14th Gen HX Mobile and 65/35W Desktop CPUs @ The FPS Review
- The World Of Web Browsers Is In A Bad Way @ Hackaday
- Toronto Zoo: Ransomware attack had no impact on animal wellbeing @ Bleeping Computer
- A Picture Frame For Your Eyes Only @ Hackaday
- Flappie AI Cat Door Stops Your Pet From Gifting You Dead Mice @ Slashdot
