Two cybersecurity students managed to hack the security system of a large group of laundromats. They were able to run free, unlimited wash cycles. By taking care to warn the company of this failure.
Two, three computer manipulations and that’s it! Alexander Sherbrooke and Iakov Taranenko, two American students from UC Santa Cruz, specializing in cybersecurity, succeeded in hacking the connected laundromat system of the company CSC ServiceWorks. They discovered the flaw in January and are now able to launch laundry loads at no cost, thanks to the addition of fictitious funds to the company’s mobile app.
Read also: Bonux, the missing laundry detergent that all the children asked for
A simple flaw can turn an entire system upside down
This laundry service chain boasts a network of over a million washing machines. Hotels, residences or even university campuses… Their washing machines are exported from North America to Europe.
According to the American media TechCrounchit was while wanting to recharge their balance on the CSC Mobile Go application that the young friends spotted the bug and attempted, with the nerve, an express hack on their laptops.
The two budding hackers believe the flaw lies in an API (Application Programming Interface) that allows devices and applications to communicate with CSC servers. They therefore produced a code script allowing them to send commands directly to online servers, manipulate their balance and control the network. Enough to ensure that you always have clean underwear, but also to allow millions of users to save the last yellow coins in their wallets.
Read also : You should ban soluble tablets from your dishwashers and washing machines, here’s why
Do not wash your dirty laundry in public
To avoid being shocked, the students sought to notify the company so that it could correct this failure and improve its security system. However, at present and despite numerous reminders, the bug persists. “I just don’t understand how such a large company makes these kinds of mistakes and doesn’t offer any way to contact them,” Yakov Taranenko told the media TechCrounch. CSC seems to want to act discreetly and was content to erase the millions of fictitious dollars posted on the account of the young hackers.
Information and prevention
Faced with this silence, Alexander Sherbrooke and Iakov Taranenko shared their findings with the CERT Coordination Center at Carnegie Mellon University. The latter specializes in helping and preventing security breaches that businesses may encounter.
The CSC company can, for its part, consider itself fortunate that these two cybersecurity students did not broadcast their discovery on social networks. The consequences could have been more dramatic against more vicious and experienced pirates.
