A recent security lapse has been discovered that could potentially allow millions of college students to do their laundry for free. This vulnerability was found by two University of California, Santa Cruz students, Alexander Sherbrooke and Iakov Taranenko. They exploited an API for internet-connected washing machines owned by CSC ServiceWorks, a company with over a million laundry and vending machines in service across multiple countries.
By taking advantage of the machines’ app, the students were able to remotely command them to work without payment and even update a laundry account to reflect millions of dollars. Despite their attempts to report the vulnerability to CSC ServiceWorks, the company never responded to their emails and phone call in January. However, after the students contacted the company, their false millions were quietly removed.
The fact that CSC ServiceWorks did not immediately address the issue raises concerns about the security practices surrounding the internet of things (IoT). This incident serves as a reminder that while this technology offers convenience, there are still risks involved. In this case, the published list of commands allowed the students to connect to all of CSC’s network-connected laundry machines, highlighting a major security flaw.
This vulnerability underscores the ongoing challenges of securing IoT devices. While in this instance, the company may have shouldered the risk, lax cybersecurity practices can make it easier for hackers or malicious actors to access sensitive information. For example, in other scenarios, individuals have been able to view security camera footage or gain control of smart devices due to insufficient security measures.
The security lapse that enabled college students to do free laundry serves as a cautionary tale about the importance of prioritizing cybersecurity in the age of IoT. Companies like CSC ServiceWorks must be proactive in addressing vulnerabilities and responding to reports from security researchers. As technology continues to advance, ensuring the safety and integrity of internet-connected devices should be a top priority for both companies and consumers alike.
Leave a Reply