• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News

Hackers can take over Car Wash, trap you and smash your vehicle

July 27th, 2017 Waqas Security, Technology News 0 comments
Hackers can take over Car Wash, trap you and smash your vehicle
Share on FacebookShare on Twitter

It is understandable to receive Internet of Things (IoT) related warnings like vulnerable public WiFi or charging spots that can be hacked but a drive-through car wash? Well, it turns out Internet connected car washes or smart car washes can be hacked and trap the customer inside with their vehicle or even smash it while you in there.

IT security researchers at WhiteScope Billy Rios and Jonathan Butts have discovered a critical security flaw in the design of the software responsible for running a huge number of Internet connected car washes in the United States. The flaw can allow an attacker to gain remote access to the equipment and take control of the doors, including locking them and causing whatever damage possible.

[irp posts=”52626″ name=”Cars with Vulnerable WIFI Dongle can be Hacked via Bluetooth”]

Originally, Rios noted the flaws back in 2015, and since then his mission was to find as many devices as possible and analyze what they are exposing to the public web. This time, to take his findings to a new level both researchers came up with an exploit for the flaw and with the permission of a car wash owner they successfully targeted the system. 

The problem exists in PDQ Vehicle Wash Systems, a brushless automated car wash system which is operated through a software that runs on Windows CE (Compact edition) and uses a mechanical arm to spray around the vehicle. It must be noted that Windows CE was initially released in 1996 making it a 20-year-old operating system which is not even supported by Microsoft anymore.

The system is protected with login credentials ( a username and a password) which are easy to guess –  especially if the user has not changed them since it was installed or in simple words, researchers say default credentials are easy to guess.

Upon knowing the login details, researchers exploited the vulnerability and sent remote commands to the car wash system directing it to close the bay doors, trap the vehicle inside, spray as much water and soap they want and even smash the vehicle around which can be life threatening for some customers trapped inside.

In a conversation with MotherBoard, researchers explained that “We believe this to be the first exploit of a connected device that causes the device to physically attack someone.”

Both researchers demonstrated their findings at the Black Hat security conference in Las Vegas. 

This is not the first time when Billy Rios and Jonathan Butts have identified critical vulnerabilities in an IoT system. Previously, both researchers identified life threatening vulnerabilities in hospital drug pumps which can be exploited to remotely administer a fatal dose of the medication to a patient.

A couple of months ago, the researchers also exposed another life threatening vulnerability in pacemakers which can be exploited to conduct potential ransomware attacks on a targeted device.

In this era of technology, almost everyone owns an IoT device. While there is a lot that can be done to secure smart devices, users must change the default credentials of their IoT devices and use a strong password instead. Furthermore, keep your operating system updated and use protection against cyber attacks. Stay safe online.

Understand what is PDQ Vehicle Wash Systems

[irp posts=”31199″ name=”Driverless Cars Can Be Hacked by Compromising 3D Imaging System”]

  • Tags
  • hacking
  • internet
  • IoT
  • security
  • Technology
  • Vulnerability
  • WIFI
Facebook Twitter LinkedIn Pinterest
Previous article BTC-e exchange' owner arrested over money laundering accusation
Next article Update your phone: Avoid being Pwned by bug residing in WiFi chip
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Man jailed after attempting to buy 3-year-old girl on dark web
Cyber Crime

Man jailed after attempting to buy 3-year-old girl on dark web

75
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

117
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

156

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us