November 23, 2024

Brighton Journal

Complete News World

Two students discovered a security flaw that could allow millions to wash clothes for free

Two students discovered a security flaw that could allow millions to wash clothes for free

A vulnerability could allow millions of college students to do their laundry for free, thanks to one company. This is due to a vulnerability discovered by two UC Santa Cruz students in Internet-connected washing machines used commercially in several countries. according to TechCrunch.

The two students, Alexander Sherbrooke and Yakov Taranenko, apparently exploited the machines’ application programming interface to do things like remotely order them to work for free and update the laundry account to show it contained millions of dollars. The company that owns the machines, CSC ServiceWorks, claims it owns them More than a million washing machines sold In service at colleges, multi-housing communities, laundries, and more in the United States, Canada, and Europe.

CSC never responded when Sherbrooke and Taranenko reported the vulnerability via emails and a phone call in January. TechCrunch He writes. Despite this, the students told the outlet that the company “quietly erased” their false millions after they contacted it.

The lack of response prompted them to tell others about their findings. This includes that the company has List of published commandswhich was narrated by both TechCrunch Allows connection to all CSC networked laundry machines. CSC ServiceWorks did not immediately respond the edge’Request for comment.

The CSC vulnerability is a good reminder that the security situation with respect to the Internet of Things is far from resolved. For the exploit the students found, CSC may have taken the risk, but in other cases, lax cybersecurity practices allowed hackers or the company’s contractors to view strangers’ security camera footage or access smart plugs.

See also  This is the Pixel watch band in coral color and bezel

Often, security researchers find and report these vulnerabilities before they are actually exploited. But this is not helpful if the company responsible for it does not respond.