Skip to main content

Two students find security bug that could let millions do laundry for free

posted onMay 20, 2024
by l33tdawg
The Verge
Credit: The Verge

A security lapse could let millions of college students do free laundry, thanks to one company. That’s because of a vulnerability that two University of California, Santa Cruz students found in internet-connected washing machines in commercial use in several countries, according to TechCrunch.

The two students, Alexander Sherbrooke and Iakov Taranenko, apparently exploited an API for the machines’ app to do things like remotely command them to work without payment and update a laundry account to show it had millions of dollars in it. The company that owns the machines, CSC ServiceWorks, claims to have more than a million laundry and vending machines in service at colleges, multi-housing communities, laundromats, and more in the US, Canada, and Europe.

CSC never responded when Sherbrooke and Taranenko reported the vulnerability via emails and a phone call in January, TechCrunch writes. Despite that, the students told the outlet that the company “quietly wiped out” their false millions after they contacted it. The lack of response led them to tell others about their findings. That includes that the company has a published list of commands, which the two told TechCrunch enables connecting to all of CSC’s network-connected laundry machines. CSC ServiceWorks didn’t immediately respond to The Verge’s request for comment. 

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th