The latest piece of tech that can unexpectedly be hacked: a 'nutrunner' wrench, which had over 20 vulnerabilities that'll be patched out in January

A cyberpunk landscape from Cyberpunk 2077 under an image of a smart nutrunner wrench built by Bosch.
(Image credit: Bosch / CD Projekt Red)

I really feel like we're nudging towards the Cyberpunk: 2077-style future where netrunner hackers will basically become wizards, able to explode just about anything with a few lines of rogue code. Okay—the reality may be far more boring, but considering they put DRM in trains a while back I'm crossing my fingers for cyber sorcerers in the next few decades.

The latest in this list of surprisingly hackable tech? The Bosch Rexroth NXA015S-36V-B—also called a nutrunner, which is a type of torque wrench that came into use nearly 100 years ago and just so happens to share a lot of letters with 'netrunner'. We live in a world of beautiful coincidences.

As detailed in a report by the security firm Nozomi. A squad of security experts found a whopping 25 different vulnerabilities in the wrench, which wirelessly connects to a manufacturer's internal network. Also, it runs on Linux—or, well, the Linux-based NEXO-OS.

Unlike the superfluous anti-competitive nonsense applied to those Polish trains, the Nutrunner's always-online wrench software is actually there for a good reason. Having access to an application allows engineers to adjust the final torque levels of fastenings to a granular degree, which is important for everyone's safety. 

"As an example," the report reads, "bolts, nuts and fixtures used in electrical switchboards must be torqued appropriately to ensure that connections between current carrying components, such as high voltage busbars, maintain a low resistance. A loose connection would result in higher operating temperatures and could, over time, cause a fire."

While the sentence 'there's a hackable wrench' is very funny, the potential security risks here are serious to a harrowing degree. There's the business side of things, of course—Nozomi thinks that these vulnerabilities could be used for ransomware attacks. 

An image of a wrench that has been hacked as part of a security study by Nozomi Networks, demanding its user pay bitcoin.

(Image credit: Nozomi Networks)

A more disturbing possibility is that these weak spots would "allow the threat actor to hijack tightening programs while manipulating the onboard display, causing undetectable damage to the product being assembled or making it unsafe to use."

It's a worst-case nightmare scenario and supervillain-tier levels of evil, but the concept of a rash of invisibly-caused industrial accidents happening months after the attack is genuinely a little scary. This isn't just a theory they have, either—the security team fully pulled it off:

"We managed to stealthily alter the configuration of tightening programs, such as by increasing or decreasing the target torque value. At the same time, by patching in-memory the GUI on the onboard display, we could show a normal value to the operator, who would remain completely unaware of the change."

In an email statement highlighted by Ars Technica, Bosch Rexroth "immediately took up this advice and is working on a patch to solve the problem", which it says will be released at the end of January 2024. There's patches for wrenches, now—what a time to be alive.

Harvey Randall
Staff Writer

Harvey's history with games started when he first begged his parents for a World of Warcraft subscription aged 12, though he's since been cursed with Final Fantasy 14-brain and a huge crush on G'raha Tia. He made his start as a freelancer, writing for websites like Techradar, The Escapist, Dicebreaker, The Gamer, Into the Spine—and of course, PC Gamer. He'll sink his teeth into anything that looks interesting, though he has a soft spot for RPGs, soulslikes, roguelikes, deckbuilders, MMOs, and weird indie titles. He also plays a shelf load of TTRPGs in his offline time. Don't ask him what his favourite system is, he has too many.

Read more
Nvidia RTX 4090 Founders Edition graphics card
A single RTX 4090 managed to brute force crack an Akira ransomware attack in just 7 days
Mister Fantastic giving a thumbs up
A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
Three Magikarp Pokémon
The FBI used self-destruct on malware infecting over 4,000 US computers, it's super effective
PC Gamer new products box illustration
PC Gamer's biggest hardware stories of 2024: Elon Musk, the rise and rise of AI, brilliant builds, the humbling of big tech giants, orb pondering aplenty, and much more
A goblin with sharp teeth, wearing goggles, lets out a mischievous cackle in WoW's latest patch: Undermine(d).
The hooligan hacker guild that tore up WoW's newest raid (twice) just posted video evidence of the whole thing, and it's got me feeling weirdly nostalgic
Virtual human head divided into horizontal layers in various skin tones.
The future of robots is looking ever more meaty as MIT researchers grow first bidirectional muscle tissue machine
Latest in Hardware
A Gigabyte RTX 5070 Ti Eagle OC Ice on a desk and installed in a gaming PC.
Gigabyte GeForce RTX 5070 Ti Eagle OC Ice SFF review
A late afternoon view shows two young women walking past a wall-sized anime mural along Chuo-dori (Central Avenue) in the Akihabara district (known as Electric Town for its maze of electronics stores, but currently considered an almost sacred destination by members of Japan's otaku culture, drawn to Akihabara's video game centers, maid cafes, anime shops, and manga comics), located in Chiyoda Ward in central Tokyo, Japan.
OpenAI's GPT-4o model gets image generation update for all of your anime-style selfie needs
A Nacon Rig Streamstar M2 microphone on white gravel, shot in 3/4 profile
Nacon Rig M2 Streamstar review
1X Technologies humanoid robot, the Neo Gamma, standing alongside Nvidia CEO Jensen Huang. Huang is wearing an ERL-made studded leather jacket.
Humanoid robot Neo Gamma gifts Nvidia CEO a studded leather jacket and may even be able to one day wash up a cup without dropping it
Razer Blade 16 (2025) gaming laptop
Nvidia RTX 5090 mobile tested: The needle hasn't moved on performance but this is the first time I'd consider ditching my desktop for a gaming laptop
A woman wearing a VR headset with dramatic, colourful lighting across the background
'World’s smallest LEDs' could lead to accurately lit screens with 127,000 pixels per inch and much more immersive VR
Latest in News
Story of Seasons - A cahacter in a purple tuxedo stands outside in a town square talking to the player
Story of Seasons is doing another Harvest Moon remake and it might be the best the series has ever looked
Assassin's Creed Shadows change seasons - An upper-body shot of Yasuke looking cheerfully up into the distance.
Assassin's Creed Shadows puts up the 'second highest day-one sales revenue in Assassin's Creed franchise history'
A witch riding a broom sails past a Fish and Chips shop.
Cozy gamers rejoice: Witchbrook finally has a release window, and yes, you can fly around on a broom with your friends
starcraft 2 face
StarCraft fans taunted by the announcement of a new StarCraft... board game
kingdom come: deliverance 2 henry looks confused
'Medieval Batman' completes Kingdom Come: Deliverance 2 pacifist playthrough with zero kills and 535 knockouts
SUQIAN, CHINA - OCTOBER 6, 2024 - Illustration Tencent's plan to buy Ubisoft, Suqian, Jiangsu province, China, October 6, 2024. (Photo credit should read CFOTO/Future Publishing via Getty Images)
Ubisoft and Tencent are forming a new company that will take control of its most successful franchises: Assassin's Creed, Far Cry, and Rainbow Six