The latest piece of tech that can unexpectedly be hacked: a 'nutrunner' wrench, which had over 20 vulnerabilities that'll be patched out in January
I really feel like we're nudging towards the Cyberpunk: 2077-style future where netrunner hackers will basically become wizards, able to explode just about anything with a few lines of rogue code. Okay—the reality may be far more boring, but considering they put DRM in trains a while back I'm crossing my fingers for cyber sorcerers in the next few decades.
The latest in this list of surprisingly hackable tech? TheBosch Rexroth NXA015S-36V-B—also called a nutrunner, which is a type of torque wrench that came into use nearly 100 years ago and just so happens to share a lot of letters with 'netrunner'. We live in a world of beautiful coincidences.
As detailed in a report by the security firm Nozomi. A squad of security experts found a whopping 25 different vulnerabilities in the wrench, which wirelessly connects to a manufacturer's internal network. Also, it runs on Linux—or, well, the Linux-based NEXO-OS.
Unlike the superfluous anti-competitive nonsense applied to those Polish trains, the Nutrunner's always-online wrench software is actually there for a good reason. Having access to an application allows engineers to adjust the final torque levels of fastenings to a granular degree, which is important for everyone's safety.
«As an example,» the report reads, «bolts, nuts and fixtures used in electrical switchboards must be torqued appropriately to ensure that connections between current carrying components, such as high voltage busbars, maintain a low resistance. A loose connection would result in higher operating temperatures and could, over time, cause a fire.»
While the sentence 'there's a hackable wrench' is very funny, the potential security risks here are serious to a harrowing degree. There's the business side of things, of course—Nozomi thinks that these vulnerabilities could be used for ransomware attacks.
A more disturbing possibility is that these weak spots would «allow the threat actor to hijack tightening programs while manipulating the onboard
Read more on pcgamer.com
