Two Students Expose a Security Bug in CSC ServiceWorks Laundry Machines

| Updated on May 22, 2024
two students expose security bug in CSC laundry machines

A recently found security bug could let millions of college students do their laundry for free, thanks to one company. It was first discovered by a couple of University of California students that laundry machines connected to the internet could be exploited to get free laundry.

Two students, Alexander Sherbrooke, and iaKov Taranenko, apparently used an API to exploit it for the Machines app to do things like remotely command them to work without payment and update a laundry account to show that it had millions of dollars in it.

The company that owns these machines, CSC Service Works, claimed to have more than a million laundry machines and vending machines in service in many colleges and multi-housing communities, laundromats, and more across the US, Canada, and Europe.

CSC has never responded since the two students first reported this vulnerability via email or phone call in January. But still, despite all that, the students told the media that the company quietly wiped out their false millions after they contacted it.

This vulnerability in CSC’s systems is pretty much a reminder that the security situation with IoT devices has still not been sorted out completely. For the exploit, the students found that CSC might have shouldered the risks.

Reena Choudhary