I refuse to believe there’s much sensitive data on a wrench, but I am curious… Would it be faster to pay the ransom to get the wrench unlocked, or to reflash it?
The fact that they could manipulate the tightness and display output so that it could leave the bolts loose while saying that they aren’t, seems like a bigger problem.
Maybe the ransom was designed to be ongoing. I.e. as soon as you factory reset the wrench, it gets hit again with the same message, and you’d have to find some other part of the network that was messing them up.
Well, yes. There would be a root infection point outside of the wrenches themselves. The entire network would likely need to be inspected before you’d just reflash and move along like everything was better.
Why the fuck does someone need a wrench connected to the internet in the first place?
I went appliance shopping recently and the salesman tried to get me on board with a WiFi connected fridge, his sales pitch was that I’ll get a push notification on my phone when the air or water filter need to be changed, and there’s a camera so if I’m at the store and I can’t remember if I need to buy milk, I can open the camera app and view the inside of my fridge and see my milk level. GTFO, not everything needs to have an app or internet service.
It might measure resistance in a specific way, tell the conveyor belt to move on once a certain parameter happens… I have no idea, but these wrenches are clearly made for manufacturing and not individuals
For normal consumers, it is absolutely a useless and stupid feature.
For safety-critical assembly line and maintenance applications, having the torque wrench networked enables a high degree of auditability. A highly pertinent current example would be the 737 MAX9 fuselage plug issues - if this device were incorporated into production and maintenance processes, it could enable manufacturing and maintenance audits down to the precise torque value used for each fastener, which likely could have prevented the issue entirely. Or… considering the timing, maybe they were being used, and the wrenches were compromised.
Not too lazy to read the article, I think its a stupid feature. For decades industries have managed with high skill employees and manual torque wrenches. Somehow logging torque specs in a data base is going to solve problems or being able to remotely access said data base to make sure the tourque setting is correct? How about hire competent people with the right skills and give them the time they need to do a good job. How about having floor supervisors that actually know, and have done the job they’re overseeing to regularly check the torque specs. Boeing QC and safety has been on a downhill slide for decades, right around the time that the merger with McDonnell Douglas happened.
Right, if your factory is dependant on robotic wrenches for manufacturing, wouldn’t you have that backed up? You probably don’t only have one wrench with the code.
You’d be surprised how often critical tools don’t have backups.
More than once I’ve been to sites where the software needed to service a critical piece of equipment only existed on a single 15+ year old banged up laptop, or a 40+ year old PLC handling a critical part of a production line couldn’t be turned off because there was a risk that it wouldn’t be able to turn back on, and it was EOL’ed over a decade ago but they still hadn’t ported the program to a newer platform.
I would hate to submit a report to a federal agency that said, “we paid the hackers and they said we could use our equipment again.” Wrenches would be trash after this, (maybe send the back to the factory and ask them to recert them).
I refuse to believe there’s much sensitive data on a wrench, but I am curious… Would it be faster to pay the ransom to get the wrench unlocked, or to reflash it?
The fact that they could manipulate the tightness and display output so that it could leave the bolts loose while saying that they aren’t, seems like a bigger problem.
Maybe the ransom was designed to be ongoing. I.e. as soon as you factory reset the wrench, it gets hit again with the same message, and you’d have to find some other part of the network that was messing them up.
Well, yes. There would be a root infection point outside of the wrenches themselves. The entire network would likely need to be inspected before you’d just reflash and move along like everything was better.
Why the fuck does someone need a wrench connected to the internet in the first place?
I went appliance shopping recently and the salesman tried to get me on board with a WiFi connected fridge, his sales pitch was that I’ll get a push notification on my phone when the air or water filter need to be changed, and there’s a camera so if I’m at the store and I can’t remember if I need to buy milk, I can open the camera app and view the inside of my fridge and see my milk level. GTFO, not everything needs to have an app or internet service.
It might measure resistance in a specific way, tell the conveyor belt to move on once a certain parameter happens… I have no idea, but these wrenches are clearly made for manufacturing and not individuals
You could read the article and find out.
If you’re too lazy to read the article:
For normal consumers, it is absolutely a useless and stupid feature.
For safety-critical assembly line and maintenance applications, having the torque wrench networked enables a high degree of auditability. A highly pertinent current example would be the 737 MAX9 fuselage plug issues - if this device were incorporated into production and maintenance processes, it could enable manufacturing and maintenance audits down to the precise torque value used for each fastener, which likely could have prevented the issue entirely. Or… considering the timing, maybe they were being used, and the wrenches were compromised.
Not too lazy to read the article, I think its a stupid feature. For decades industries have managed with high skill employees and manual torque wrenches. Somehow logging torque specs in a data base is going to solve problems or being able to remotely access said data base to make sure the tourque setting is correct? How about hire competent people with the right skills and give them the time they need to do a good job. How about having floor supervisors that actually know, and have done the job they’re overseeing to regularly check the torque specs. Boeing QC and safety has been on a downhill slide for decades, right around the time that the merger with McDonnell Douglas happened.
Modern fridges need filter changed? Our old one just runs.
For ones that have the water spout and ice maker, yes
Air filter though?
Yeah good call, haven’t heard of a fridge with an air filter
It has your location data for the Find My Device app and we both know your wife would love to see where you screwed during lunch break
Right, if your factory is dependant on robotic wrenches for manufacturing, wouldn’t you have that backed up? You probably don’t only have one wrench with the code.
You’d be surprised how often critical tools don’t have backups.
More than once I’ve been to sites where the software needed to service a critical piece of equipment only existed on a single 15+ year old banged up laptop, or a 40+ year old PLC handling a critical part of a production line couldn’t be turned off because there was a risk that it wouldn’t be able to turn back on, and it was EOL’ed over a decade ago but they still hadn’t ported the program to a newer platform.
I would hate to submit a report to a federal agency that said, “we paid the hackers and they said we could use our equipment again.” Wrenches would be trash after this, (maybe send the back to the factory and ask them to recert them).
What manufacturer allows you to reflash equipment?
I’m just speculating here, but because we’re talking about stock firmware and nothing third party, probably many. Maybe not.
The fact that it was able to be flashed with ransomware over the network to begin with, insinuated that flashing is a feature on these devices.