Best of Today’s Tech Stories – 20/05/2024

By far my favourite story of today was reported by Tech Crunch and was that of two University of California students, Alexander Sherbrooke and Iakov Taranenko. The two students managed to find a vulnerability in the API of internet-connected washing machines owned by CSC ServiceWorks.

The washing machines would usually be controlled by the CSC GO app but the two students managed to work around the security features of the app by sending commands directly to the CSC server. It is assumed that this would have involved sifting through and deciphering thousands of network transactions (never fun) to learn how to communicate with and manipulate the CSC server.

The washing machines are used across Europe, Canada and the US at universities, hotels and laundromats.  The vulnerability allowed the students not only to use the machines for free but also to falsely credit their CSC GO accounts.

Reading this story I was reminded of the Phreaking hack made famous by characters Razor and Blade (pictured below) in United Artists’ 1995 cult classic HACKERS which allowed certain tech savvy individuals to make free long distant phone calls. Like that hack, this could make the day-to-day life of anyone willing to exploit the vulnerability a little more affordable at the expense of a large corporation.

Pictured: Razor (Darren Lee) and Blade (Peter Kim) from United Artists’ 1995 Cult Classic HACKERS

The two honest students reported the bug to CSC in January but – with the exception of clearing the millions of dollars of credit that the students had added to their accounts – no action has been taken to fix the vulnerability.

Bravo to Sherbrooke and Taranenko for finding and reporting the vulnerability. Hack the Planet!