Two students from the University of California, Santa Cruz, have uncovered a significant security flaw in internet-connected washing machines, potentially allowing millions of college students to do laundry for free. The vulnerability was found in machines operated by CSC ServiceWorks, which has over a million machines in the US, Canada, and Europe.
Alexander Sherbrooke and Iakov Taranenko discovered the flaw by exploiting an API used by the machines’ app. This allowed them to remotely command the machines without payment and manipulate laundry accounts to show exorbitant balances so that they can do free laundry. Despite attempts to report the issue, CSC ServiceWorks did not respond, leading the students to share their findings publicly.
This incident highlights ongoing concerns about the security of IoT devices, with the potential for severe implications if vulnerabilities are not promptly addressed.
{{user}} {{datetime}}
{{text}}