[OP]
Contributor
File this in the category of "ways I never expected my different lives to intersect."
I've spent more hours and days dealing with Russian ransomware and Chinese spies trying to hack our networks and systems than I care to think about. A thankless, nearly impossible, but absolutely necessary job in the hostile world we inhabit. I use wrenches of course, all the time. But hackable network connected wrenches? Didn't see that one coming.
Contributor
I guess that one has to consider anything that connects to a network that has a connection to the internet as potentially hackable. IMO, this is one of the truly scary things about self-driving vehicles, not the self-driving aspect itself.
[OP]
Contributor
I don't disagree, but the hackable part is going to be an issue long before autonomous vehicles are common. Most cars built today are wireless connected, and largely software controlled (which is to say, hackable). European regulations now mandate that new cars be network connected (so the car can make emergency calls), and a host of other digital control systems.Originally Posted by Bill Howatt
Member
They've been around for years. As part of my automation travels (15-ish years ago), I've dealt with them many times and they were already well established. Every nut and bolt in products from a Tier 1 supplier to the automotive industry is torqued and tracked cradle-to-grave. (Tho' I never had to sweat the IT security side of the puzzle.)
Contributor
So if the ChiComs hack into Spirit Aero Systems and mess with the torque settings on the door plug bolts, that can allow it to blow off??
BillL
Moderator
I can see your point for sure. I'm guessing that an application for a "connected" torque wrench is for production environments so that there is a record of the work being done for CYA that doesn't rely on a human writing it down. Hopefully, not to many torque wrenches will get hacked, however.
As an aside and relative to the automotive mention in post 3, my Subaru Ascent is network connected for telemetry and will auto call in the case of an accident. A lot of vehicles in the US have this feature; it's not just the EU, although it's not mandated here.
--
The most expensive tool is the one you buy "cheaply" and often...
Contributor
Oh man. That’s scary. And in some ways it’s more “personal” than attacking major infrastructure (because I could be sitting next to that window).So if the ChiComs hack into Spirit Aero Systems and mess with the torque settings on the door plug bolts, that can allow it to blow off??
BillL
"All that is necessary for the triumph of evil is that good men do nothing."
“If you want to know what a man's like, take a good look at how he treats his inferiors, not his equals.”
Contributor
Funky,I'll have to go back and see if I missed that on one of the listservs
Read an interesting white paper about securing connected vehicles today.
~mike
happy in my mud hut
Contributor
My neighbor is a farm equipment mechanic. He said now machines send an error code to the dealer so they know what's wrong before them go out. Problem is, most times is simply, clogged filter or some other small issue.
[OP]
Contributor
I'm not really surprised, just hadn't ever thought about a wrench as a networkable device. In the hospital world, the equivalent is probably wirelessly connected infusion pumps - simple devices with a simple function, connected for monitoring and maybe remote configuration. The OS and networking capabilities that are adopted into the device to make it a digital platform are far more complex and vulnerable than the actual digital functions of the device. We have thousands of them, because pretty much every hospital patient and every clinic patient undergoing an invasive procedure has an IV. They are a direct threat to patient safety if hacked, but more importantly, they represent a threat vector for getting an "owned" machine on a trusted network segment, where it can be used as platform for further penetration.
[OP]
Contributor
Yup. Very common in mining and heavy construction equipment as well. And jet engines (IIRC, the missing Malaysian Flight over the Indian Ocean some years ago was partially tracked by the pings of its operating engines "phoning home" to Rolls Royce in England). In medicine, all kinds of machines "phone home" from CT scanners on up to entire buildings dedicated to proton beam therapy, where the particle accelerator and related equipment is remotely monitored and maintained by the manufacture in Japan.
Contributor
Networked devices on a factory floor should be on an isolated network with no Internet access. That doesn't 100% stop networked devices from getting malware or ransomware. The whole reason for torque wrenches to have network access is so they can log each fastener they torque to prove the fastener was properly torqued.
One of my projects in 2023 was to isolate a number of manufacturing systems for my employer.
[OP]
Contributor
If by that you mean the separate network itself should have no internet access, I sincerely doubt the practicality of that in the modern world. First, because keeping a network isolated when other networks in the same premises are connected is extraordinarily difficult Every such "air gapped" network I've ever encountered outside some national security facilities, proved when red-team attacked, to actually be connected. Maybe control of the environment is strong enough in some manufacturing settings to pull it off; it never was in any I've encountered. Second, because in most industries, the prevalence of partner-connected devices is exploding. Those devices need network paths to the outside world. As I mentioned elsewhere, by way of example, I've seen proton beam treatment facilities (which operate much like a factory building custom-variable inventory in terms of operational needs, and quality-control considerations) that required connectivity from hospitals in the United States to a manufacturer in Japan.
Member
The 'hackable surface area" in industry and our homes has exploded in recent years. The Chinese make and distribute to the USA (et.al.) a Wi-Fi-equipped clothes iron with enough CPU horsepower and memory to land on the moon. ...Why? Folks, let's break out the tinfoil hats!
Mr. Elfert's efforts to keep Internet access off the factory floor may be wise but incredibly difficult in practice today. Everything from firmware updates to maintenance and trouble-shooting assistance from the (tool) manufacturers may need internet access. We just have to evaluate the potential cost...
I work for the largest hacking target in the world today (excepting the US government), so our facilities, tho' normally integrated across the world, are designed to be air-gapped and we run each as a stand-alone automation island after an 'event'.
Our rental equipment generally has a cell modem so it can 'phone home' on a fault and the provider can dispatch a Tech. That modem means it doesn't swap spit with our network; as much as I want or need to integrate the data onboard, it all has to come in via hardwired analog/discrete IO. ...Or we nuke the cell modem.
20years ago I couldn't spell firewall, now I carry a couple in my backpack.
And you thought the Nigerian prince was a PITA.
Contributor
The equipment I work on, which you probably actually use if you work in the industry I believe you do, has moved from physical media, on-site firmware/software updates to downloading these via SSL. This was, as I recall, a customer demand. They didn't want service engineers on their floor.
So I agree, in many environments having a completely air-gapped environment is extremely difficult outside of a SCIF. FWIW, I'm not sure a modem is inherently more secure anyway. Neither is Target
~mike
happy in my mud hut
Posting Permissions
Reply With Quote
