General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsHackers 'could make car wash attack'
Source: BBC
28 July 2017 Technology
Researchers say they have found a way to hack an internet-enabled carwash and make it "attack" users.
They warned criminals could easily exploit the Laserwash car washes, making their doors close too early or their roller arms crush the tops of cars.
They also claimed the manufacturer PDQ ignored warnings about the risks for two years.
PDQ said it was urgently investigating the issues.
Laserwash installations can be remotely monitored and controlled by their owners via a web-based user interface.
-snip-
Read more: http://www.bbc.com/news/technology-40754403
Researchers said they could make the car wash "strike anyone" using it
asiliveandbreathe
(8,203 posts)TeapotInATempest
(804 posts)Security of the Internet of Things (IoT) is painfully lacking. There have been successful proof-of-concept hacks of medical devices, smart thermostats, etc., not to mention the security holes that Bluetooth opens up.
The more we connect ourselves, the more we leave ourselves open to malicious activity and manufacturers rarely address security issues before sending products to the market. Even when they do, security still requires users to intelligently configure and update their devices and that's often where things get fall apart because 1). they don't know the risks, 2). most don't know how to protect themselves, and 3). this stuff gets COMPLICATED.
asiliveandbreathe
(8,203 posts)with any remote devise as they drove by...not sure if true..thanks for the write up..
MineralMan
(146,192 posts)You have to pair the one at your house with the remote. It's easy, but the remotes have their own unique codes these days. Typically, you can pair your opener with several different ones.
However, most cars, now, have a dashboard or visor garage door opener button. You can pair that to your opener. If you do, though, you'll want to always lock your car when it's not in the garage. The crackheads go around in the middle of the night and open car doors and push door opener buttons. Then, they steal your junk and sell it so they can buy more crack. Repeat as needed. Same thing if you clip a garage door remote to your visor, like just about everyone does. It's just like saying, "Dude! There are tools and lots of other cool shit in my garage. Help yourself!" Lock your car in the driveway.
MineralMan
(146,192 posts)a sizable number of them are just leaving default passwords in place. Clever ruffians, like the 4chan script kiddies, are always looking for exposed systems to play with. Someone is forever posting a Google search that will find things like that, based on directory and file names.
People just need to realize that everything they hook up at home that can be accessed from their phone or tablet needs strong password protection. The weird kiddies are out there, and will take great pleasure in messing with your HVAC system to cook your house or freeze it. They like to look at your baby monitor video, too. They're bored and want to play, the little shits!
asiliveandbreathe
(8,203 posts)I still open a can with a hand opener...unless, of course, it has a tab open...
MineralMan
(146,192 posts)A little more expensive, but it works great and has a lifetime guarantee. I found it by searching for manual can opener made in USA on Google. There appears to be only one such manufacturer. I ordered mine on Amazon. Outstanding product.
As for the 4chan script kiddies, they are a really, really annoying bunch. One shows up on DU every once in a while, but rarely lasts long here.
TeapotInATempest
(804 posts)That's our Public Service Announcement of the day, right?
Lee-Lee
(6,324 posts)If it connects to the internet, it has the potential to be hacked.
If your car has Onstar or any of the equivalent products that allow remote unlocking or diagnostics it is internet connected. Most of the computers that control cars have diagnostic settings that allow technicians to do everything from turn it on and off to shift gears to control the accelerator to set the brakes using a computer hooked to it. Hackers have been able to basically exploit weaknesses in this setup and put it in that mode remotely.
You could be driving down the road and suddenly your car accelerates no mater what you do to the fuel pedal- because it's not a cable anymore it is just an electronic switch.
It's actually been discussed that it could be a way of doing undetectable assasinations.
Driverless cars will be even more vulnerable.
https://www.google.com/amp/s/www.wired.com/2015/09/gm-took-5-years-fix-full-takeover-hack-millions-onstar-cars/amp
I tell everyone if they have OnStar or anything like it to have that crap disabled ASAP.
MineralMan
(146,192 posts)their chance to do this....
TeapotInATempest
(804 posts)that vulnerabilities don't necessarily require malice to create issues. I don't know enough about this particular vulnerability but a code misconfiguration can also be dangerous.
MineralMan
(146,192 posts)the Internet is vulnerable. Strong password protection is enough, in most cases, to prevent problems. In the case of a carwash, why would anyone be even interested in messing with it, unless they happened on an unprotected web dashboard for one and messed with it as a prank.
It's not carwashes that are a risk. It's other devices and systems controlled from Internet dashboards.