Monday, June 24, 2024

The Washing Machine Security Bug that Allows College Students to Do Free Laundry in the US

Security Flaw in CSC ServiceWorks Washing Machines Allows Free Laundry: College Students Exploit Vulnerability

Two college students have discovered a major security flaw in the internet-connected washing machines operated by CSC ServiceWorks, potentially allowing millions of users to do their laundry for free. Alexander Sherbrooke and Iakov Taranenko, students from the University of California, Santa Cruz, found a vulnerability in the machines that could be exploited to bypass payment systems and manipulate laundry accounts.

According to a report by TechCrunch, CSC ServiceWorks boasts over a million laundry and vending machines across the US, Canada, and Europe. The students were able to exploit an API for the company’s mobile app, CSC Go, which allowed them to remotely control the washing machines without making any payments and even falsify their laundry accounts to show millions of dollars in credit.

Despite reporting the security flaw to CSC ServiceWorks in January via emails and phone calls, the company allegedly failed to respond to the students. Sherbrooke and Taranenko claimed that after they contacted the company, their false millions were quietly wiped from the accounts. Frustrated by the lack of action from CSC ServiceWorks, the students decided to share their findings with others.

The students pointed out that the company’s servers do not verify new user email addresses, making it easy for anyone to create a CSC Go account and send commands through the API. Taranenko expressed his surprise at the company’s oversight, stating, “I just don’t get how a company that large makes those types of mistakes, then has no way of contacting them.”

The student researchers emphasized that their actions were done in good faith to help improve the company’s security measures. Taranenko noted that it was a unique experience to conduct real-world security research outside of simulated competitions.

As CSC ServiceWorks addresses this security flaw, users are reminded to stay vigilant and report any suspicious activity on their laundry accounts.

Related Articles

Latest Articles

Most Popular