Subscribe
The Internet of Shit is a wondrous place, and today we have a new entrant in the competition for most absurd insecure device: Researchers have found 23 different vulnerabilities in an internet-connected wrench and, as a proof-of-concept, locked the wrench by installing ransomware on it.
The news was first reported by Ars Technica’s excellent Dan Goodin, who has a nice writeup over there. In a post explaining their work, hackers at Nozomi Network Labs said they were able to break into the Bosch Rexroth NXA015S-35V-B, a network-connected wrench used most often in car manufacturing. The device is slightly less absurd than it sounds because, when working correctly, it allows workers to quickly torque bolts to specific tightnesses.
The researchers wrote that “these vulnerabilities could make it possible to implant ransomware on the device, which could be used to cause production line stoppages and potentially large-scale financial losses to asset owners. Another exploitation would allow the threat actor to hijack tightening programs while manipulating the onboard display, causing undetectable damage to the product being assembled or making it unsafe to use.”
This is relatively lofty rhetoric for a theoretical attack, but I suppose it’s worth mentioning that we currently live in a world where airplane doors fall off mid-flight, and loose bolts have been discovered on other Boeing jets.
In their paper, the researchers were able to get root privileges on the wrench, and installed a type of ransomware they invented called “DR1LLCRYPT.”
“We were able to make the device completely inoperable by preventing a local operator from controlling the drill through the onboard display and disabling the trigger button,” they wrote. “We could alter the graphical user interface (GUI) to display an arbitrary message on the screen, requesting the payment of a ransom. Given the ease with which this attack can be automated across numerous devices, an attacker could swiftly render all tools on a production line inaccessible, potentially causing significant disruptions to the final asset owner.”
The researchers were able to leverage vulnerabilities in the NEXO-OS operating system that the wrench runs on and, specifically, found most of the 23 vulnerabilities in the “management web application,” a computer program that can be used to tweak settings in the wrench.
Nozomi said that the vulnerabilities have still not been patched, but that Bosch promises to fix them by the end of January. Bosch told Ars Technica that it “is working on a patch to solve the problem.” The researchers wrote in their post that “As these vulnerabilities, primarily in the NEXO-OS operating system, have yet to be patched, we will not reveal any technical details in this blog.”
