Two students found a vulnerability in the app of a company operating laundromats, allowing them to run wash cycles for free. They contacted the company, which never responded to them, but emptied their balance.
If there's one chore that many people hate, it's spending hours in a laundromat, and paying to do their laundry. Two students from the University of California found an original solution to this problem: hacking washing machines.
Advertisement
It is TechCrunch who reports this astonishing story in an article published on May 17: the two students hijacked the API of CSC ServiceWorks, a company which supplies devices to laundromats installed on many American university campuses. The two students reported the flaw to the company at the start of the year, but the latter had still not repaired it months later. However, this is not a small flaw: according to the students, it would allow them not to have to pay to use “ more than a million washing machines connected to the internet. »
The company did not react, but emptied their balance
The students told TechCrunch that they discovered the vulnerability by chance while using a washing machine. By going through the app and sending a simple command, they discovered they could change their balance — meaning, tell any machine to start a wash cycle, without having to put in any money on their account. They also managed to artificially add several million dollars to their balance, from the app.
Immediately after their discovery, the two students contacted CSC ServiceWorks by email, but also by telephone. The company never officially responded to them — but, according to them, the company had “ discreetly erased » their balance, to which they had falsely added millions of dollars. It is this lack of response which would have motivated them to share their discovery with several people. CSC ServiceWorks has yet to officially respond to the story.
While this story may seem funny, it highlights the fact that an innumerable number of objects are now connected to the Internet without having sufficient protection. Above all, many uncertainties remain regarding their discovery. The two students indicate in particular that they do not know if the vulnerability they found could be exploited to “ bypass the safety restrictions that modern washing machines are equipped with to avoid overheating and fires. »
Advertisement