A security breach could allow millions of college students to do their laundry for free thanks to one company. That’s because two UC Santa Cruz students reportedly discovered a vulnerability in connected washing machines commercially available in multiple countries. TechCrunch.
The two students, Alexander Sherbrooke and Iakov Taranenko, apparently exploited the machine applications’ API to perform operations such as remotely commanding them to work without payment and updating the laundry account to show that there were millions of dollars in it. CSC ServiceWorks, the company that owns the machines, claims to have more than 1 million laundry and vending machines in universities, multi-housing communities, laundromats and more in the United States, Canada and Europe.
When Sherbrooke and Taranenko reported the vulnerability via email and phone calls in January, CSC never responded. TechCrunch wrote. Still, the students told the outlet that after they contacted the company, the company “quietly wiped out” their bogus millions.
Due to the lack of response, they told others about their findings.These include the company issuing a list of orders, two people told TechCrunch Able to connect to all connected washing machines of CSC. CSC ServiceWorks did not immediately respond. edge’Request to comment.
The CSC breach is a good reminder that the security landscape of IoT remains unresolved. For the vulnerabilities discovered by students, perhaps CSC assumed the risk, but in other cases, lax cybersecurity practices made it possible for hackers or corporate contractors to view strangers’ security camera footage or access smart plugs.
Typically, security researchers discover these security vulnerabilities and report them before they are widely exploited. But it doesn’t help if the companies responsible for these issues don’t respond.
