Hackers can infect network-connected wrenches to install ransomware | Researchers identify 23 vulnerabilities, some of which can exploited with no authentication::Researchers identify 23 vulnerabilities, some of which can exploited with no authentication.

  • MechanicalJester@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    10 months ago

    But of a slippery slope. What else do we need to encode?

    A barcode doesn’t have enough bits to be unique and also contain useful information. It’s just a unique identifier that can be used to look up a wide variety of information.

    For bolts, it could be metal grade, thread pitch, load ratings, manufacturer info etc

    • merc@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      Also, say Boeing discovered that the doors were flying off their airplanes because the specified torque was too low for the bolts. If the barcode contained the torque, the barcodes would all have to be replaced. If the barcodes point to a database entry that contains the correct torque, you can update the DB and the wrenches will get the new value when they look it up.

      Having said that, this should definitely be an air-gapped system. There’s no need for the wrenches to be able to talk to Bing or OnlyFans. It shouldn’t just be behind a firewall, because, again, it’s not like the wrenches only need to access someof the Internet, they really never need the Internet, just the local network.

      I’m not a network engineer, but my guess is that a good network engineer could design a network that makes it really unlikely that a wrench ever exchanges packets with the real Internet. For example, design a flat network and use a very small TTL so that even if somehow the Internet is connected to the network the wrenches live on, the packets expire before they leave the local network.

      If you can’t isolate and protect the network you’re using, you’re just asking for trouble, because that means that every single piece of industrial equipment with a TCP/IP stack is properly patched and hardened against the latest vulnerabilities.