Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎01-21-2024 12:09 AM
‎01-21-2024 12:09 AM

Network connected Wrenches connected via the Internet vulnerabilities

Hi All

 

Well anything that is connected to internet is fair game as they say, regardless of whether it is via IoT or a wireless connection:

 

https://arstechnica.com/security/2024/01/network-connected-wrenches-used-in-factories-can-be-hacked-...

 

Regards

 

Caute_Cautim

Reply
3 Replies
JoePete
Advocate I
‎01-21-2024 10:35 AM
‎01-21-2024 10:35 AM

The common reaction might be "Why would anyone make a networked wrench to begin with?" but I think we could run down an lengthy list of consumer products that have this failing. For example, I am not sure they are still on the market, but there were Internet connected diapers at one point that would inform an app (and presumably parents) of when it was wet.

 

I'm sure on the surface someone thought of the positive of making torque wrenches that could be centrally managed, calibrated, etc., but it is hard to imagine those processes, which now increase cost and risk, are a vast improvement over the manual processes that have worked since the dawn of industrialization with risk that is more quantifiable and manageable. While this story may seem a security novelty, it really sheds light on a larger discussion, such as those about AI. Just because we have technology replace of mimic human actions. It doesn't necessarily mean it will be more efficient, especially once we account for all the risks.

Reply
Caute_cautim
Community Champion
‎01-21-2024 06:15 PM
‎01-21-2024 06:15 PM

@JoePete 

 

 

I agree, and it also makes any device, tool etc prone to additional vulnerabilities.

 

Because it raises the question, who is going to patch and update these systems to ensure they can be migrated to Post Quantum Cryptography (PQC) algorithms in the near future? 

 

Regards

 

Caute_Cautim

Reply
denbesten
Community Champion
‎01-22-2024 12:14 AM
‎01-22-2024 12:14 AM

@JoePete wrote:

The common reaction might be "Why would anyone make a networked wrench to begin with?"

Manufacturers record lots of detail for the items they manufacture.  These records become very important when failures occur and one needs to discover what may or may not have been done and to which serial numbers.

 

For example, if you were an airline manufacturer, you might find it particularly useful right now if you could verify that the torque wrench was cycled 4 times during door installation and that the torque spec was in range each time.  Recording this information manually is failure prone either due to error or laziness.  Scanning the chassis bar code and then having the wrench upload its data both improves efficiency and makes it much harder to falsify records.

 

And this knowledge can help narrow down the dates during which things may have been installed wrong, reducing the scope of inspections to a few dozen planes instead of all 1420 hat have been made.

 

But yes, stuff like this has no business having unrestricted Internet access.  Instead, access should be limited to the databases where it gets its work instructions and to where the results are archived.

Reply