Two students at the University of California, Santa Cruz, have found vulnerabilities in the security system of washing machines that allow them to wash laundry for free.
About said TechCrunch.
Two students, Oleksandr Sherbrooke and Yakov Taranenko, used the API to remotely control washing machines from CSC ServiceWorks.
CSC ServiceWorks is a fairly large company. It has more than a million laundromats and vending machines operating in colleges, apartment buildings, laundromats, etc. in the United States, Canada, and Europe.
The students warned the company about the vulnerability back in January. But CSC ServiceWorks just quietly destroyed their fake millions.
It was the lack of response that prompted them to tell others about these vulnerabilities.
The vulnerability lies in the API used by the CSC Go mobile application. Sherbrooke and Taranenko found that CSC servers could be tricked into accepting commands that change the balance of their accounts, as any security checks are performed by the application on the user’s device and automatically trusted by CSC servers.
There is also an available command list that allows you to connect to all washing machines online.
Spelling error report
The following text will be sent to our editors: