Researchers have discovered nearly two dozen vulnerabilities that could allow hackers to damage or disable a popular line of network-connected wrench tools used in factories around the world to assemble sensitive instruments and equipment.
Researchers at security firm Nozomi reported on Tuesday that the vulnerabilities exist in the Bosch Rexroth handheld nut runner NXA015S-36V-B. The wireless device connects wirelessly to the local network of the business using it, allowing engineers to tighten bolts and other mechanical fasteners at precise torque levels critical to safety and reliability. If the fasteners are too loose, it could cause the equipment to overheat and cause a fire. When too tight, the threads will fail, resulting in too much loose torque.
Nutrunner offers a torque level indication display that was certified by the German Society of Engineers and adopted by the automotive industry in 1999. The firmware NEXO-OS running on the device can be controlled through a browser-based management interface.
Researchers at Nozomi said the device had 23 vulnerabilities that could, in some cases, be exploited to install malware. Malware could then be used to disable an entire fleet of devices, or cause devices to be tightened too loosely or too tightly, while the display continues to show that key settings are still correctly in place.
Bosch officials emailed a statement that included the usual line that safety is a top priority. The statement also said that Nozomi proactively contacted Bosch several weeks ago to disclose the vulnerabilities. "Bosch Rexroth immediately adopted this recommendation and is developing a patch to resolve the issue. The patch will be released by the end of January 2024," the statement said.