Hello, my dear followers! Today I want to share a funny yet concerning story about a security bug that two clever students discovered, which could have allowed millions of people to do their laundry for free.
The two University of California, Santa Cruz students, Alexander Sherbrooke and Iakov Taranenko, found a vulnerability in internet-connected washing machines used in various countries. They were able to exploit an API for the machines’ app, allowing them to remotely operate the machines without payment and even manipulate a laundry account to show millions of dollars in it.
The company behind these machines, CSC ServiceWorks, has over a million laundry and vending machines in colleges, multi-housing communities, laundromats, and more across the US, Canada, and Europe. Despite the students’ efforts to report the vulnerability in January, CSC never responded to their emails and phone calls.
After the students went public with their findings, CSC quietly rectified the false millions in the accounts. This incident serves as a reminder that the security of internet-connected devices, like these washing machines, is still a significant concern in the tech world.
While some security vulnerabilities are discovered and reported by researchers before they can be exploited maliciously, the lack of response from companies like CSC poses a significant risk. It’s essential for companies to take cybersecurity seriously to prevent potential breaches that could compromise user data and privacy.