network-connected wrenches
Do wrenches really need to be networked? Honest question
Do wrenches really need to be networked? Honest question
A network-connected wrench can be a component of process improvement or quality improvement.
Imagine network wrench situation:
“Ed, Jim is on door install duty today right? I thought so. The system threw an alarm for his work. The last two doors he’s installed were under-torqued by 50 lbs on each bolt. Head down to production line four where he is, and get him sorted out.”
Imagine non-network wrench situation:
“The FAA has grounded all Boeing 737 Max 9 jets today after a massive decompression event occurred on Alaska Airlines at 16,000 ft. The door plug blew out of the jet at altitude. United Airlines has reported, after inspection, loose bolts the door plug of several of its Boeing 737 Max 9 jets as it continues to inspect every one if its 79 jets in its fleet.”
Do wrenches really need to be networked? Honest question
The moment my wrenches at work need to be connected to WiFi so some bean counting manager can come lecture me about every nut and bolt I work on, is the moment I wheel my tool cart into the woods and setup a shack.
Good thing they’re primarily talking about things such as aircraft, where this level of analness is sort of the bare minimum.
Prior generations likely said the same thing about putting video cameras in service bays. I know I said something similar if my employer ever required my fingerprints (for unskilled work). Yet both are commonplace today.
Those cameras saved my ass more often than not.
Also had them in my classrooms as a teacher and it was great. Not only was I able to close a door to help a single student, but it made a great thing to point to whenever kids were acting up! Lol
There’s no such thing as “unskilled work”. I’d no skill was required, why do you need to gave training to do it? Cooking burgers at McDonald’s? You need to know how long the burgers are to be cooked on each side. Stop calling certain jobs “unskilled”.
There’s a big difference between needing 6+ months of training and needing only a day or two of training.
Yeah, pretending there’s no distinction is just stupid. Even from a leftist theory perspective, MDs don’t face the same struggles or need the same regulatory oversight to protect their rights as burger flippers.
Like, if they’re pissed at the term “unskilled” they’re welcome to propose an alternative but there’s obviously a meaningful difference.
Unskilled is a term bosses use to devalue a workers labor and value.
minutes of training for things like making a burger at McD’s. You just follow the info graphic.
It’s unskilled work, in that it requires no specialized skill.
or 6+ years for certain things…
Stop calling certain jobs “unskilled”.
Okay, how about “a level of competence most human beings have that an employer can spend a only a few hours of training with that person that the person will attend a level of acumen they can perform the job function.” Its kind of wordy, does that help?
Hahahahshsha
So pressing the button on the timer built into the fryer, since the 70’s, is now skilled work?
There’s lots of unskilled work out there. I’ve done lots of it. From digging ditches to fast food to loading trucks and delivering parts.
None of those jobs require more than a few minutes of training, therefore “unskilled”. And fast food today is even more unskilled… Just follow the diagram in front of you. And you don’t make the burgers in fast food, they come in pre-made in boxes, usually frozen, and you load em up on the automatic cooking device (varies by company). I believe Wendy’s still grills their burgers, using a timer and a rotation methodology, so no skill rewuired.
Hell, even being a line cook is unskilled, and that can be a really demanding job from a time management perspective (I’ve been a line cook).
I’ve worked for the top 3 fast food places, a number of smaller restaurants, and a bunch of other jobs. I’ve had somewhere approaching 40 jobs in my life. Lots out there is unskilled.
deleted by creator
Imagine non-network wrench situation:
“The FAA has grounded all Boeing 737 Max 9 jets today after a massive decompression event occurred on Alaska Airlines at 16,000 ft. The door plug blew out of the jet at altitude. United Airlines has reported, after inspection, loose bolts the door plug of several of its Boeing 737 Max 9 jets as it continues to inspect every one if its 79 jets in its fleet.”
What’s the ratio of boeing door decompressions to IoT devices being hacked?
1 to 786
surely we’re in the billions of IoT devices with malware by now right
And that’s just 1 botnet out of many.
And 8 years ago, while IoT has grown exponentially
So in other words, a dystopian nightmare where, for the sake of paying as low of wages as possible, corporations would rather use technology to oversee stupid employees instead of actually TRAINING and INCENTIVIZING actually qualified people.
Using technology to overcome human mistakes is happening right now in hundreds of other industries.
corporations would rather use technology to oversee stupid employees instead of actually TRAINING and INCENTIVIZING actually qualified people.
Of course, its cheaper.
What began with self-checkout machines will inexorably expand into the more professional realm with tools like AI
The funny thing is, some companies are moving away from self checkouts because of “honest mistakes” by customers.
Humans make mistakes with tools like this, and with the tracking systems.
BTDT with stuff completely unrelated but requiring verification and validation steps and initials. Mistakes will happen.
Having a tool that’s configured specifically and can document the torque applied for every bolt makes a lot of sense. I’ve assembled stuff with 30 fasteners and had to check and recheck torque, because, being human, it would be easy for me to miss one, or not read the rorque wrench properly (if using a bar type), or mis-set it if it’s a click type.
Nevermind the time it takes me to verify the value, set/check the tool, etc. It’s clearly about reducing errors with a repetitive task and providing a record of the torque values. The folks using these tools probably really appreciate it, I would, and the stuff I’ve done is trivial in comparison.
The only problem with this system is the lack of planning for proper security. Firmware update able remotely is just silly. Add in the number of vulnerabilities… Sheesh.
OK, remotely updateable could be useful, but it should require a long password and a cryptographic pin (like the old SecurID devices that generated a pin once a minute) that is managed by multiple people, and the devices should only permit updates from a specific piece of hardware on the company network (say a vendor supplied firmware update injector) that has a hardware ID. So when devices are on boarded they get paired with that device and maybe a secondary. So it requires a pairing process that can only be done with physical proximity, combined with device IDs and a password/pin pair that’s cryptographically generated, and managed by a system requiring at least two people to check out the password from the repository.
Hell, I just thought up all this on the spot. I’m sure others did too, and got shot down by management.
Why not have a two stage torque process?
I know aerospace ≠ automotive but many years ago I worked in a shop and any time the wheels came off a vehicle the mechanic/tech torqued the lug nuts to spec, then a second person independently verified and re-torqued the lug nuts.
It seems like adding a network connection and all that goes with it also introduces additional points of failure, no?
While a second person would indeed reduce the number of issues, it’s still another human to fuck things up. What if the second person is lazy? Or they get tired of checking every door because “it’s never been off before, why would it be off now?”
Human error caused the issue in the first place, why are we assuming a human will always find and fix the problem on a second pass?
Human error caused the issue in the first place, why are we assuming a human will always find and fix the problem on a second pass?
I’m not sure why you should trust a piece of technology to be infallible.
I mean, if a networked tool can be hacked then should it be trusted to be accurate? How do you know it hasn’t been hacked and maliciously modified to report correct torque even when wrong?
Didn’t GM just suspend sales of their new cars without CarPlay because their new system had software issues? Trust a company trying to save money to skimp on the implementation costs of any technology they put in place too.
It’s not so much the technology as the people running a business that worry me, VW programming emission modes is a great example. Relying on companies to regulate safety is a sure fire way to get corners cut so they can make a cent. The network wrench may be a good idea but only if regulated by the FAA and not the company.
You are erring dangerously close to the classic “computers don’t make mistakes” argument.
Not at all. A human plus a computer is going to be less prone to mistakes than a human plus a human though.
In my experience its more prone to mistakes, because people just accept what computers tell them as infallible unless its something so massively, egregiously wrong that it shatters what little common sense they have… and even then its only 50/50.
then a second person independently verified and re-torqued the lug nuts.
Labor costs are likely the highest input. That solution doubles labor costs for that process.
Hard to hack a person. Sounds like sacrificing security to save a buck if that’s the only reason, especially considering you’re not just paying for a tool when you network it.
People are actually the easiest to hack. That’s why social engineering is such a huge security risk, why employees have minimum amount of access required to systems, why corporate laptops are so locked down, and why huge phishing assessments are done.
It’s just that we are more accustomed to monitoring people, and it also gives a focus that everyone understands that can take the blame for mistakes.
Sorry, I assumed the context was obvious, but it’s hard to hack a person standing there turning a wrench.
What’s easier to hack? That person standing there turning a wrench or a network connected wrench? Especially considering the points you made; the wrench turner probably has access to less than the network connected wrench.
God, I hope the wrench has access to less of the network than the employee.
It’s an IoT device.
You never trust IoT.It should be on an isolated vlan dedicated to the wrenches that allows it connect to its storage server, only.
Putting the wrenches on a pvlan would further limit the scope of any breaches to a single wrench.
Any access to the wrench vlan/pvlan should be from a trusted management vlan. Any traversal of the firewall for this access should be logged.
Ultimately, this is a device being used by a company that requires per-bolt certification of torque. You can bet that every part of their process has an equivalent level of scrutiny, including certification of network security/auditing.In fact, following sensible IoT network security mitigates all of the CVEs listed - because they need the attacker to have network access.
Sure, most of the CVEs are the stupidest “my-first-web-app” level of mistakes (csrf, xss, directory traversal) and shouldn’t exist. But it’s still an IoT device, and should always be treated as a black box of leaky security regardless of the manufacturer.
Nah. Usually the double checking is added onto a list of another person’s tasks with no increase in wages or allocated time! Lol
Follow up question, could the same metrics be captured without a network connection? An alternative might not be as user friendly as an IoT device, but for the last what decade? It seems like investment in IoT is investment in security vulnerabilities.
Also QA, issue tracking, and litigation protection. This includes worker protection.
“Those bolts? We have the record right here from the very wrench that tightened them that shows they were tightened to spec on that plane.”
The network thing is great until Ed finds out the torque wrench Jim uses doesn’t operate properly because it has been infected with malware for an undetermined period of time.
That it’s admittedly a pretty good point.
That said, this is a very niche device. Almost nobody should ever own one for themselves, these are the kind of devices that are provided by the company you work for.
No, don’t you try to come up with some ridiculous scenario to justify this shit.
There is no justification for a fucking network connected wrench.
Its more expense and stupidity to solve a problem that shouldnt exist with proper procedures, and if you arent following proper procedures your wrench being able to update its goddamn fucking facebook page wont make a goddamn difference.
It makes sense for certifying torque specs. Every time the wrench tightens a bolt, it can tell the network and it can be certified.
With the added bonus of all the data potentially being compromised, specs modified, torque intentionally wrong, thereby invalidating every certificate.
Remember when skilled workers were competent, had the time to do their jobs properly, and could write shit down?
Gotta call bullshit here.
Skilled workers make mistakes. Give them all the time in the world and they will still make mistakes because they are human. The trick is to give them feedback loops, as short as possible, so they can recognize their mistakes. This should be part of process controls based on risk.
Don’t get me wrong, I would not want to validate this network wrench solution. There is a fairly narrow band where it makes sense to me which would require a fair amount of DFM (design the assembly to have unique bolt heads for each torque setting etc). But when you are making things that people rely on for their life… You have to have layered systems and these are a legitimate layer.
it can tell the network and it can certified
Not without paying some bitcoin.
That’s actually really clever.
It’s for where bolts have to be tightened to a specific amount, and certified. Faster than writing it down. Faster to track down an error.
As others have pointed out, you’d want every single bolt on your airplane tightened to computer level precision and error control. If some stray cosmic ray strikes the wrench during the tightening process then that’s the universe telling you it’s time to go.
Most likely there would be some error detection/correction against cosmic rays
Might be more in addition to it, but usually it’s as part of a fancy inventory system to keep track or who checks in/out what tool. They’ll have GPS sometimes too.
Power tools are expensive and have a tendency to “disappesr”, so on a big enough scale I can see where it’s helpful.
The cordless device, which wirelessly connects to the local network of organizations that use it, allows engineers to tighten bolts and other mechanical fastenings to precise torque levels that are critical for safety and reliability. When fastenings are too loose, they risk causing the device to overheat and start fires. When too tight, threads can fail and result in torques that are too loose. The Nutrunner provides a torque-level indicator display that’s backed by a certification from the Association of German Engineers and adopted by the automotive industry in 1999. The NEXO-OS, the firmware running on devices, can be controlled using a browser-based management interface
Interesting ok
Unionized!
Sorry boss, the wrench is on strike again.
Yes, in factories where the tools are programmed to do a job like tightening the bolts for an airplane plug door or your car engine head. The quality assurance gains are enormous (the tool does the job and logs it).
Problems occur when the customer cuts IT security costs or tampers with the tools to increase production rates.
Or connects the tools network to the net.
No.
The article provided some great details.
Innovators always ask whether or not they could rather than if they should smh.
You know, for all the important statistics and so on.
And the server has an AI thingsamabums to calculate your averages and a blockchained score for NFC emeralds! Gamification! Rewards!
WHY IS THERE NETWORK CONNECTED WRENCHES?!
ITS A FUCKING WRENCH!
IT DOESNT NEED THE NETWORK!
WHY THE FUCK DO THEY PUT NETWORK CONNECTIVITY IN THIS SHIT THAT DOES NOT, IN ANY CONCEIVABLE FASHION, NEED IT!?!
I swear to god one of these days my head is literally going to explode in thermonuclear ball of rage over the absolute stupidity of this shit.
Auto torquing wrenches that connect to a network to know exactly how much torque to apply to a bolt or screw that can be updated on the fly to fix issues or change spec without much effort. They’re pretty common in manufacturing.
Heh… Kinda funny that by making them idiot proof, they’ve opened up vulnerability to someone who isn’t an idiot.
Damn you and your reasonable explanation!
An assembly line making variations of the same product makes sense but why would they be exposed to the internet?
My friend who works designing such tools says production stuff should never be connected to the internet for obvious reasons. Someone fucked up.
The factory network might have been designed under the assumption that there were no such unsafe devices around, somebody might have poked a hole on the firewall for something completelly different that exposed these tools, somebody might have taken one of these home or to a company office for some reason and brought it back infected, somebody with a notebook connected to the Internet via Mobile came to the factory, an attacker physically parked next to the factory and started hacking, the good old “drop a USB disk with a virus in the parking lot”, and so on and so on…
You’re really supposed to design networked software under the assumption that at some point it will be exposed to an unsafe network.
why would they be exposed to the internet?
to be able to get information about new parts or procedures, or updated information from the device manufacturer or the manufacturers of the parts the device is designed to interact with.
None of that requires internet access though. It should all be handled through the company intranet.
I work in manufacturing and our tools are connected to the company network but blocked from the internet because some still rely on things like WindowsXP or Win7 for example.
putting together a WAN with your vendors would be a great big old thing. I suppose you could figure out some way to pull vendor patches and updated specs into your LAN via a single point of entry as well.
How do I train to be an IT wrench administrator?
Why would you want to? Are you some kind of masochist?
USB is a thing
"nuts loosened: 9,345
Wrench rotations: 237,902"
“ERR: #482: License only permits 237,901 rotations. Please upgrade your license or subscribe for $94/mo”
“Ran out of cyan” for mechanics
Please twist verification nut.This is no joke, 100% going to be the future.
All it will take is one gigantic asshole to start and if the product is useful enough that’s it, people will buy it and every company under the sun will copy.
Goodbye ownership of the things you buy, it will be the videogame distribution model of “you paid for a temporary license to use the product. You did not buy anything.”
I can totally see “you’ve exceeded the license agreement for free usage, now log in to your account and pay for the premium package wrench plan for $99.99/month.” Hell printers are already disabling usage if you don’t have a credit card on file with them even though you bought the damn thing…
Thankfully hobbiest electronics and 3d printing can replicate a lot of those products without the dark patterns for those patient / saavy enough to build or sell them.
And in the case of a Wrench… You wouldn’t copy (mold /foundry) a wrench would you?
So if you’re on a site with hundreds or thousands of company owned tools it would be very helpful to have them connected for things like:
- Tool status
- Tool location
- Service information
- Lifecycle control
There’s even network connected tyres at this point.
Corpos froth at the mouth at the thought of being able to manage service information and lifecycle control.
It makes it safer and convenient for the workers as well.
Can’t that also be resolved with an inventory system similar to what chem/medical labs use?
Most, if not all, aerospace tools that take a measurement requires periodic calibration and assurance that the tool is performing to spec.
There can be thousands of unique tools that must pass through its own respective calibration process and documentation. Micrometers, calipers, torque wrenches, and even scales.
Having a networked tool can save the hassle of operators mis-reading or just plain ignoring the calibration sticker. Also, knowing the “location” of the tool on an inventory sheet isn’t quite like knowing which side of a 747 for the wrench that is due for calibration.
Also this is just me hypothesizing… I presume there are a number of other benefits like automated logging of torque values for every single bolt installed with such tool. When the FAA audits for installation information regarding a single screw on a plane’s 3rd row window side infotainment system’s upper left mount… The data is easier to find.
This is all part of “industry 4.0” connected manufacturing for more efficient and lean manufacturing. Collect and process any data you could ever want to make the decisions for a manufacturer to do more with even less.
As a Software Engineer (cloud) you had me sold at Data Lake lol.
In all seriousness, it does seem like another valid philosophy for achieving further automation of mundane tasks.
Thankfully a lot of the trade-offs from IoT right now can seemingly be mitigated by building greenfield solutions.
Hopefully the industry can see and acknowledge the demand for more local networking versus going through a cloud service.
doing more with less is probably exactly how these door plugs didnt get tightened down to begin with.
The main reason it needs a battery is to alert if the battery is low over the Internet.
I’m honestly surprised anyone would buy it. Most tradesmen I have worked with would not be even remotely interested for a multitude of reasons.
In a factory setting I can easily see this part of the quality control. Where wrench would log each tightening procedure and keep track of its own use.
Boeing could use them on their door plug nuts.
I can sort of see things like washing machines, even if I would rather it not. It can tell you when it’s done, some even run a diagnostics to tell you if something is wrong.
But yeah, it’s a drill. It’s not that complicated. I don’t need it to tell me when it’s done when I need to be there to use it.
Why does a washing machine need enough complexity to require diagnostics?
That’s just nuts.
I use one cycle, on cold, all it’s gotta do is agitate the water.
My family had the same washing machine for 30+ years. I’m not seeing why that needs to be redesigned. Parts were still available when we replaced it.
Exactly.
Old electromechanical washers and driers were SO much better than the modern computerized shit.
More durable too.
I’m just here because I can’t fucking believe it’s named “Nutrunner.”
Must be an oblique cyberpunk reference. Whatever it is, it’s fucking ridiculous.
I will twist your nuts so fuckin hard
After a firmware update of course
And after paying the 0.1 BTC ransom
Get screwed choom
Need a network connected screwdriver for that
It’s not just a nutrunner. It’s a private network penetrating handheld nutrunner.
When you have a long thread on a bolt, you run the nut down the thread to where it will be tightened up.
You can do it by spinning the nut with a flicking action with your finger, people do it with long lengths of rag that they then show on social media, or you can do it with a NutRunner™.
Boeing bout to have a scapegoat lol
Gotta put the blame on the weaker people, probably the daily routine of some CEOs
I hate to sound like a boomer, but maybe not everything needs to be network connected?
That’s nuts!
And bolt
We shall hear no more of that Common Sense in these hallowed halls!
How dare you
My dishwasher is connected to the network. I can start it from my phone but it’s more convenient to press start when I close the door and put in soap. The only reason I’d want it to be connected to the network is if it had tiny cameras inside. Why do network connected dishwashers not have tiny cameras and lights, so I can watch it actually cleaning my dishes?!
Oh jeeze. I do not have time to be spending hours watching my clothes wash on a tiny camera, which is exactly what I would be doing if there was a tiny camera in my washer watching my clothes.
I was today years old when I learned that networked wrenches were a thing.
Call me Adama, my wrenches will remain un-networked.
Here is more about the vulnerability from the people who found it. I looked up these wrenches and they cost roughly $9,000. Imagine your factory uses 100 of them to certify torque specs on X number of cars per day. Now imagine finding out they’ve been compsomised. What do you even do? I’m glad I don’t work in that field.
https://www.nozominetworks.com/blog/vulnerabilities-on-bosch-rexroth-nutrunners
I would guess something along the lines of hire a security firm to try to find when /where /to what it happened on. Recall all of those products. Then sue Bosch for the cost.
What do you even do?
Issue a recall
The vulnerabilities, reported Tuesday by researchers from security firm Nozomi, reside in the Bosch Rexroth Handheld Nutrunner NXA015S-36V-B. The cordless device, which wirelessly connects to the local network of organizations that use it, allows engineers to tighten bolts and other mechanical fastenings to precise torque levels that are critical for safety and reliability. When fastenings are too loose, they risk causing the device to overheat and start fires. When too tight, threads can fail and result in torques that are too loose. The Nutrunner provides a torque-level indicator display that’s backed by a certification from the Association of German Engineers and adopted by the automotive industry in 1999. The NEXO-OS, the firmware running on devices, can be controlled using a browser-based management interface.
Nozomi researchers said the device is riddled with 23 vulnerabilities that, in certain cases, can be exploited to install malware. The malware could then be used to disable entire fleets of the devices or to cause them to tighten fastenings too loosely or tightly while the display continues to indicate the critical settings are still properly in place.
9 of these are improper neutralization of inputs, of which 4 are SQL injections. The post says the vulnerabilities could be used to ransom-lock the devices or secretly adjust the torque levels the wrench applies while the display reports a false number.
Nutrunner
Lol
It’s like a NetRunner. Butt for nuts.
“IN A WORLD…
WHERE SEMI-WOODEN ARBOREAL FRUITS HAVE FAST-ASS LEGS.
AND WRENCHES CAN GET HACKIFIED.
ONLY ONE MACHINE CAN SAVE US ALL.
BOSCH TICKLEFINGER IS:
THE NUTRUNNER.
APPEARING AT A CINEMA NEAR YOU.
PARENTAL ADVICE RECOMMENDED “
Lmao I’d watch that movie
So it connects to the network for firmware updates.
What the hell is there to update in the firmware? It either tightens to the indicated torque or it doesn’t.
Seems like using a cable for firmware updates which should be rare as hen’s teeth would be a smarter approach.
These tools need other maintenance/inspections anyway, you just do it then. Really, firmware shouldn’t have such a major flaw that an update is that crucial.
The tools are connected to a central database that logs all operations, it’s super useful. All the difference between Boeing that uses old style pneumatic guns and manual torque wrenches vs. Airbus using fully connected/automated wrenches that not only tighten bolts to the right torque every single time but also keeps track of how many bolts have been tightened. Such tools should be airgapped from the internet but obviously someone messed up on that part. Could be cost-cutting.
Indeed. When a tool has one job, if it needs a firmware update because it failed to do it’s one job, just give me my money back and I’ll buy a new one.
My impression was it connects to log torque levels and receive torque levels
deleted
The fact that they could manipulate the tightness and display output so that it could leave the bolts loose while saying that they aren’t, seems like a bigger problem.
deleted
Well, yes. There would be a root infection point outside of the wrenches themselves. The entire network would likely need to be inspected before you’d just reflash and move along like everything was better.
Why the fuck does someone need a wrench connected to the internet in the first place?
I went appliance shopping recently and the salesman tried to get me on board with a WiFi connected fridge, his sales pitch was that I’ll get a push notification on my phone when the air or water filter need to be changed, and there’s a camera so if I’m at the store and I can’t remember if I need to buy milk, I can open the camera app and view the inside of my fridge and see my milk level. GTFO, not everything needs to have an app or internet service.
deleted
You could read the article and find out.
If you’re too lazy to read the article:
For normal consumers, it is absolutely a useless and stupid feature.
For safety-critical assembly line and maintenance applications, having the torque wrench networked enables a high degree of auditability. A highly pertinent current example would be the 737 MAX9 fuselage plug issues - if this device were incorporated into production and maintenance processes, it could enable manufacturing and maintenance audits down to the precise torque value used for each fastener, which likely could have prevented the issue entirely. Or… considering the timing, maybe they were being used, and the wrenches were compromised.
Not too lazy to read the article, I think its a stupid feature. For decades industries have managed with high skill employees and manual torque wrenches. Somehow logging torque specs in a data base is going to solve problems or being able to remotely access said data base to make sure the tourque setting is correct? How about hire competent people with the right skills and give them the time they need to do a good job. How about having floor supervisors that actually know, and have done the job they’re overseeing to regularly check the torque specs. Boeing QC and safety has been on a downhill slide for decades, right around the time that the merger with McDonnell Douglas happened.
Modern fridges need filter changed? Our old one just runs.
For ones that have the water spout and ice maker, yes
Air filter though?
Yeah good call, haven’t heard of a fridge with an air filter
It has your location data for the Find My Device app and we both know your wife would love to see where you screwed during lunch break
Right, if your factory is dependant on robotic wrenches for manufacturing, wouldn’t you have that backed up? You probably don’t only have one wrench with the code.
You’d be surprised how often critical tools don’t have backups.
More than once I’ve been to sites where the software needed to service a critical piece of equipment only existed on a single 15+ year old banged up laptop, or a 40+ year old PLC handling a critical part of a production line couldn’t be turned off because there was a risk that it wouldn’t be able to turn back on, and it was EOL’ed over a decade ago but they still hadn’t ported the program to a newer platform.
I would hate to submit a report to a federal agency that said, “we paid the hackers and they said we could use our equipment again.” Wrenches would be trash after this, (maybe send the back to the factory and ask them to recert them).
What manufacturer allows you to reflash equipment?
deleted
The fact that it was able to be flashed with ransomware over the network to begin with, insinuated that flashing is a feature on these devices.
Any 10mm can lose itself already- we don’t technology for that.
I’m sorry hold on a second did you just say “network-conneced wrenches?”
And expose this outside of a VLAN, you say?
At first, I thought this was some abstract or technical term that I didn’t know.
A lot of routers at least have an IoT wifi network lol. Should’ve probably used that. Although it probably has some stupid dongle it connects to instead that’s connected directly to ethernet. Unfortunately the average person buying a drill is not gonna know how to set up a VLAN.
It’s stupidly easy to make embedded devices that are network-connected nowadays which, 2 decades after the server-side ones have mainly learned their lesson, has brought a whole new generation of security-clueless software developers in contact with the big bad world of networking in environments which are not air-gapped.
What A Time To Be Alive!
Dont give boeing executives ideas for excuses on those loose bolts.
This is the best summary I could come up with:
Researchers have unearthed nearly two dozen vulnerabilities that could allow hackers to sabotage or disable a popular line of network-connected wrenches that factories around the world use to assemble sensitive instruments and devices.
The vulnerabilities, reported Tuesday by researchers from security firm Nozomi, reside in the Bosch Rexroth Handheld Nutrunner NXA015S-36V-B.
The cordless device, which wirelessly connects to the local network of organizations that use it, allows engineers to tighten bolts and other mechanical fastenings to precise torque levels that are critical for safety and reliability.
The Nutrunner provides a torque-level indicator display that’s backed by a certification from the Association of German Engineers and adopted by the automotive industry in 1999.
The malware could then be used to disable entire fleets of the devices or to cause them to tighten fastenings too loosely or tightly while the display continues to indicate the critical settings are still properly in place.
The vulnerabilities found on the Bosch Rexroth NXA015S-36V-B allow an unauthenticated attacker who is able to send network packets to the target device to obtain remote execution of arbitrary code (RCE) with root privileges, completely compromising it.
The original article contains 344 words, the summary contains 187 words. Saved 46%. I’m a bot and I’m open source!
With root privilleges? These things are running a full fat operating system? On a wrench too, what? Not even 3D printers run a full OS 🤦♂️
This is hilarious! Gimme 5 Bitcoin or you can’t use your drill!..goes to home Depot to get new drill. LOL. Huge risk, little reward. Unless they infect the drills at the fucktory.
You might want to read the article about why these wrenches are network-connected and why buying a new one at Home Depot is not an option.
fucktory
Congratulations. You win typo of the day.
deleted by creator
Thanks!
What else do you call a place that manufactures this thing?
Oh yeah, just go wander to the the Home Despot and pick up a coupla highly specialized $10,000 tools. Might as well buy all the other equipment your factory line lost access to because SQL injections granted the hacker piggyback access to them, too. Damn, if only Bosch just listened to people who didn’t bother to read anything before making stupid comments.
