Security bug may have allowed people to do laundry for free
By ForGeeks Who would have thought there would be free Internet-connected washing machines in the future?
A security lapse could allow millions of students to do their laundry for free thanks to one company. That’s because of a vulnerability that two students at the University of California, Santa Cruz, discovered in internet-connected washing machines used commercially in several countries, TechCrunch reports.
Two students, Alexander Sherbrook and Yakov Taranenko, used the API of a washing machine app to remotely order them to run without payment and update the washing machine’s account, revealing that millions of dollars were sitting on it. CSC ServiceWorks, which owns the machines, says it operates more than a million laundry and vending machines in the U.S., Canada, and Europe in colleges, apartment buildings, laundromats, and other locations.
The company claims to have more than a million laundry and vending machines in the U.S., Canada, and Europe.
The company did not respond in any way to Sherbrooke and Taranenko’s report of the vulnerability via email and phone call in January, TechCrunch writes. Despite that, the students told the publication that the company «quietly destroyed» their fake millions after they reached out to it.
The lack of response led them to tell others about their findings. Including the fact that the company has a published list of commands that they told TechCrunch allows them to connect to all of CSC’s connected washing machines.
They told TechCrunch.
The CSC vulnerability —s a good reminder that the security situation of the Internet of Things is still not solved. In the case of the exploit found by the students, CSC may not pose a risk, but in other cases, weak cybersecurity practices allow hackers or company contractors to view footage from other people’s surveillance cameras or access «smart» plug-ins.
CSC’s weak cybersecurity practices allow hackers or company contractors to view other people’s surveillance footage or access «smart» plug-ins.
Security researchers often find such breaches and report them before they can be exploited on a large scale. But it doesn’t help if the company responsible for them doesn’t respond.
And it doesn’t help if the company responsible for them doesn’t respond.
