Is the “internet of things” becoming a household term for you? If so, you can extend that presence to your local automatic car wash, which in many cases have proven to exploitable by hackers. How, you ask?
“We believe this to be the first exploit of a connected device that causes the device to physically attack someone,” ~ Billy Rios – Founder, Whitescope Security
Rios exposed the vulnerabilities two years ago, but recently a facility in Washington state agreed to participate and see if the threats were real. Long story short: they are very real.
While these researchers are positive hackers…intending to identify and correct vulnerabilities before unscrupulous hackers could exploit and harm anyone…they were able to easily ignore passwords and find authentication process vulnerabilities. Next they wrote a fully automated attack script that:
- Monitors when the vehicle is preparing to exit the wash bay and strike the car with the exit door automatically.
- Send commands to close both doors to the wash bay at once and trap the vehicle and occupants inside, or even open and close the doors on a vehicle countless times.
- Gain control of the mechanical arm that sprays wash chemicals and water on the vehicle….potentially spewing water continuously on the car…and trapping car occupants inside both the vehicle and the car wash bay.
Once again, no innocent car wash customers have actually been attacked yet…but these researchers will be submitting their findings to the U.S. Department of Homeland Security and later release their own report.