Hackers can infect network-connected wrenches to put in ransomware

Photo of author

By Calvin S. Nelson

Enlarge / The Rexroth Nutrunner, a line of torque wrench offered by Bosch Rexroth.

Bosch Rexroth

Researchers have unearthed almost two dozen vulnerabilities that would enable hackers to sabotage or disable a well-liked line of network-connected wrenches that factories world wide use to assemble delicate devices and gadgets.

The vulnerabilities, reported Tuesday by researchers from safety agency Nozomi, reside within the Bosch Rexroth Handheld Nutrunner NXA015S-36V-B. The cordless system, which wirelessly connects to the native community of organizations that use it, permits engineers to tighten bolts and different mechanical fastenings to express torque ranges which are essential for security and reliability. When fastenings are too free, they threat inflicting the system to overheat and begin fires. When too tight, threads can fail and lead to torques which are too free. The Nutrunner supplies a torque-level indicator show that’s backed by a certification from the Affiliation of German Engineers and adopted by the automotive business in 1999. The NEXO-OS, the firmware working on gadgets, may be managed utilizing a browser-based administration interface.

NEXO-OS's management web application.
Enlarge / NEXO-OS’s administration internet utility.


Nozomi researchers stated the system is riddled with 23 vulnerabilities that, in sure instances, may be exploited to put in malware. The malware may then be used to disable total fleets of the gadgets or to trigger them to tighten fastenings too loosely or tightly whereas the show continues to point the essential settings are nonetheless correctly in place. B

Bosch officers emailed a press release that included the same old platitudes about safety being a high precedence. It went on to say that Nozomi reached out just a few weeks in the past to disclose the vulnerabilities. “Bosch Rexroth instantly took up this recommendation and is engaged on a patch to resolve the issue,” the assertion stated. “This patch will probably be launched on the finish of January 2024.”

In a put up, Nozomi researchers wrote:

The vulnerabilities discovered on the Bosch Rexroth NXA015S-36V-B enable an unauthenticated attacker who is ready to ship community packets to the goal system to acquire distant execution of arbitrary code (RCE) with root privileges, utterly compromising it. As soon as this unauthorized entry is gained, quite a few assault eventualities develop into potential. Inside our lab surroundings, we efficiently reconstructed the next two eventualities:

  • Ransomware: we have been in a position to make the system utterly inoperable by stopping a neighborhood operator from controlling the drill by the onboard show and disabling the set off button. Moreover, we may alter the graphical person interface (GUI) to show an arbitrary message on the display, requesting the cost of a ransom. Given the benefit with which this assault may be automated throughout quite a few gadgets, an attacker may swiftly render all instruments on a manufacturing line inaccessible, probably inflicting important disruptions to the ultimate asset proprietor.
A PoC ransomware running on the test nutrunner.
Enlarge / A PoC ransomware working on the check nutrunner.


  • Manipulation of Management and View: we managed to stealthily alter the configuration of tightening packages, comparable to by growing or lowering the goal torque worth. On the similar time, by patching in-memory the GUI on the onboard show, we may present a traditional worth to the operator, who would stay utterly unaware of the change.
A manipulation of view attack. The actual torque applied in this tightening was 0.15 Nm.

A manipulation of view assault. The precise torque utilized on this tightening was 0.15 Nm.

Leave a Comment