Industrial Tools under Attack: The Crucial Role of Cybersecurity Providers

Researchers at Nozomi Networks revealed that the Bosch’s NXA015S-36V-B pneumatic torque wrench manufactured by subsidiary Rexroth could be exploited by malicious actors via planting ransomware or controlling the wrench. Under the possible scenario, malicious actors could stop production lines or “compromise the safety of the assembled product by inducing suboptimal tightening, or cause damage to it due to excessive tightening,” Nozomi Networks proclaimed. The Bosch torque wrench is predominantly used in automobile production lines for safety-critical tightening tasks. The power wrench is able to connect to the manufacturing facilities’ local Wi-Fi network in order to be programmed remotely, while providing real-time data and other indicators to users. Nozomi researchers emphasized that unauthorized attackers increasingly exploit interconnected industrial computer systems, providing potential entry points to hijack the production line or implant ransomware on industrial devices. Attackers can stay in industrial environments for long periods undetected, leading to covert manipulation of industrial tools and software programs.

The NXA015S-36V-B nutrunner supports custom protocols from BMW and Volkswagen, while other car manufacturers might also use the wrenches. Nozomi emphasized that if the wrenches are infiltrated, numerous attack scenarios could then evolve, including shutting down the wrenches or manipulating its configurations. Bosch published an advisory warning customers of the potential vulnerabilities. Most of the vulnerabilities are linked to the Linux-based NEXO-OS operating system, but Nozomi has yet to release patches.   

The vulnerabilities in industrial devices such as Bosch’s mechanical torque wrenches are a wakeup call that cyberattacks in the industrial environment have tangible repercussions that could lead to physical consequences. This, in turn, could lead to factory downtime, or the payout of hefty amounts in the case of ransomware attacks. In manufacturing settings, faulty tools could lead to flawed products that could lead to legal or reputational risks for industrial organizations and tool providers.

Additionally, the connected nature of today’s industrial environment means such breaches could cause cascading effects in the entire industrial system, leading to manufacturing complications and significant financial loss. In a worst-case scenario, hackers could gain control of the physical environment and pose threats to personnel’s health and safety. The blurring of physical and digital realms alludes to the fact that solely focusing on physical security in industrial settings does not contribute to a holistic security strategy. The same is true about a digital-only security approach. A comprehensive strategy must address both areas by deploying network segmentation, regular patches, and security audits, and performing real-time monitoring for both digital breaches and unauthorized physical access to sensitive networks, tools, and sensitive areas of the factory.

The role of dedicated cybersecurity vendors is critical to address threats in their nascent stages. In this recent case, the specialized knowledge of a cybersecurity vendor identified the possible threat before malicious actors could seize the opportunity to take advantage of the vulnerability. Vendors such as Nozomi Networks can assess vulnerabilities and perform security audits, while other dedicated industrial vendors such as Palo Alto Networks (PANW), provide technologies to gain visibility to OT assets, their vulnerabilities and segment sensitive industrial environments from Information Technology (IT) systems.

The case in point underscores the importance of regular software updates, and patches, where needed. The incident also demonstrates the need for a proactive approach toward cybersecurity. Instead of embracing a defensive posture toward threats after they arise, organizations should mitigate potential dangers by working with reputable and skilled cybersecurity providers capable of identifying vulnerabilities before malicious actors become aware of them.