• INeedMana@lemmy.world
    link
    fedilink
    English
    arrow-up
    182
    arrow-down
    2
    ·
    10 months ago

    network-connected wrenches

    Do wrenches really need to be networked? Honest question

    • partial_accumen@lemmy.world
      link
      fedilink
      English
      arrow-up
      108
      arrow-down
      6
      ·
      edit-2
      10 months ago

      Do wrenches really need to be networked? Honest question

      A network-connected wrench can be a component of process improvement or quality improvement.

      Imagine network wrench situation:

      “Ed, Jim is on door install duty today right? I thought so. The system threw an alarm for his work. The last two doors he’s installed were under-torqued by 50 lbs on each bolt. Head down to production line four where he is, and get him sorted out.”

      Imagine non-network wrench situation:

      “The FAA has grounded all Boeing 737 Max 9 jets today after a massive decompression event occurred on Alaska Airlines at 16,000 ft. The door plug blew out of the jet at altitude. United Airlines has reported, after inspection, loose bolts the door plug of several of its Boeing 737 Max 9 jets as it continues to inspect every one if its 79 jets in its fleet.”

      Do wrenches really need to be networked? Honest question

      • Zron@lemmy.world
        link
        fedilink
        English
        arrow-up
        76
        arrow-down
        8
        ·
        10 months ago

        The moment my wrenches at work need to be connected to WiFi so some bean counting manager can come lecture me about every nut and bolt I work on, is the moment I wheel my tool cart into the woods and setup a shack.

        • Alto@kbin.social
          link
          fedilink
          arrow-up
          47
          arrow-down
          1
          ·
          10 months ago

          Good thing they’re primarily talking about things such as aircraft, where this level of analness is sort of the bare minimum.

        • partial_accumen@lemmy.world
          link
          fedilink
          English
          arrow-up
          15
          arrow-down
          5
          ·
          10 months ago

          Prior generations likely said the same thing about putting video cameras in service bays. I know I said something similar if my employer ever required my fingerprints (for unskilled work). Yet both are commonplace today.

          • otp@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            8
            ·
            10 months ago

            Those cameras saved my ass more often than not.

            Also had them in my classrooms as a teacher and it was great. Not only was I able to close a door to help a single student, but it made a great thing to point to whenever kids were acting up! Lol

          • PinkPanther@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            10
            arrow-down
            10
            ·
            10 months ago

            There’s no such thing as “unskilled work”. I’d no skill was required, why do you need to gave training to do it? Cooking burgers at McDonald’s? You need to know how long the burgers are to be cooked on each side. Stop calling certain jobs “unskilled”.

            • Alexstarfire@lemmy.world
              link
              fedilink
              English
              arrow-up
              12
              ·
              10 months ago

              There’s a big difference between needing 6+ months of training and needing only a day or two of training.

              • azertyfun@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                11
                ·
                10 months ago

                Yeah, pretending there’s no distinction is just stupid. Even from a leftist theory perspective, MDs don’t face the same struggles or need the same regulatory oversight to protect their rights as burger flippers.

                Like, if they’re pissed at the term “unskilled” they’re welcome to propose an alternative but there’s obviously a meaningful difference.

              • BearOfaTime@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                10 months ago

                minutes of training for things like making a burger at McD’s. You just follow the info graphic.

                It’s unskilled work, in that it requires no specialized skill.

            • partial_accumen@lemmy.world
              link
              fedilink
              English
              arrow-up
              13
              arrow-down
              2
              ·
              10 months ago

              Stop calling certain jobs “unskilled”.

              Okay, how about “a level of competence most human beings have that an employer can spend a only a few hours of training with that person that the person will attend a level of acumen they can perform the job function.” Its kind of wordy, does that help?

            • BearOfaTime@lemm.ee
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              10 months ago

              Hahahahshsha

              So pressing the button on the timer built into the fryer, since the 70’s, is now skilled work?

              There’s lots of unskilled work out there. I’ve done lots of it. From digging ditches to fast food to loading trucks and delivering parts.

              None of those jobs require more than a few minutes of training, therefore “unskilled”. And fast food today is even more unskilled… Just follow the diagram in front of you. And you don’t make the burgers in fast food, they come in pre-made in boxes, usually frozen, and you load em up on the automatic cooking device (varies by company). I believe Wendy’s still grills their burgers, using a timer and a rotation methodology, so no skill rewuired.

              Hell, even being a line cook is unskilled, and that can be a really demanding job from a time management perspective (I’ve been a line cook).

              I’ve worked for the top 3 fast food places, a number of smaller restaurants, and a bunch of other jobs. I’ve had somewhere approaching 40 jobs in my life. Lots out there is unskilled.

      • SuddenlyBlowGreen@lemmy.world
        link
        fedilink
        English
        arrow-up
        18
        ·
        10 months ago

        Imagine non-network wrench situation:

        “The FAA has grounded all Boeing 737 Max 9 jets today after a massive decompression event occurred on Alaska Airlines at 16,000 ft. The door plug blew out of the jet at altitude. United Airlines has reported, after inspection, loose bolts the door plug of several of its Boeing 737 Max 9 jets as it continues to inspect every one if its 79 jets in its fleet.”

        What’s the ratio of boeing door decompressions to IoT devices being hacked?

      • Adderbox76@lemmy.ca
        link
        fedilink
        English
        arrow-up
        15
        arrow-down
        2
        ·
        10 months ago

        So in other words, a dystopian nightmare where, for the sake of paying as low of wages as possible, corporations would rather use technology to oversee stupid employees instead of actually TRAINING and INCENTIVIZING actually qualified people.

        • partial_accumen@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          2
          ·
          10 months ago

          Using technology to overcome human mistakes is happening right now in hundreds of other industries.

          corporations would rather use technology to oversee stupid employees instead of actually TRAINING and INCENTIVIZING actually qualified people.

          Of course, its cheaper.

          • Adderbox76@lemmy.ca
            link
            fedilink
            English
            arrow-up
            5
            ·
            10 months ago

            What began with self-checkout machines will inexorably expand into the more professional realm with tools like AI

            • KairuByte@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              10 months ago

              The funny thing is, some companies are moving away from self checkouts because of “honest mistakes” by customers.

        • BearOfaTime@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          10 months ago

          Humans make mistakes with tools like this, and with the tracking systems.

          BTDT with stuff completely unrelated but requiring verification and validation steps and initials. Mistakes will happen.

          Having a tool that’s configured specifically and can document the torque applied for every bolt makes a lot of sense. I’ve assembled stuff with 30 fasteners and had to check and recheck torque, because, being human, it would be easy for me to miss one, or not read the rorque wrench properly (if using a bar type), or mis-set it if it’s a click type.

          Nevermind the time it takes me to verify the value, set/check the tool, etc. It’s clearly about reducing errors with a repetitive task and providing a record of the torque values. The folks using these tools probably really appreciate it, I would, and the stuff I’ve done is trivial in comparison.

          The only problem with this system is the lack of planning for proper security. Firmware update able remotely is just silly. Add in the number of vulnerabilities… Sheesh.

          OK, remotely updateable could be useful, but it should require a long password and a cryptographic pin (like the old SecurID devices that generated a pin once a minute) that is managed by multiple people, and the devices should only permit updates from a specific piece of hardware on the company network (say a vendor supplied firmware update injector) that has a hardware ID. So when devices are on boarded they get paired with that device and maybe a secondary. So it requires a pairing process that can only be done with physical proximity, combined with device IDs and a password/pin pair that’s cryptographically generated, and managed by a system requiring at least two people to check out the password from the repository.

          Hell, I just thought up all this on the spot. I’m sure others did too, and got shot down by management.

      • LilB0kChoy@midwest.social
        link
        fedilink
        English
        arrow-up
        8
        ·
        10 months ago

        Why not have a two stage torque process?

        I know aerospace ≠ automotive but many years ago I worked in a shop and any time the wheels came off a vehicle the mechanic/tech torqued the lug nuts to spec, then a second person independently verified and re-torqued the lug nuts.

        It seems like adding a network connection and all that goes with it also introduces additional points of failure, no?

        • KairuByte@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          2
          ·
          10 months ago

          While a second person would indeed reduce the number of issues, it’s still another human to fuck things up. What if the second person is lazy? Or they get tired of checking every door because “it’s never been off before, why would it be off now?”

          Human error caused the issue in the first place, why are we assuming a human will always find and fix the problem on a second pass?

          • LilB0kChoy@midwest.social
            link
            fedilink
            English
            arrow-up
            8
            arrow-down
            2
            ·
            10 months ago

            Human error caused the issue in the first place, why are we assuming a human will always find and fix the problem on a second pass?

            I’m not sure why you should trust a piece of technology to be infallible.

            I mean, if a networked tool can be hacked then should it be trusted to be accurate? How do you know it hasn’t been hacked and maliciously modified to report correct torque even when wrong?

            Didn’t GM just suspend sales of their new cars without CarPlay because their new system had software issues? Trust a company trying to save money to skimp on the implementation costs of any technology they put in place too.

            • FordBeeblebrox@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              ·
              10 months ago

              It’s not so much the technology as the people running a business that worry me, VW programming emission modes is a great example. Relying on companies to regulate safety is a sure fire way to get corners cut so they can make a cent. The network wrench may be a good idea but only if regulated by the FAA and not the company.

            • KairuByte@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              6
              arrow-down
              1
              ·
              10 months ago

              Not at all. A human plus a computer is going to be less prone to mistakes than a human plus a human though.

              • A_Random_Idiot@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                10 months ago

                In my experience its more prone to mistakes, because people just accept what computers tell them as infallible unless its something so massively, egregiously wrong that it shatters what little common sense they have… and even then its only 50/50.

        • partial_accumen@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          10 months ago

          then a second person independently verified and re-torqued the lug nuts.

          Labor costs are likely the highest input. That solution doubles labor costs for that process.

          • LilB0kChoy@midwest.social
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            1
            ·
            edit-2
            10 months ago

            Hard to hack a person. Sounds like sacrificing security to save a buck if that’s the only reason, especially considering you’re not just paying for a tool when you network it.

            • towerful@programming.dev
              link
              fedilink
              English
              arrow-up
              5
              arrow-down
              2
              ·
              10 months ago

              People are actually the easiest to hack. That’s why social engineering is such a huge security risk, why employees have minimum amount of access required to systems, why corporate laptops are so locked down, and why huge phishing assessments are done.

              It’s just that we are more accustomed to monitoring people, and it also gives a focus that everyone understands that can take the blame for mistakes.

              • LilB0kChoy@midwest.social
                link
                fedilink
                English
                arrow-up
                3
                ·
                10 months ago

                Sorry, I assumed the context was obvious, but it’s hard to hack a person standing there turning a wrench.

                What’s easier to hack? That person standing there turning a wrench or a network connected wrench? Especially considering the points you made; the wrench turner probably has access to less than the network connected wrench.

                • towerful@programming.dev
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  10 months ago

                  God, I hope the wrench has access to less of the network than the employee.
                  It’s an IoT device.
                  You never trust IoT.

                  It should be on an isolated vlan dedicated to the wrenches that allows it connect to its storage server, only.
                  Putting the wrenches on a pvlan would further limit the scope of any breaches to a single wrench.
                  Any access to the wrench vlan/pvlan should be from a trusted management vlan. Any traversal of the firewall for this access should be logged.
                  Ultimately, this is a device being used by a company that requires per-bolt certification of torque. You can bet that every part of their process has an equivalent level of scrutiny, including certification of network security/auditing.

                  In fact, following sensible IoT network security mitigates all of the CVEs listed - because they need the attacker to have network access.
                  Sure, most of the CVEs are the stupidest “my-first-web-app” level of mistakes (csrf, xss, directory traversal) and shouldn’t exist. But it’s still an IoT device, and should always be treated as a black box of leaky security regardless of the manufacturer.

          • otp@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            3
            ·
            10 months ago

            Nah. Usually the double checking is added onto a list of another person’s tasks with no increase in wages or allocated time! Lol

      • thefloweracidic@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        10 months ago

        Follow up question, could the same metrics be captured without a network connection? An alternative might not be as user friendly as an IoT device, but for the last what decade? It seems like investment in IoT is investment in security vulnerabilities.

      • PaintedSnail@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        10 months ago

        Also QA, issue tracking, and litigation protection. This includes worker protection.

        “Those bolts? We have the record right here from the very wrench that tightened them that shows they were tightened to spec on that plane.”

      • AnneBonny@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 months ago

        The network thing is great until Ed finds out the torque wrench Jim uses doesn’t operate properly because it has been infected with malware for an undetermined period of time.

      • Cocodapuf@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        That it’s admittedly a pretty good point.

        That said, this is a very niche device. Almost nobody should ever own one for themselves, these are the kind of devices that are provided by the company you work for.

      • A_Random_Idiot@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        8
        ·
        edit-2
        10 months ago

        No, don’t you try to come up with some ridiculous scenario to justify this shit.

        There is no justification for a fucking network connected wrench.

        Its more expense and stupidity to solve a problem that shouldnt exist with proper procedures, and if you arent following proper procedures your wrench being able to update its goddamn fucking facebook page wont make a goddamn difference.

    • RattlerSix@lemmy.world
      link
      fedilink
      English
      arrow-up
      38
      arrow-down
      3
      ·
      10 months ago

      It makes sense for certifying torque specs. Every time the wrench tightens a bolt, it can tell the network and it can be certified.

      • masterofn001@lemmy.ca
        link
        fedilink
        English
        arrow-up
        30
        arrow-down
        5
        ·
        10 months ago

        With the added bonus of all the data potentially being compromised, specs modified, torque intentionally wrong, thereby invalidating every certificate.

        Remember when skilled workers were competent, had the time to do their jobs properly, and could write shit down?

        • HessiaNerd@lemmy.world
          link
          fedilink
          English
          arrow-up
          15
          arrow-down
          3
          ·
          10 months ago

          Gotta call bullshit here.

          Skilled workers make mistakes. Give them all the time in the world and they will still make mistakes because they are human. The trick is to give them feedback loops, as short as possible, so they can recognize their mistakes. This should be part of process controls based on risk.

          Don’t get me wrong, I would not want to validate this network wrench solution. There is a fairly narrow band where it makes sense to me which would require a fair amount of DFM (design the assembly to have unique bolt heads for each torque setting etc). But when you are making things that people rely on for their life… You have to have layered systems and these are a legitimate layer.

    • Coasting0942@reddthat.com
      link
      fedilink
      English
      arrow-up
      13
      ·
      10 months ago

      It’s for where bolts have to be tightened to a specific amount, and certified. Faster than writing it down. Faster to track down an error.

      As others have pointed out, you’d want every single bolt on your airplane tightened to computer level precision and error control. If some stray cosmic ray strikes the wrench during the tightening process then that’s the universe telling you it’s time to go.

    • Alto@kbin.social
      link
      fedilink
      arrow-up
      12
      ·
      10 months ago

      Might be more in addition to it, but usually it’s as part of a fancy inventory system to keep track or who checks in/out what tool. They’ll have GPS sometimes too.

      Power tools are expensive and have a tendency to “disappesr”, so on a big enough scale I can see where it’s helpful.

    • Otter@lemmy.ca
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      10 months ago

      The cordless device, which wirelessly connects to the local network of organizations that use it, allows engineers to tighten bolts and other mechanical fastenings to precise torque levels that are critical for safety and reliability. When fastenings are too loose, they risk causing the device to overheat and start fires. When too tight, threads can fail and result in torques that are too loose. The Nutrunner provides a torque-level indicator display that’s backed by a certification from the Association of German Engineers and adopted by the automotive industry in 1999. The NEXO-OS, the firmware running on devices, can be controlled using a browser-based management interface

      Interesting ok

    • sapetoku@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      5
      ·
      10 months ago

      Yes, in factories where the tools are programmed to do a job like tightening the bolts for an airplane plug door or your car engine head. The quality assurance gains are enormous (the tool does the job and logs it).

      Problems occur when the customer cuts IT security costs or tampers with the tools to increase production rates.

    • Eczpurt@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      3
      ·
      10 months ago

      Innovators always ask whether or not they could rather than if they should smh.

    • MonkderZweite@feddit.ch
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 months ago

      You know, for all the important statistics and so on.

      And the server has an AI thingsamabums to calculate your averages and a blockchained score for NFC emeralds! Gamification! Rewards!

  • A_Random_Idiot@lemmy.world
    link
    fedilink
    English
    arrow-up
    140
    arrow-down
    10
    ·
    edit-2
    10 months ago

    WHY IS THERE NETWORK CONNECTED WRENCHES?!

    ITS A FUCKING WRENCH!

    IT DOESNT NEED THE NETWORK!

    WHY THE FUCK DO THEY PUT NETWORK CONNECTIVITY IN THIS SHIT THAT DOES NOT, IN ANY CONCEIVABLE FASHION, NEED IT!?!

    I swear to god one of these days my head is literally going to explode in thermonuclear ball of rage over the absolute stupidity of this shit.

    • 🇰 🌀 🇱 🇦 🇳 🇦 🇰 ℹ️@yiffit.net
      link
      fedilink
      English
      arrow-up
      74
      arrow-down
      1
      ·
      edit-2
      10 months ago

      Auto torquing wrenches that connect to a network to know exactly how much torque to apply to a bolt or screw that can be updated on the fly to fix issues or change spec without much effort. They’re pretty common in manufacturing.

      Heh… Kinda funny that by making them idiot proof, they’ve opened up vulnerability to someone who isn’t an idiot.

      • ShepherdPie@midwest.social
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 months ago

        An assembly line making variations of the same product makes sense but why would they be exposed to the internet?

        • sapetoku@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          8
          ·
          10 months ago

          My friend who works designing such tools says production stuff should never be connected to the internet for obvious reasons. Someone fucked up.

        • Aceticon@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          The factory network might have been designed under the assumption that there were no such unsafe devices around, somebody might have poked a hole on the firewall for something completelly different that exposed these tools, somebody might have taken one of these home or to a company office for some reason and brought it back infected, somebody with a notebook connected to the Internet via Mobile came to the factory, an attacker physically parked next to the factory and started hacking, the good old “drop a USB disk with a virus in the parking lot”, and so on and so on…

          You’re really supposed to design networked software under the assumption that at some point it will be exposed to an unsafe network.

        • Alien Nathan Edward@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          why would they be exposed to the internet?

          to be able to get information about new parts or procedures, or updated information from the device manufacturer or the manufacturers of the parts the device is designed to interact with.

          • ShepherdPie@midwest.social
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            10 months ago

            None of that requires internet access though. It should all be handled through the company intranet.

            I work in manufacturing and our tools are connected to the company network but blocked from the internet because some still rely on things like WindowsXP or Win7 for example.

            • Alien Nathan Edward@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              ·
              10 months ago

              putting together a WAN with your vendors would be a great big old thing. I suppose you could figure out some way to pull vendor patches and updated specs into your LAN via a single point of entry as well.

    • cyberpunk007@lemmy.world
      link
      fedilink
      English
      arrow-up
      59
      arrow-down
      1
      ·
      edit-2
      10 months ago

      "nuts loosened: 9,345

      Wrench rotations: 237,902"

      “ERR: #482: License only permits 237,901 rotations. Please upgrade your license or subscribe for $94/mo”

      • Asafum@feddit.nl
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        10 months ago

        This is no joke, 100% going to be the future.

        All it will take is one gigantic asshole to start and if the product is useful enough that’s it, people will buy it and every company under the sun will copy.

        Goodbye ownership of the things you buy, it will be the videogame distribution model of “you paid for a temporary license to use the product. You did not buy anything.”

        I can totally see “you’ve exceeded the license agreement for free usage, now log in to your account and pay for the premium package wrench plan for $99.99/month.” Hell printers are already disabling usage if you don’t have a credit card on file with them even though you bought the damn thing…

        • bitwolf@lemmy.one
          link
          fedilink
          English
          arrow-up
          4
          ·
          10 months ago

          Thankfully hobbiest electronics and 3d printing can replicate a lot of those products without the dark patterns for those patient / saavy enough to build or sell them.

          And in the case of a Wrench… You wouldn’t copy (mold /foundry) a wrench would you?

    • Nomecks@lemmy.ca
      link
      fedilink
      English
      arrow-up
      38
      arrow-down
      3
      ·
      10 months ago

      So if you’re on a site with hundreds or thousands of company owned tools it would be very helpful to have them connected for things like:

      • Tool status
      • Tool location
      • Service information
      • Lifecycle control
      • Rusty@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        1
        ·
        10 months ago

        There’s even network connected tyres at this point.

        Corpos froth at the mouth at the thought of being able to manage service information and lifecycle control.

        It makes it safer and convenient for the workers as well.

      • bitwolf@lemmy.one
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        2
        ·
        10 months ago

        Can’t that also be resolved with an inventory system similar to what chem/medical labs use?

        • curiousPJ@lemmy.world
          link
          fedilink
          English
          arrow-up
          13
          ·
          edit-2
          10 months ago

          Most, if not all, aerospace tools that take a measurement requires periodic calibration and assurance that the tool is performing to spec.

          There can be thousands of unique tools that must pass through its own respective calibration process and documentation. Micrometers, calipers, torque wrenches, and even scales.

          Having a networked tool can save the hassle of operators mis-reading or just plain ignoring the calibration sticker. Also, knowing the “location” of the tool on an inventory sheet isn’t quite like knowing which side of a 747 for the wrench that is due for calibration.

          Also this is just me hypothesizing… I presume there are a number of other benefits like automated logging of torque values for every single bolt installed with such tool. When the FAA audits for installation information regarding a single screw on a plane’s 3rd row window side infotainment system’s upper left mount… The data is easier to find.

          This is all part of “industry 4.0” connected manufacturing for more efficient and lean manufacturing. Collect and process any data you could ever want to make the decisions for a manufacturer to do more with even less.

          • bitwolf@lemmy.one
            link
            fedilink
            English
            arrow-up
            2
            ·
            10 months ago

            As a Software Engineer (cloud) you had me sold at Data Lake lol.

            In all seriousness, it does seem like another valid philosophy for achieving further automation of mundane tasks.

            Thankfully a lot of the trade-offs from IoT right now can seemingly be mitigated by building greenfield solutions.

            Hopefully the industry can see and acknowledge the demand for more local networking versus going through a cloud service.

    • Grass@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      17
      ·
      10 months ago

      I’m honestly surprised anyone would buy it. Most tradesmen I have worked with would not be even remotely interested for a multitude of reasons.

    • MeanEYE@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      10 months ago

      In a factory setting I can easily see this part of the quality control. Where wrench would log each tightening procedure and keep track of its own use.

    • HipHoboHarold@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      10 months ago

      I can sort of see things like washing machines, even if I would rather it not. It can tell you when it’s done, some even run a diagnostics to tell you if something is wrong.

      But yeah, it’s a drill. It’s not that complicated. I don’t need it to tell me when it’s done when I need to be there to use it.

      • BearOfaTime@lemm.ee
        link
        fedilink
        English
        arrow-up
        6
        ·
        10 months ago

        Why does a washing machine need enough complexity to require diagnostics?

        That’s just nuts.

        I use one cycle, on cold, all it’s gotta do is agitate the water.

        My family had the same washing machine for 30+ years. I’m not seeing why that needs to be redesigned. Parts were still available when we replaced it.

        • A_Random_Idiot@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          Exactly.

          Old electromechanical washers and driers were SO much better than the modern computerized shit.

          More durable too.

  • Snot Flickerman@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    60
    ·
    edit-2
    10 months ago

    I’m just here because I can’t fucking believe it’s named “Nutrunner.”

    Must be an oblique cyberpunk reference. Whatever it is, it’s fucking ridiculous.

    • BlanK0@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      Gotta put the blame on the weaker people, probably the daily routine of some CEOs

    • BillMurray@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      My dishwasher is connected to the network. I can start it from my phone but it’s more convenient to press start when I close the door and put in soap. The only reason I’d want it to be connected to the network is if it had tiny cameras inside. Why do network connected dishwashers not have tiny cameras and lights, so I can watch it actually cleaning my dishes?!

      • The Uncanny Observer@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        Oh jeeze. I do not have time to be spending hours watching my clothes wash on a tiny camera, which is exactly what I would be doing if there was a tiny camera in my washer watching my clothes.

    • poejreed@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      I would guess something along the lines of hire a security firm to try to find when /where /to what it happened on. Recall all of those products. Then sue Bosch for the cost.

  • Aatube@kbin.social
    link
    fedilink
    arrow-up
    20
    ·
    10 months ago

    The vulnerabilities, reported Tuesday by researchers from security firm Nozomi, reside in the Bosch Rexroth Handheld Nutrunner NXA015S-36V-B. The cordless device, which wirelessly connects to the local network of organizations that use it, allows engineers to tighten bolts and other mechanical fastenings to precise torque levels that are critical for safety and reliability. When fastenings are too loose, they risk causing the device to overheat and start fires. When too tight, threads can fail and result in torques that are too loose. The Nutrunner provides a torque-level indicator display that’s backed by a certification from the Association of German Engineers and adopted by the automotive industry in 1999. The NEXO-OS, the firmware running on devices, can be controlled using a browser-based management interface.

    Nozomi researchers said the device is riddled with 23 vulnerabilities that, in certain cases, can be exploited to install malware. The malware could then be used to disable entire fleets of the devices or to cause them to tighten fastenings too loosely or tightly while the display continues to indicate the critical settings are still properly in place.

    9 of these are improper neutralization of inputs, of which 4 are SQL injections. The post says the vulnerabilities could be used to ransom-lock the devices or secretly adjust the torque levels the wrench applies while the display reports a false number.

      • Tristaniopsis@aussie.zone
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        10 months ago

        “IN A WORLD…

        WHERE SEMI-WOODEN ARBOREAL FRUITS HAVE FAST-ASS LEGS.

        AND WRENCHES CAN GET HACKIFIED.

        ONLY ONE MACHINE CAN SAVE US ALL.

        BOSCH TICKLEFINGER IS:

        THE NUTRUNNER.

        APPEARING AT A CINEMA NEAR YOU.

        PARENTAL ADVICE RECOMMENDED “

    • Buttons@programming.dev
      link
      fedilink
      English
      arrow-up
      6
      ·
      10 months ago

      So it connects to the network for firmware updates.

      What the hell is there to update in the firmware? It either tightens to the indicated torque or it doesn’t.

      • BearOfaTime@lemm.ee
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 months ago

        Seems like using a cable for firmware updates which should be rare as hen’s teeth would be a smarter approach.

        These tools need other maintenance/inspections anyway, you just do it then. Really, firmware shouldn’t have such a major flaw that an update is that crucial.

        • sapetoku@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          The tools are connected to a central database that logs all operations, it’s super useful. All the difference between Boeing that uses old style pneumatic guns and manual torque wrenches vs. Airbus using fully connected/automated wrenches that not only tighten bolts to the right torque every single time but also keeps track of how many bolts have been tightened. Such tools should be airgapped from the internet but obviously someone messed up on that part. Could be cost-cutting.

        • Buttons@programming.dev
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          Indeed. When a tool has one job, if it needs a firmware update because it failed to do it’s one job, just give me my money back and I’ll buy a new one.

  • LWD@lemm.ee
    link
    fedilink
    English
    arrow-up
    17
    ·
    10 months ago

    I refuse to believe there’s much sensitive data on a wrench, but I am curious… Would it be faster to pay the ransom to get the wrench unlocked, or to reflash it?

    • lud@lemm.ee
      link
      fedilink
      English
      arrow-up
      29
      arrow-down
      1
      ·
      10 months ago

      The fact that they could manipulate the tightness and display output so that it could leave the bolts loose while saying that they aren’t, seems like a bigger problem.

      • LWD@lemm.ee
        link
        fedilink
        English
        arrow-up
        6
        ·
        10 months ago

        Maybe the ransom was designed to be ongoing. I.e. as soon as you factory reset the wrench, it gets hit again with the same message, and you’d have to find some other part of the network that was messing them up.

        • KairuByte@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          Well, yes. There would be a root infection point outside of the wrenches themselves. The entire network would likely need to be inspected before you’d just reflash and move along like everything was better.

    • ClopClopMcFuckwad@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      2
      ·
      10 months ago

      Why the fuck does someone need a wrench connected to the internet in the first place?

      I went appliance shopping recently and the salesman tried to get me on board with a WiFi connected fridge, his sales pitch was that I’ll get a push notification on my phone when the air or water filter need to be changed, and there’s a camera so if I’m at the store and I can’t remember if I need to buy milk, I can open the camera app and view the inside of my fridge and see my milk level. GTFO, not everything needs to have an app or internet service.

      • LWD@lemm.ee
        link
        fedilink
        English
        arrow-up
        8
        ·
        10 months ago

        It might measure resistance in a specific way, tell the conveyor belt to move on once a certain parameter happens… I have no idea, but these wrenches are clearly made for manufacturing and not individuals

      • gravitas_deficiency@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        10 months ago

        If you’re too lazy to read the article:

        For normal consumers, it is absolutely a useless and stupid feature.

        For safety-critical assembly line and maintenance applications, having the torque wrench networked enables a high degree of auditability. A highly pertinent current example would be the 737 MAX9 fuselage plug issues - if this device were incorporated into production and maintenance processes, it could enable manufacturing and maintenance audits down to the precise torque value used for each fastener, which likely could have prevented the issue entirely. Or… considering the timing, maybe they were being used, and the wrenches were compromised.

        • ClopClopMcFuckwad@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          10 months ago

          Not too lazy to read the article, I think its a stupid feature. For decades industries have managed with high skill employees and manual torque wrenches. Somehow logging torque specs in a data base is going to solve problems or being able to remotely access said data base to make sure the tourque setting is correct? How about hire competent people with the right skills and give them the time they need to do a good job. How about having floor supervisors that actually know, and have done the job they’re overseeing to regularly check the torque specs. Boeing QC and safety has been on a downhill slide for decades, right around the time that the merger with McDonnell Douglas happened.

    • lurch (he/him)@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      10 months ago

      It has your location data for the Find My Device app and we both know your wife would love to see where you screwed during lunch break

    • Justin@lemmy.jlh.name
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      10 months ago

      Right, if your factory is dependant on robotic wrenches for manufacturing, wouldn’t you have that backed up? You probably don’t only have one wrench with the code.

      • DreadPotato@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        10 months ago

        You’d be surprised how often critical tools don’t have backups.

        More than once I’ve been to sites where the software needed to service a critical piece of equipment only existed on a single 15+ year old banged up laptop, or a 40+ year old PLC handling a critical part of a production line couldn’t be turned off because there was a risk that it wouldn’t be able to turn back on, and it was EOL’ed over a decade ago but they still hadn’t ported the program to a newer platform.

    • HessiaNerd@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      I would hate to submit a report to a federal agency that said, “we paid the hackers and they said we could use our equipment again.” Wrenches would be trash after this, (maybe send the back to the factory and ask them to recert them).

      • LWD@lemm.ee
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 months ago

        I’m just speculating here, but because we’re talking about stock firmware and nothing third party, probably many. Maybe not.

      • KairuByte@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 months ago

        The fact that it was able to be flashed with ransomware over the network to begin with, insinuated that flashing is a feature on these devices.

  • kingthrillgore@lemmy.ml
    link
    fedilink
    English
    arrow-up
    16
    ·
    10 months ago

    I’m sorry hold on a second did you just say “network-conneced wrenches?”

    And expose this outside of a VLAN, you say?

    • Abnorc@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      At first, I thought this was some abstract or technical term that I didn’t know.

    • nikosan@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      A lot of routers at least have an IoT wifi network lol. Should’ve probably used that. Although it probably has some stupid dongle it connects to instead that’s connected directly to ethernet. Unfortunately the average person buying a drill is not gonna know how to set up a VLAN.

  • Aceticon@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    10 months ago

    It’s stupidly easy to make embedded devices that are network-connected nowadays which, 2 decades after the server-side ones have mainly learned their lesson, has brought a whole new generation of security-clueless software developers in contact with the big bad world of networking in environments which are not air-gapped.

    What A Time To Be Alive!

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    5
    ·
    10 months ago

    This is the best summary I could come up with:


    Researchers have unearthed nearly two dozen vulnerabilities that could allow hackers to sabotage or disable a popular line of network-connected wrenches that factories around the world use to assemble sensitive instruments and devices.

    The vulnerabilities, reported Tuesday by researchers from security firm Nozomi, reside in the Bosch Rexroth Handheld Nutrunner NXA015S-36V-B.

    The cordless device, which wirelessly connects to the local network of organizations that use it, allows engineers to tighten bolts and other mechanical fastenings to precise torque levels that are critical for safety and reliability.

    The Nutrunner provides a torque-level indicator display that’s backed by a certification from the Association of German Engineers and adopted by the automotive industry in 1999.

    The malware could then be used to disable entire fleets of the devices or to cause them to tighten fastenings too loosely or tightly while the display continues to indicate the critical settings are still properly in place.

    The vulnerabilities found on the Bosch Rexroth NXA015S-36V-B allow an unauthenticated attacker who is able to send network packets to the target device to obtain remote execution of arbitrary code (RCE) with root privileges, completely compromising it.


    The original article contains 344 words, the summary contains 187 words. Saved 46%. I’m a bot and I’m open source!

  • werefreeatlast@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    4
    ·
    10 months ago

    This is hilarious! Gimme 5 Bitcoin or you can’t use your drill!..goes to home Depot to get new drill. LOL. Huge risk, little reward. Unless they infect the drills at the fucktory.

    • Flying Squid@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      2
      ·
      10 months ago

      You might want to read the article about why these wrenches are network-connected and why buying a new one at Home Depot is not an option.

    • Classy@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      2
      ·
      10 months ago

      Oh yeah, just go wander to the the Home Despot and pick up a coupla highly specialized $10,000 tools. Might as well buy all the other equipment your factory line lost access to because SQL injections granted the hacker piggyback access to them, too. Damn, if only Bosch just listened to people who didn’t bother to read anything before making stupid comments.