Also Hackable: Drive-Through Car Washes

← Back to Stories (view on slashdot.org)

Also Hackable: Drive-Through Car Washes

Posted by Soulskill on Friday February 20, 2015 @09:38AM from the not-everything-needs-a-web-interface dept.

PLAR writes It turns out LaserWash automatic car washes can be easily hacked via the Internet to get a free wash or to manipulate the machines that clean the cars, a security researcher has found. Billy Rios says these car washes have web interfaces with weak/default passwords which, if obtained, could allow an attacker to telnet in and use an HTTP GET request to control the machines. Rios adds that this probably isn't the only car wash brand that's vulnerable.

9 of 103 comments (clear)

Min score:

Reason:

Sort:

What's a car wash? by mspohr · 2015-02-20 09:47 · Score: 4, Funny

Car?
Wash?

--
I don't read your sig. Why are you reading mine?
Some things do not belong on the Internet by davidwr · 2015-02-20 09:48 · Score: 4, Insightful

Some things just should never be put "on the Internet."
If you must have remote access, either use a dedicated physical connection (with appropriate anti-tampering/tamper-mitigation measures of course) or tunnel them through a rock-solid VPN, but for goodness sake don't put them "on the Internet."
Yes, companies that run industrial equipment, traffic lights, etc., I'm looking at you too.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
1. Re:Some things do not belong on the Internet by nitehawk214 · 2015-02-20 10:44 · Score: 4, Insightful
  
  So, you can't stick a credit card into the thing. And when it breaks down nobody gets alerted.
  Traffic lights: No ability to know when they are working or not, no way to synchronize lights across the city.
  Think about it. Devices need to be connected. Security isn't hard, companies need to start giving a shit about it.
  
  --
  I'm a good cook. I'm a fantastic eater. - Steven Brust
Breaking Bad car wash by MillionthMonkey · 2015-02-20 10:03 · Score: 4, Funny

What a pity this wasn't discovered sooner... Skyler White could have asked Saul Goodman to hire his Eastern European hacker again to launder Walt's meth money through that car wash using HTTP GET requests.
Online Manual by chill · 2015-02-20 10:07 · Score: 4, Informative

A quick Google search for "laswerwash ip address" and the very first link is a PDF of the LaserWash Owner/Operator manual with LOTS of useful information.
Things like default IP address, default port, default passwords, command sequences, etc.

--
Learning HOW to think is more important than learning WHAT to think.
I hope whoever did this by Anonymous Coward · 2015-02-20 10:12 · Score: 4, Funny

comes out clean.
Sudo wax off by Anonymous Coward · 2015-02-20 10:13 · Score: 5, Funny

Sudo wax on
Re:Marketing dream chasers by Applehu+Akbar · 2015-02-20 16:57 · Score: 3, Funny

My very first car wash was cloud-based. Sometimes I miscalculated and it got snowed on instead.
Re:Embedded systems devs by Zero__Kelvin · 2015-02-21 00:44 · Score: 3, Informative

Do the world a favour and stay out of the Computer Security Business. 80% of CompSec is anticipating how people might use things in ways they were never intended to be used.

--
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun