Bosch Issues Urgent Patches for Security-Compromised Torque Wrenches

By Consultants Review Team Friday, 19 January 2024

Bosch, a prominent technology and engineering company, is swiftly responding to security concerns surrounding its torque wrenches, initiating urgent software patches to address vulnerabilities recently exposed by Nozomi Networks. Specifically, the Bosch Rexroth NXA015S-36V-B nutrunner, widely utilized in automaker assembly lines for safety-critical tasks, was found to be susceptible to potential hacking threats.

Nozomi Networks, a cybersecurity research firm, discovered several vulnerabilities in the torque wrenches, capable of compromising their functionality. The issues ranged from disabling the device and displaying inaccurate torque information to the more severe possibility of ransomware installation. The concerns extend beyond mere disruption, as these wrenches play a crucial role in ensuring precision and safety in automotive manufacturing.

Researchers were able to manipulate the torque wrench in the lab, demonstrating scenarios where the device's trigger could be disabled, the unit could be locked, and misleading messages could be displayed. Of significant concern was the revelation that hackers could manipulate torque figures without alerting the operator, potentially leading to the production of vehicles out of specification. Such discrepancies could pose serious risks in terms of safety and quality for the automotive industry.

These vulnerabilities were not limited to scenarios requiring authorized access; some were identified as zero-click attacks, enabling hackers to execute actions such as uploading, downloading, deleting, and reading files. Additionally, the potential for injecting arbitrary code, conducting Denial-of-Service attacks, uploading malicious code to the SD card, and accessing sensitive data raised alarming security implications.

In response to these findings, Bosch and Rexroth promptly issued advisories, outlining the potential risks and urging immediate action. The companies are actively working on developing and releasing necessary software updates to fortify the security of these widely used torque wrenches. The urgency of the situation underscores the critical role these tools play in automotive production and the necessity of robust cybersecurity measures in their design and implementation.

Current Issue