Slashdot Mirror

← Back to Stories (view on slashdot.org)

Also Hackable: Drive-Through Car Washes

Posted by Soulskill on from the not-everything-needs-a-web-interface dept.

PLAR writes It turns out LaserWash automatic car washes can be easily hacked via the Internet to get a free wash or to manipulate the machines that clean the cars, a security researcher has found. Billy Rios says these car washes have web interfaces with weak/default passwords which, if obtained, could allow an attacker to telnet in and use an HTTP GET request to control the machines. Rios adds that this probably isn't the only car wash brand that's vulnerable.

7 of 103 comments (clear)

  1. What's a car wash? by mspohr · · Score: 4, Funny

    Car?
    Wash?

    --
    I don't read your sig. Why are you reading mine?
  2. Some things do not belong on the Internet by davidwr · · Score: 4, Insightful

    Some things just should never be put "on the Internet."

    If you must have remote access, either use a dedicated physical connection (with appropriate anti-tampering/tamper-mitigation measures of course) or tunnel them through a rock-solid VPN, but for goodness sake don't put them "on the Internet."

    Yes, companies that run industrial equipment, traffic lights, etc., I'm looking at you too.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:Some things do not belong on the Internet by nitehawk214 · · Score: 4, Insightful

      So, you can't stick a credit card into the thing. And when it breaks down nobody gets alerted.

      Traffic lights: No ability to know when they are working or not, no way to synchronize lights across the city.

      Think about it. Devices need to be connected. Security isn't hard, companies need to start giving a shit about it.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
  3. Breaking Bad car wash by MillionthMonkey · · Score: 4, Funny

    What a pity this wasn't discovered sooner... Skyler White could have asked Saul Goodman to hire his Eastern European hacker again to launder Walt's meth money through that car wash using HTTP GET requests.

  4. Online Manual by chill · · Score: 4, Informative

    A quick Google search for "laswerwash ip address" and the very first link is a PDF of the LaserWash Owner/Operator manual with LOTS of useful information.

    Things like default IP address, default port, default passwords, command sequences, etc.

    --
    Learning HOW to think is more important than learning WHAT to think.
  5. I hope whoever did this by Anonymous Coward · · Score: 4, Funny

    comes out clean.

  6. Sudo wax off by Anonymous Coward · · Score: 5, Funny

    Sudo wax on