Bosch’s Subsidiary Rexroth Upgrades Nutrunners for Automaker Security Against Hackers
The number of internet-connected devices has significantly expanded in recent years. It appears that virtually any object capable of displaying information and equipped with a Wi-Fi component is being connected to the web in order to provide advanced functionalities and receive regular updates. However, this increased connectivity also brings about potential security risks, as these devices can be easily compromised by hackers. A current example of this is Rexroth, a subsidiary of Bosch, which is currently addressing vulnerabilities in its torque wrenches. In response to researchers’ findings that the tools could be remotely controlled by malicious actors, Rexroth is preparing to release a software update to fix the issue.
Nozomi Networks recently uncovered a multitude of flaws in the widely used Bosch Rexroth NXA015S-36V-B nutrunner, as well as other Nexo torque wrenches commonly found on automaker assembly lines. These wrenches are certified to carry out critical safety tasks, but Nozomi’s investigation revealed that they are vulnerable to a range of malicious activities. A potential attacker could exploit these vulnerabilities to disable the device, manipulate torque readings, or even deploy ransomware.
In the laboratory, scientists were able to disable the trigger on the wrench, secure the apparatus, and present a distinct notification. The exploits could have been utilized by cyber criminals to extort money from victims by holding the device hostage. Malicious individuals have focused on hospitals, governmental organizations, and other enterprises through ransomware assaults aimed at crippling vital systems and requesting payment.
Nozomi had the cunning ability to alter the device’s torque measurements. Scientists stumbled upon the realization that they could reduce or amplify the desired torque setting, yet still present the accurate amount to the operator, who would have been none the wiser. One can envision the havoc this type of manipulation could create if hundreds or even thousands of cars were being produced with faulty specifications, without the automaker’s knowledge.
A recent study discovered that certain weaknesses necessitated authorized approval to execute, while others were able to be exploited without any action from the user. Additionally, cybercriminals had the ability to manipulate, transfer, delete, and access files, inject unrestricted code, conduct Denial-of-Service assaults, implant malicious code onto the SD card, and obtain confidential information.
Bosch and Rexroth have already released warnings regarding the vulnerabilities. The corporation intends to provide the required updates for the impacted wrenches by the conclusion of this month.
Source: Nozomi Networks via The Record