TECH NEWS – Where is the world going? This is a tool we didn’t know had over 20 vulnerabilities.
What are we talking about? It’s the Bosch Rexroth NXA015S36V-B. It’s a torque wrench. It’s a torque wrench that’s been around for almost a hundred years, and there are smart versions of it available today. And this could be the subject of a ransomware attack. Nozomi reports that a security team tested a product that connects wirelessly to the manufacturer’s internal network (and runs on Linux, specifically Nexo-OS, which is built on top of it) and found twenty-five different vulnerabilities…
The existence of Nutrunner’s always-online software is understandable, however, because access to the application allows engineers to granularly set the final torque level of fasteners, which is important for everyone’s safety. “For example, bolts, nuts and fasteners used in electrical panels must be properly torqued to ensure that connections between current-carrying components, such as high-voltage busbars, maintain low resistance. A loose connection would result in higher operating temperatures and, over time, could cause a fire,” Nozomi wrote.
Ransomware attacks can affect your device, but there’s a bigger threat behind it. In fact, these vulnerabilities “allow the threat actor to hijack tightening programs while manipulating the onboard display, causing undetectable damage to the assembled product or making it unsafe to use.” In other words, serious accidents can happen. “We were able to stealthily change the configuration of the tightening programs, such as increasing or decreasing the target torque value. At the same time, by patching the GUI on the onboard display in-memory, we could show a normal value to the operator, who would be completely unaware of the change,” the report adds.
Bosch Rexroth responded, and Ars Technica wrote that they immediately took Nozomi’s advice and started working on a patch. It will be released later this month. It’s still hard to believe, but this is the cold, hard truth.
Source: PCGamer
Leave a Reply