• Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      2
      ·
      6 months ago

      That’s how it works in security. It is unethical to not give the company time to react before public disclosure.

      • emergencyfood@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        I think they meant that if the students hadn’t told the company, they and their classmates could have done their laundry for free.

          • Kiosade@lemmy.ca
            link
            fedilink
            English
            arrow-up
            4
            ·
            6 months ago

            They charge $2.50 a load these days. They’re the ones that are stealing.

            • AstralPath@lemmy.ca
              link
              fedilink
              English
              arrow-up
              5
              ·
              6 months ago

              Bruh, I worked for laundry company in Ottawa. Many landlords were charging $4.50 CAD for a wash and $2.50 for a dry back in 2015. I shudder to think how high its gotten now.

              Fucking shit ass garbage company. Boss was a smarmy cunt too. “Walked 10 miles up hill both ways to school” kind of prick.

              Laundry is a basic service that should be easily affordable for everyone. Charging a premium for it is scummy.

              Steal from landlord laundry every chance you get.

            • Possibly linux@lemmy.zip
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              9
              ·
              6 months ago

              Then don’t use them. I really doubt they are making a ton off of a laundromat. If you can’t find an alternative place open your own and get a new source of income.

  • ATDA@lemmy.world
    link
    fedilink
    English
    arrow-up
    119
    arrow-down
    1
    ·
    6 months ago

    His hat is only white because he got to test this a bunch before exposing the vulnerability.

  • evatronic@lemm.ee
    link
    fedilink
    English
    arrow-up
    62
    ·
    6 months ago

    Fun.

    From the article, the linked Swagger docs : https://web.archive.org/web/20240120071238/https://mycscgo.com/api/v1/docs/static/index.html#/

    And a little more detailed account : https://timesofindia.indiatimes.com/technology/tech-news/how-this-security-bug-in-washing-machines-can-help-college-students-in-the-us-do-free-laundry/articleshow/110277923.cms

    It looks like these laundry machines are controlled by a mobile app, and requests are routed through The Internet™. The flaw appears to be the web service presumes a user is only able to gain access to their API endpoints via the mobile app, which only exposes certain functions to a user.

    Once authorized, though, there’s no further checks like oauth scopes or even user roles, to prevent someone from doing a little bit of lateral movement to admin-style endpoints.

    Lazy. The machine makers should be ashamed.

    • anakin78z@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      1
      ·
      6 months ago

      I once took over an app that worked like this. Access to one thing? Access to everything! And they had a hard coded admin password in the server code. 🤦 The client wasn’t happy when I proposed a complete rewrite. Eventually my manager begged me to stop working with them, so we did.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      Honestly coin machines aren’t that bad as they don’t require you to pay a internet bill and they don’t have cyber issues.

      Sure it might be inconvenient but you can just have a machine that converts bills to coins like they have at car washes.

    • brbposting@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      2
      ·
      6 months ago

      They could!

      Obviously we need UBI cuz…

      Capitalism. “Free” washes would increase rent. And benefit high-volume washers! Might increase lines though (wash more often with no skin in the game), pull back people who may be using laundromats as an alternative. Detrimental to low-volume washing households.

      Mostly I’d say it’s an optics thing. Cost per year to exist wouldn’t change much, but clearly public opinion could.

  • ChickenLadyLovesLife@lemmy.world
    link
    fedilink
    English
    arrow-up
    30
    ·
    6 months ago

    I (white boy) visited India in the early '90s and brought back a bunch of rolls of half-Rupee coins as souvenirs. Turns out they were the exact same weight and diameter as US quarters (even down to the number of ridges, which makes me suspect India bought a bunch of used US minting machines to make them), so I started using them at laundromats. The exchange rate at the time was 35 Rs to the dollar, so a load in the US that normally cost $1 was costing me less than 6 cents. I do feel bad for the harassment that actual Indian customers probably ended up receiving, although possibly the owners never noticed or cared.

    • PrettyFlyForAFatGuy@feddit.uk
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      6 months ago

      When i used to go to france for my family holiday every year (i live in southeast england so not far) i used to take as many 2p coins as i could because they were close enough to the €2 coin to work in those insert and twist sweet/small toy machines

      • ChickenLadyLovesLife@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        6 months ago

        British coins really seem absurdly overly-beefy for the monetary value they represent. I think it’s a way of saving up metal for the next time the Germans need sorting out.

    • jaschen@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      I used to work as a teller and we used to run magnets on every roll of quarters that came in from laundry mats and car washes. While the weight is correct, American coins are never magnetic. Every single time it’s the laundry mats that foot the bill.

  • PM_Your_Nudes_Please@lemmy.world
    link
    fedilink
    English
    arrow-up
    26
    ·
    6 months ago

    Here’s a reminder that most washing machines use a universal key, which you can buy online for like $5. You can just pop it open and hit the little “coin inserted” switch to make it think you paid.

      • PM_Your_Nudes_Please@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        I mean, the owner can choose to re-key it. But there are only a few manufacturers for them. Most laundromats use Speed Queen machines, for instance. And the manufacturer ships them with a single universal key, so the owner isn’t left juggling like forty different keys for a single laundromat. If every machine had a unique key, the owners would need to have a bunch of different keys just to service everything at the end of the day.

  • JasonDJ@lemmy.zip
    link
    fedilink
    English
    arrow-up
    24
    ·
    6 months ago

    I used to go to a laundromat that used something like a smartcard to keep your balance. You’d refill it at the kiosk and swipe it at the washer/dryer.

    I had a reader/writer around somewhere from a few years prior, when I was messing around with old Echostar boxes.

    Wish I could have found it. Those machines didn’t look to be connected to anything. I didn’t see any wireless networks in the area and the equipment didn’t have any data lines.

    I’m almost willing to bet the balance was stored as an value on the card and gets read/rewritten with every swipe, and essentially just security-through-obscurity. Meaning I could either back up and rewrite a $20 card forever, or rewrite the balance to having FF credits or whatever.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      6
      ·
      6 months ago

      There also is a point of cost. They aren’t going to spend a bunch of money securing a laundromat. If they spend a bunch of money left and right your laundry fees would be pricy. Not to mention a laundryman isn’t exactly a high profit business.

      • AlecSadler@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        6 months ago

        I agree with the first part of your comment, but laundromats are absolutely a high profit business.

        source: family friend owns a bunch of them, every single one was net profitable inside of a few months and they are now basically pure profit month over month. They make more money than I ever have from a single software development job, even at my peak, and they largely just farm maintenance out and pay some labor.

    • Brutticus@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      how much would it be get a reader? What skills would I need to keep resetting the amount?

  • Gumby@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    6 months ago

    I had free laundry for most of my freshman year of college. We had coin operated machines, and somebody quickly figured out that you can strip 2 wires and just touch them together, or touch a coin to both of them, and every time you did that the machine would think a coin had been inserted. Eventually the college caught on and one day I went down there and all the machines were taken apart with maintenance guys working on them, and after that there was a heavy duty housing for the coin acceptor with no exposed wires. It was nice while it lasted!

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    8
    ·
    6 months ago

    This is the best summary I could come up with:


    That’s because of a vulnerability that two University of California, Santa Cruz students found in internet-connected washing machines in commercial use in several countries, according to TechCrunch.

    The two students, Alexander Sherbrooke and Iakov Taranenko, apparently exploited an API for the machines’ app to do things like remotely command them to work without payment and update a laundry account to show it had millions of dollars in it.

    CSC never responded when Sherbrooke and Taranenko reported the vulnerability via emails and a phone call in January, TechCrunch writes.

    That includes that the company has a published list of commands, which the two told TechCrunch enables connecting to all of CSC’s network-connected laundry machines.

    CSC’s vulnerability is a good reminder that the security situation with the internet of things still isn’t sorted out.

    For the exploit the students found, maybe CSC shoulders the risk, but in other cases, lax cybersecurity practices have made it possible for hackers or company contractors to view strangers’ security camera footage or gain access to smart plugs.


    The original article contains 294 words, the summary contains 171 words. Saved 42%. I’m a bot and I’m open source!

      • cm0002@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        6 months ago

        Forreal, I highly doubt CSC has a big bounty program so why did they even bother? Guaranteed they were the “Teacher you forgot our homework” kids

  • kingthrillgore@lemmy.ml
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    6 months ago

    There used to be this music festival in my college town and they liked to charge absurd money for “tokens” to use at the vendors. I didn’t use all of them but I found they worked in the parking meters (I think they detected as slugs, because they immediately gave me an hour and flashed the meter) but nobody in the city bothered to ticket me for it. I dunno, I felt kinda bad but at the same time, I don’t like to parallel park.

    For what its worth, I paid more for the tokens than I ever did parking.

  • Rentlar@lemmy.ca
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    6 months ago

    I’ve never heard of CSC, only Coinamatic in every commercially run residential coin laundry I have seen (in Canada). They run on coins or chip cards.