Two students discover security bug that could allow millions of people to do laundry for free

A security breach could allow millions of students to do laundry for free, thanks to a single company. This is due to a vulnerability that two students at the University of California, Santa Cruz found in internet-connected washing machines used for commercial purposes in several countries, according to TechCrunch.

The two students, Alexander Sherbrooke and Iakov Taranenko, apparently leveraged an API for the machines to remotely command them to work without payment and update a laundry account to show it contained millions of dollars . The company that owns the machines, CSC ServiceWorks, says it has more than a million laundries and vending machines in operation at colleges, multi-housing communities, laundromats and more across the United States, Canada and Europe.

CSC never responded when Sherbrooke and Taranenko reported the vulnerability via email and phone call in January, TechCrunch writing. Despite this, the students told the outlet that the company “quietly erased” their fake millions after contacting them.

The lack of response led them to report their findings to others. This includes the fact that the company published a list of orders, which both declared. TechCrunch allows you to connect to all washing machines connected to the CSC network. CSC ServiceWorks did not immediately respond to The edge’s request for feedback.

The CSC vulnerability reminds us that the security situation with the Internet of Things is still not resolved. For the exploit discovered by the students, CSC may be assuming the risk, but in other cases, lax cybersecurity practices have allowed hackers or company contractors to view the footage of the security cameras from strangers or access to smart plugs.

Often, security researchers discover these security vulnerabilities and report them before they can be exploited in the wild. But it’s no use if the responsible company doesn’t respond.