In a Connected World, Even your Favorite Car Wash is Vulnerable to Hacking
Just imagine a car wash trying to kill you.... sounds like a nice way to spend your Sunday, huh?by Robert Moore, on
Connected cars have already raised a lot of concerns when it comes to cyber security. Remember back in 2015 when those guys from Twitter and IOActive hacked a 2014 Jeep Grand Cherokee and took control of its onboard systems? In fairness, FCA issued a recall shortly thereafter, but that’s not the point. Later on, in 2016, it was found that most Volkswagen’s built after 1995 could be remotely hacked to allow a hacker to unlock the doors and gain physical entry. And, let’s not forget about those two guys that got arrested for hacking and stealing 30 Jeeps using nothing more than a laptop and some stolen software. Brand new VW’s now have their own unique keys and entry codes, and FCA has issued a fix for their problems, so why is this relevant? Because hacking isn’t just limited to cars. Think about this – it’s Sunday, you’re in the car wash, and getting ready to emerge from the exit with a freshly cleaned ride. All of the sudden: BAM – the doors shut, and one of the robotic arms starts hitting your car repeatedly, breaking the windows, damaging the body, and getting you wet at the same time.
Sounds pretty wild right? Well, as it turns out, it’s quite possible, and it was recently proven by a group of security researchers who presented their findings at the Black Hat hacking conference in Vegas last week. The system in question is known as the PDQ LaserWash, which just so happens to be a pretty popular system and is used across the U.S. The systems are connected to the internet and run on a version of Windows CE. The exploit has been known about for a couple of years, but it wasn’t until recently that a facility in Washington State allowed the research group to try it out. Unfortunately, they didn’t allow the team to record their results, so there’s no video of what’s actually going on, but the team says they were able to easily guess the default master password and use an “attack script” to control the car wash. In their test, they didn’t strike the vehicle with any components of the carwash, but they did lock the bay doors and demonstrated that it could be done. The team has notified the Department of Homeland Security, and PDQ is reportedly working on a fix for the exploit.
This Kind of Thing is Only Going to get Worse
Automakers and other companies really need to take cyber security seriously.
I’ve said it once, and I’ll say it again. Automakers and other companies really need to take cyber security seriously. It’s only a matter of time before our cars are connected to everything around us, and that’s not good when exploits are popping up all of the time. There’s seemingly always a back door waiting to be found or a loophole waiting to be exploited. As we transition into connected infrastructure cyber security will be more important than ever. One little exploit could allow the right person the ability to control autonomous cars at a whim or control traffic signals, which – needless to say – is a recipe for disaster and surely I prime way for terrorists to do their jobs from abroad.
Also, as someone who is into computing and technology, I have to urge companies quit using windows as their base software. I mean honestly, use Linux – it’s much more secure, and there are plenty of supported, open source variations out there that are easily customizable and more than capable of running car washes and infotainment systems. With that said, what do you guys think? Pretty crazy, or is it unlikely that anyone would take advantage of hacking a carwash? It would be a one-hit kind of thing in most cases, and it wouldn’t cause any wide-scale commotion so seems like more of a waste of time than anything. Let us know what you think in the comments section below.