Info@NationalCyberSecurity
Info@NationalCyberSecurity

Network-Connected Torque Wrench Used in Factories Is Vulnerable to Ransomware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Hackers could cause mayhem by hijacking Wi-Fi-enabled torque wrenches used at car factories, according to new security research.

On Tuesday, IT security company Nozomi Networks said it uncovered 25 vulnerabilities with an operating system from industrial equipment provider Bosch Rexroth. By exploiting these software bugs, a hacker could tamper with Bosch’s pneumatic torque wrenches, which connect to a customer’s IT network through the hardware’s embedded Wi-Fi module. 

Nozomi researchers tested the vulnerabilities to determine severity, and were able to install ransomware on the Bosch wrenches, effectively bricking them. “Furthermore, we could alter the graphical user interface (GUI) to display an arbitrary message on the screen, requesting the payment of a ransom,” the company added.  

Nozomi Networks slide

(Credit: Nozomi Networks)

The same vulnerabilities could also be abused to secretly alter the wrenches’ configuration settings, all while showing a normal value on the GUI. The sabotage could lead factory operators to think they had properly fastened screws on a car when in reality the bolts would be too loose or too tight, resulting in mechanical failure. 

Nozomi Networks slide

(Credit: Nozomi Networks)

Nozomi Networks discovered the vulnerabilities in Bosch Rexroth’s Linux-based NEXO-OS operating system, which can remotely reprogram the affected torque wrenches. The threat emerges if a hacker infiltrates a company network that contains access to NEXO-OS and the network-connected wrenches. Nozomi notes an “unauthenticated attacker” could then use the software flaws to gain greater privileges and kick off the sabotage. 

Recommended by Our Editors

Nozomi Networks reported the flaws to Bosch Rexroth, but an official fix won’t arrive until the end of January. In the meantime, Nozomi is recommending affected users restrict “network reachability” to the affected Bosch Rexroth products. 

Bosch Rexroth also published a security advisory. The company added: “Security is a top priority at Bosch Rexroth. Our experts continuously monitor any threats and take immediate countermeasures, if necessary, for example through updates offered by the manufacturers. With this approach, we can guarantee a high standard of security at Bosch Rexroth.”

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.



——————————————————–


Click Here For The Original Source.

National Cyber Security

FREE
VIEW