“UC Santa Cruz students Alexander Sherbrooke and Iakov Taranenko told TechCrunch that the vulnerability they discovered allows anyone to remotely send commands to laundry machines run by CSC and operate laundry cycles for free.” reported<\/strong><\/a> TechCrunch.<\/em>
Sherbrooke and Taranenko were also able to add several million dollars to their laundry account which can be managed through the CSC Go mobile app<\/a>.<\/p>\n\n\n\n
The vulnerability resides in the API used by CSC\u2019s mobile app, CSC Go<\/a>. The two students discovered that the app lacks security checks and mutual authentication between the app and the CSC\u2019s servers. The experts also discovered that it is possible to send commands to CSC\u2019s servers that are unavailable through the app itself. <\/p>\n\n\n\n
Taranenko was disappointed that CSC did not acknowledge the vulnerability.<\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, laundry machines)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"