His hat is only white because he got to test this a bunch before exposing the vulnerability.
Two students find security bug that could let millions do laundry for free
Submitted 5 months ago by return2ozma@lemmy.world to technology@lemmy.world
https://www.theverge.com/2024/5/19/24160383/students-security-bug-laundry-machines-csc-serviceworks
Comments
ATDA@lemmy.world 5 months ago
juliorapido@discuss.tchncs.de 5 months ago
HEAR YE HEAR YE! best comment here! Hahaha
Tronn4@lemmy.world 5 months ago
In this case this is fucked up. Let people wash dammit
SnotFlickerman@lemmy.blahaj.zone 5 months ago
Not the same company, but I live in apartments with washer/dryers like this. Coin op entirely removed.
You have to have a device that is bluetooth capable to use them.
Anyway pretty sure someone in this apartment has figured out something similar because the machines keep magically becoming unpaid machines after they get serviced. After each service, they will be asking for money to be able to be used for like a day or so, but then soon enough, I’ll go back to the laundry room and all the machines will be free and not asking for money.
Originally, I thought it was the company disabling them due to like a data breach or something and was trying to find out if there was an undisclosed data leak and/or a class action lawsuit brewing. Since neither of those are the case, I’m pretty sure it’s a Notorious Do-Gooder.
So, thanks, Notorious Do-Gooder, for all the free washes and drys.
TimeSquirrel@kbin.social 5 months ago
You're welcome, how's the free cable too by the way?
vhstape@lemmy.sdf.org 5 months ago
God forbid
applepie@kbin.social 5 months ago
But have you thought about the owner?
667@lemmy.radio 5 months ago
They have yacht expenses!
autotldr@lemmings.world [bot] 5 months ago
This is the best summary I could come up with:
That’s because of a vulnerability that two University of California, Santa Cruz students found in internet-connected washing machines in commercial use in several countries, according to TechCrunch.
The two students, Alexander Sherbrooke and Iakov Taranenko, apparently exploited an API for the machines’ app to do things like remotely command them to work without payment and update a laundry account to show it had millions of dollars in it.
CSC never responded when Sherbrooke and Taranenko reported the vulnerability via emails and a phone call in January, TechCrunch writes.
That includes that the company has a published list of commands, which the two told TechCrunch enables connecting to all of CSC’s network-connected laundry machines.
CSC’s vulnerability is a good reminder that the security situation with the internet of things still isn’t sorted out.
For the exploit the students found, maybe CSC shoulders the risk, but in other cases, lax cybersecurity practices have made it possible for hackers or company contractors to view strangers’ security camera footage or gain access to smart plugs.
The original article contains 294 words, the summary contains 171 words. Saved 42%. I’m a bot and I’m open source!
jabathekek@sopuli.xyz 5 months ago
Sherbrooke and Taranenko reported the vulnerability
Finks >:(
SnotFlickerman@lemmy.blahaj.zone 5 months ago
Honestly, in this case, the company in question are even bigger finks because they don’t actually care about fixing a vulnerability that could cost them money.
If that speaks to their security practices, well… Let’s just say I wouldn’t be surprised if customer data was all in an unsecured, unencrypted, plain-text Microsoft Word document.
cm0002@lemmy.world 5 months ago
Forreal, I highly doubt CSC has a big bounty program so why did they even bother? Guaranteed they were the “Teacher you forgot our homework” kids
Rentlar@lemmy.ca 5 months ago
I’ve never heard of CSC, only Coinamatic in every commercially run residential coin laundry I have seen. They run on coins or chip cards.
MoxFcCloud@kbin.social 5 months ago
I'm in the midwest and have used csc at every apartment I've lived at. Maybe it's regional?
Sanctus@lemmy.world 5 months ago
Bro don’t fucken tell the company wtf.