{"id":98551,"date":"2024-05-19T23:57:03","date_gmt":"2024-05-19T23:57:03","guid":{"rendered":"https:\/\/entertainment.runfyers.com\/index.php\/2024\/05\/19\/two-students-find-security-bug-that-could-let-millions-do-laundry-for-free\/"},"modified":"2024-05-19T23:57:03","modified_gmt":"2024-05-19T23:57:03","slug":"two-students-find-security-bug-that-could-let-millions-do-laundry-for-free","status":"publish","type":"post","link":"https:\/\/entertainment.runfyers.com\/index.php\/2024\/05\/19\/two-students-find-security-bug-that-could-let-millions-do-laundry-for-free\/","title":{"rendered":"Two students find security bug that could let millions do laundry for free"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">A security lapse could let millions of college students do free laundry, thanks to one company. That\u2019s because of a vulnerability that two University of California, Santa Cruz students found in internet-connected washing machines in commercial use in several countries, <a href=\"https:\/\/techcrunch.com\/2024\/05\/17\/csc-serviceworks-free-laundry-million-machines\/\" target=\"_blank\" rel=\"noopener\">according to <em>TechCrunch<\/em><\/a>.<\/p>\n<\/div>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">The two students, Alexander Sherbrooke and Iakov Taranenko, apparently exploited an API for the machines\u2019 app to do things like remotely command them to work without payment and update a laundry account to show it had millions of dollars in it. The company that owns the machines, CSC ServiceWorks, claims to have <a href=\"https:\/\/www.cscsw.com\/about-us\/\" target=\"_blank\" rel=\"noopener\">more than a million laundry and vending machines<\/a> in service at colleges, multi-housing communities, laundromats, and more in the US, Canada, and Europe.<\/p>\n<\/div>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">CSC never responded when Sherbrooke and Taranenko reported the vulnerability via emails and a phone call in January, <em>TechCrunch <\/em>writes. Despite that, the students told the outlet that the company \u201cquietly wiped out\u201d their false millions after they contacted it.<\/p>\n<\/div>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">The lack of response led them to tell others about their findings. That includes that the company has a <a href=\"https:\/\/web.archive.org\/web\/20240120071238\/https:\/\/mycscgo.com\/api\/v1\/docs\/static\/index.html\" target=\"_blank\" rel=\"noopener\">published list of commands<\/a>, which the two told <em>TechCrunch <\/em>enables connecting to all of CSC\u2019s network-connected laundry machines. CSC ServiceWorks didn\u2019t immediately respond to <em>The Verge\u2019<\/em>s request for comment. <\/p>\n<\/div>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">CSC\u2019s vulnerability is a good reminder that the security situation with the internet of things still isn\u2019t sorted out. For the exploit the students found, maybe CSC shoulders the risk, but in other cases, lax cybersecurity practices have made it possible for hackers or company contractors to view <a href=\"https:\/\/www.theverge.com\/23573362\/anker-eufy-security-camera-answers-encryption\" target=\"_blank\" rel=\"noopener\">strangers\u2019 security<\/a> <a href=\"https:\/\/www.theverge.com\/2023\/5\/31\/23744369\/amazon-ring-doorbell-ftc-privacy-spying-settlement\" target=\"_blank\" rel=\"noopener\">camera footage<\/a> or <a href=\"https:\/\/www.theverge.com\/2023\/5\/16\/23725290\/wemo-smart-plug-v2-smart-home-security-vulnerability\" target=\"_blank\" rel=\"noopener\">gain access to smart plugs<\/a>. <\/p>\n<\/div>\n<div>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph mb-20 font-fkroman text-18 leading-160 -tracking-1 selection:bg-franklin-20 dark:text-white dark:selection:bg-blurple [&amp;_a:hover]:shadow-highlight-franklin dark:[&amp;_a:hover]:shadow-highlight-blurple [&amp;_a]:shadow-underline-black dark:[&amp;_a]:shadow-underline-white\">Often, security researchers find these security holes and report them before they can be exploited in the wild. But that\u2019s not helpful if the company responsible for them doesn\u2019t respond. <\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/www.theverge.com\/2024\/5\/19\/24160383\/students-security-bug-laundry-machines-csc-serviceworks\" target=\"_blank\" rel=\"noopener\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A security lapse could let millions of college students do free laundry, thanks to one company. That\u2019s because of a vulnerability that two University of California, Santa Cruz students found in internet-connected washing machines in commercial use in several countries, according to TechCrunch. The two students, Alexander Sherbrooke and Iakov Taranenko, apparently exploited an API [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":98552,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":{"0":"post-98551","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tech"},"_links":{"self":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/98551","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/comments?post=98551"}],"version-history":[{"count":0,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/98551\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/media\/98552"}],"wp:attachment":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/media?parent=98551"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/categories?post=98551"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/tags?post=98551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}