Hackers can infect network-connected wrenches to install ransomware | Researchers identify 23 vulnerabilities, some of which can exploited with no authentication - eviltoast

Hackers can infect network-connected wrenches to install ransomware | Researchers identify 23 vulnerabilities, some of which can exploited with no authentication::Researchers identify 23 vulnerabilities, some of which can exploited with no authentication.

  • ricecake@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Not an industrial process engineer, so I can’t tell you all the possible reasons, but in general it works out well to assume that people have a reason for why they do stuff, and doubly that you probably can’t do someone’s job better than them with 10 minutes of thinking.

    My initial guess would be that you want the system to record “yes, I tightened these bolts”, and then you want that record to have a matching “I inspected these bolts and they were correct” follow-up entry.
    My next thought would be what you do if the sticker falls off. In the sticker only solution, you have to look up the part, and then enter the parameters into the tool. In the networked system, you look up the part and then the system programs the tool. Automatic is going to be faster and have less errors. Both of those improve product quality and save money, through time, not having to fix error, or having to dispose of parts that were made incorrectly and can’t be salvaged.

    The existence of a vulnerability is very different from the exploitation of that vulnerability.
    You fix the vulnerability, but you don’t need to worry too much when a prerequisite is that the attacker has already gained a privileged position in the system.

    This is “oof” not “oh shit”.

    • captainlezbian@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I am that kind of engineer and yep that’s why I’d use them. And yeah the hacker that has your wrench probably has your assembly line and server too.