Some automatic car wash facilities are vulnerable to hacking
Killer Car Washes Have Become Reality
Las Vegas – Get out your wash mitt or chamois, because automated car washes apparently can kill you. This shocking reality came to light recently at a hacker conference in Las Vegas. While nobody’s been attacked yet, the risk of a car wash hack is real.
Might be time for a refresher on how to wash your car.
Security Holes
Two researchers from tech firm WhiteScope LLC uncovered a big security hole in certain automated car washes. They presented their findings at the Black Hat conference, which is a premier event for tech security.
“Laserwash” car washes, which are made by PDQ Inc., were mentioned specifically by researchers. Those machines run on Windows CE. If you’re wondering what decade we’re in, you’re not alone. That’s because the OS launched back when Clinton won reelection in 1996.
Originally, Microsoft envisioned the OS running the first wave of smartphones, before Apple got in the game.
Microsoft stopped supporting Windows CE long ago. That means it hasn’t had a security update in years. Yes, it’s riddled with holes like Swiss cheese. Basically, it’s just asking for hackers to stroll right in.
PDQ Inc. has some security tips on its website. For example, it recommends not connecting the Laserwash directly to the Internet, without putting it behind a firewall.
Because it’s connected, car wash owners can manage the machines remotely. That allows an entrepreneur to own multiple locations spread throughout a big area.
A good hacker can get past a firewall, depending on a few factors. From there, the OS itself is a complete sitting duck.
Killing You Softly
Again, nobody has been killed by a car wash hack. But people have been killed in automatic car wash accidents. So, to construe that a hacker could attack and kill someone isn’t science fiction. At least it’s not anymore.
“Car washes are really just industrial control systems. The attitudes of ICS are still in there,” Billy Rios, one of the researchers, told The Las Vegas Register.
“We’ve written an exploit to cause a car wash system to physically attack; it will strike anyone in the car wash. We think this is the first exploit that causes a connected device to attack someone.”
Once a hacker hijacks a car wash, he can do all kinds of things. Removing security protocols, he could drop the door on a vehicle repeatedly as it enters or leaves. He might maneuver wash arms so low they crush the car roof. Someone with enough time and psychotic creativity might engineer even more gruesome methods to maim
