Hackers can trap people in automatic car washes with a way too simple approach


Advertisement

PDQ LaserWashes are automatic car washes that don't require attendants. They are programmed for when they need to open and close, and they are monitored by technicians on the Internet. It seems like a great idea, right?

Well, cybersecurity researches have indicated that hackers would have no trouble breaking into the LaserWashes' system by simply guessing passwords, according to Motherboard.

Related: A major American car company is trying to avoid a massive recall

Advertisement

Once the hackers get into the system, they can potentially wreak havoc on customers going through the carwash.

This excerpt from Motherboard sounds terrifying:

"The car wash's software tracks where a carwash is in its cycle, making it easy to know when the wash is about to end and a vehicle to exit. An attacker can send an instantaneous command to close one or both doors to trap the vehicle inside, or open and close one door repeatedly to strike the vehicle a number of times as a driver tries to flee."

Hackers can also use the mechanical arm to trap drivers, and they can spew water on the people in the car wash to prevent them from leaving.

Advertisement

Billy Rios, the founder of Whitescope Security, told Motherboard "We believe this to be the first exploit of a connected device that causes the device to physically attack someone."

Surely security teams will be able to figure out a way to keep hackers out of the system. For now, we'll just stick to washing my car on my own.

(h/t Jalopnik)