Security researchers have discovered that hackers may be able to cause mayhem by hijacking torque wrenches that are connected to Wi-Fi in car factories. According to experts, network-connected wrenches used worldwide are now vulnerable to ransomware hackers, who can manipulate their functions and gain unauthorized access to the connected networks through manipulating their functionalities.
In a report published on Tuesday by security company Nozomi Networks, 25 vulnerabilities were found in Bosch Rexroth's operating system. Hackers can compromise Bosch's pneumatic torque wrenches through the embedded Wi-Fi module in their hardware by exploiting these software bugs. These hacks could allow them to interfere with the customer's IT network.
It has been demonstrated that Nozomi researchers have successfully installed ransomware on Bosch wrenches to determine the severity of the vulnerabilities. As well as this, it has been reported that the graphical user interface (GUI) of the application could be altered to display any message that requested a ransom payment on the screen, the company said.
The Bosch network wrenches have been widely used by manufacturers and service stations all over the world for many years, but this makes them a significant risk, as any flaw in these tools may lead to the destruction of entire facilities, and even result in fires.
It is reported in the Nozomi report that Bosch's NeXo-OS-based devices can be controlled by way of a web-based online management interface, with a Wi-Fi module, making them susceptible to malware spread, including ransomware.
According to researchers at the industrial cybersecurity firm Nozomi Networks, mechanical wrenches can often be found in manufacturing facilities that perform safety-critical tightening tasks, particularly automobile production lines.
While the Bosch Rexroth NXA015S-36V-B nut runner/pneumatic torque wrench has not yet been exploited by malicious hackers, the researchers said that the vulnerabilities in the machine have not been exploited yet.
However, this discovery illustrates the fact that malicious hackers have access to manufacturing processes in a variety of ways.
As a result of this, the researchers explained that the final torque levels applied to mechanical fastenings have been compromised, resulting in a compromise in operational performance as well as safety measures.
The Nozomi Networks devices are natively capable of supporting custom protocols from Volkswagen and BMW, as well as several other car manufacturers as well. Bosch's spokesperson said that Nozomi Networks notified the company several weeks ago about these issues, according to the spokesperson.
It was Dan Goodin of Ars Technica who published a paper explaining how network-connected wrenches have these vulnerabilities in a detailed way. In addition to the Cisco, Datto, HPE, and Juniper Networks wrenches, similar vulnerabilities exist in other companies, which could serve as an avenue for ransomware to be spread if these vulnerabilities remain unresolved for too long.
To exploit the vast majority of these vulnerabilities, an attacker would first need to gain access to the device management interface that is available on the web. A malicious code can be uploaded to a sensitive directory, where it will then be executed, even by an attacker with access to low-available privileges. The attacker can exploit this flaw, known as a traversal vulnerability, which allows malicious code to be uploaded to sensitive directories and then executed.
Despite the traversal flaw, it is still possible for users to hack unauthenticated devices by exploiting it along with other vulnerabilities, such as hardcoded accounts, to exploit the device.
The possibility of potential mass exploitation of these vulnerabilities do not seem likely at all.
A ransomware attacker who has managed to gain entry to a network has more likely access to more effective means of escalating their privileges and causing outages and destruction if they gain a foothold on it. It is likely enough to disable wrenches in bulk if there are no other potential vulnerabilities, to satisfy the requirements of the attack.
A hacker acting on behalf of a nation-state or hacktivist targeting an adversary who is motivated by social activism could also exploit the vulnerabilities as a means to disrupt or sabotage an adversary's operations if they are backed by a nation-state or hacktivist group.
Regardless of what the likelihood may be, it would be wise for all users to install patches once they become available so that work can be stopped or critical settings can be altered by malicious individuals to reduce the risk of work stoppages or tampering