this post was submitted on 20 May 2024
379 points (98.0% liked)

Technology

58122 readers
4366 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
379
Two students find security bug that could let millions do laundry for free (www.theverge.com)
submitted 4 months ago by [email protected] to c/[email protected]
87 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 4 months ago (1 children)

This is the best summary I could come up with:

That’s because of a vulnerability that two University of California, Santa Cruz students found in internet-connected washing machines in commercial use in several countries, according to TechCrunch.

The two students, Alexander Sherbrooke and Iakov Taranenko, apparently exploited an API for the machines’ app to do things like remotely command them to work without payment and update a laundry account to show it had millions of dollars in it.

CSC never responded when Sherbrooke and Taranenko reported the vulnerability via emails and a phone call in January, TechCrunch writes.

That includes that the company has a published list of commands, which the two told TechCrunch enables connecting to all of CSC’s network-connected laundry machines.

CSC’s vulnerability is a good reminder that the security situation with the internet of things still isn’t sorted out.

For the exploit the students found, maybe CSC shoulders the risk, but in other cases, lax cybersecurity practices have made it possible for hackers or company contractors to view strangers’ security camera footage or gain access to smart plugs.

The original article contains 294 words, the summary contains 171 words. Saved 42%. I'm a bot and I'm open source!

[–] [email protected] 7 points 4 months ago (2 children)

Sherbrooke and Taranenko reported the vulnerability

Finks >:(

[–] [email protected] 10 points 4 months ago

Forreal, I highly doubt CSC has a big bounty program so why did they even bother? Guaranteed they were the "Teacher you forgot our homework" kids

[–] [email protected] 6 points 4 months ago (1 children)

Honestly, in this case, the company in question are even bigger finks because they don't actually care about fixing a vulnerability that could cost them money.

If that speaks to their security practices, well... Let's just say I wouldn't be surprised if customer data was all in an unsecured, unencrypted, plain-text Microsoft Word document.

[–] [email protected] 5 points 4 months ago (1 children)

Im very amused at it being in word rather than .xlsx or .txt, like them going out if their way to make it worse because word is all they know.

[–] [email protected] 5 points 4 months ago

"But word is a text file."