Skip to main content

Bosch Fixes Torque Wrenches That Could Be Hacked To Display Incorrect Specs

Rexroth, a Bosch subsidiary, had to update nutrunners popular with automakers because hackers could take control of the tools.

Bosch Rexroth Torque Wrench
Anthony Alaniz Anthony Alaniz
By: Anthony Alaniz
at 1:31pm ET
Add Motor1.com as a preferred source in Google
Comment

More things can connect to the internet than ever. It seems like anything and everything that can fit a display and a Wi-Fi module is doing just that to offer enhanced features and continuous updates. Security vulnerabilities make these devices easily hackable, though. Rexroth, a Bosch subsidiary, is dealing with this problem right now with its torque wrenches, which it's priming to update with a software patch after researchers found that hackers could take control of the tools.

Nozomi Networks discovered numerous vulnerabilities with the Bosch Rexroth NXA015S-36V-B nutrunner, a tool popular with automaker assembly lines and certified to perform safety-critical tasks, and other Nexo torque wrenches. According to Nozomi’s research, malicious actors could perform a host of nefarious actions on the pneumatic torque wrenches that could disable the device, display incorrect torque information, install ransomware, and more.

In the lab, researchers could turn off the wrench’s trigger, lock the device, and display a unique message. Hackers could have used the exploits to hold the device at ransom until the victim pays. Bad actors have targeted hospitals, government agencies, and other businesses with ransomware attacks by shutting down critical systems and demanding money.

Nozomi was also able to manipulate the device to display incorrect torque figures. Researchers discovered they could decrease and increase the target torque value while displaying the correct number to the operator, who would have been unaware of the issue. You can imagine the chaos such a hack like this could cause with hundreds or thousands of vehicles made out of spec unbeknownst to the automaker.

Nothing Is Secure:

Car Thieves Getting Destructive In CAN Bus Hacks To Steal Vehicles
General Motors Hacked In Cyberattack, Personal Data Exposed
What do you think?
View
Comments

Researchers found that some vulnerabilities required authorized access to perform, but others were zero-click attacks. Hackers could also upload, download, delete, and read files, inject arbitrary code, perform Denial-of-Service attacks, upload malicious code to the SD card and access sensitive data.

Bosch and Rexroth have already issued advisories about the exploits. The company plans to have the necessary updates for the affected wrenches by the end of the month.

Source: Nozomi Networks via The Record

Share this Story
GO TO COMMENTS
(
)
Got a tip for us? Email: tips@motor1.com

RECOMMENDED FOR YOU

Here's What The Ferrari Luce Sounds Like

Man Sees Mobil 1 Oil At AutoZone Is $44. Then He Sees It’s $26 At Walmart. Then He Revisits AutoZone: 'O'Reilly Will Price Match’

'We Will Do Buttons:' Polestar Promises More Physical Controls In Future Models

Lamborghini Boss: Delaying EVs Was 'The Right Way To Go'

Audi's Futuristic Headlights Are Finally Coming To America

Ferrari Asked Its F1 Drivers About The Luce EV. Here’s What They Said

Android Auto Is Adding Two Major Streaming Services