College students discover security flaw that could let millions do laundry for free

Two college students discovered a security exploit within the API of a washing machine that is currently in use across several countries.

2

Alexander Sherbrooke and Iakov Taranenko discovered the security flaw within the API created by the company behind the washing machines, CSC ServiceWorks. The two students claim the vulnerability within the internet-connected API enabled them to remotely turn a machine on without payment, and update their laundry account to display millions of dollars. Reports indicate that CSC ServiceWorks has more than a million machines across college campuses, housing communities, and laundromats in the US, Canada, and Europe.

The two college students contacted CSC ServiceWorks about the security flaw and didn't receive a response from the company, but noticed shortly after their laundry account balance was changed from millions of dollars back to $0. The two students spoke to The Verge and said the lack of response from CSC ServiceWorks led them to tell other people about the vulnerability, which resulted in the posting of the list of commands that enables anyone to access CSC's network-connected laundry machines.

With the method of connecting to the laundry machines now public it will likely be very soon the vulnerability will get fixed. This is a solid reminder to any businesses they are network-connected to make sure your cybersecurity is up to date, and if anyone is genuinely trying to contact you regarding your network security (obviously avoid scammers), it's worth lending an ear to them.