Smart Wrench Hack! Would you believe something like this is also be a reason to worry about?

Forget headlines like “tools to hack your growth.” Today’s tech-centric workplace makes a fresh piece of actual hacking news much more concerning. This time, it’s a hack of a smart engineering tool, with some scary implications for business leaders.

Technology cybersecurity firm Nozomi revealed its discovery of a host of security loopholes in one particular “smart” torque wrench, which Ars Technica says is used in factories around the world to assemble sensitive instruments and devices. This checks out: a torque wrench is already a higher-tech hand tool than the simple adjustable wrench commonly used for work on plumbing or car parts. Torque wrenches can be used to precisely tighten bolts with a pre-specified force. This is critical for certain high-importance jobs-like the bolts that hold industrial-scale machines together, or fix aircraft parts in place. The Bosch Rexroth tool with the apparent security gaps takes that precision to 21st century levels, with wi-fi connected powers that let users refine precisely how the wrench works on each tightening job.

Nozomi found the wrench’s smart connectivity introduced a long list of digital vulnerabilities that hackers could easily exploit. This may sound a tad ridiculous-it’s not as immediately dangerous as hacking the controls of an airliner in flight, or health care devices in a hospital, for example. But the implications of such a hack could be enormous. 

Malicious hackers could do a number of things by hacking this sort of smart tool. For starters, they could disable an entire fleet of devices used by a large enterprise in a ransomware attack. This would hold the tools hostage, dramatically hitting productivity and profits, until the ransom was paid. Smaller engineering companies with only one or two of these smart tools-and fewer, restricted financial options-may feel this sort of attack more keenly. And data show that most businesses hit by ransomware attacks don’t survive.

More insidiously, Nozomi also showed that it was able to use the wrench’s security loopholes to subtly alter its software. This could be used to change the force settings to which the tool was calibrated, while still showing the “correct” settings on the device’s display. That means a mechanic using the tool may be unaware that anything was wrong. Any bolt or nut that was then tightened could end up dangerously over-tight, or not tightened enough and thus able to wiggle loose. 

Though news that Boeing’s 737 Max airliner experienced in-flight failure of a plug door that threatened the lives of hundreds of people isn’t related to this hack news, it highlights the potential damage that a hack of a tool like a smart torque wrench could wreak. 

In an example of how to deal with this sort of security threat, Bosch has already responded that it’s working on a patch to fix the vulnerabilities. It’s also not necessarily likely that hackers would target such an esoteric tool in real life. Instead they may exploit a security loophole like this to elevate their access into a company’s bigger computer systems, where there is more financial gain to be won by disrupting them or by accessing payment information and so on.

But the surprising hack is a reminder that our world is getting ever more connected. More and more devices used in everyday business life now incorporate tech like wireless connectivity and A.I. That widens the security vulnerabilities your small business faces. It’s a much bigger issue than merely having to update the password on your company email account. Even small firms should have cybersecurity protections and plans to deal with a hacking attack that could impact almost any part of their operation.