Security researchers have recently discovered that hackers are targeting internet connected car washes to attack vehicles and passengers. And the discovery was so appalling that it prompted the researchers to inform the Department of Homeland Security of their findings on an immediate note.
According to a report compiled by cyber security firm Vice Motherboard which was disclosed at the Black Hat security Conference in Las Vegas, hackers are targeting car wash units via connected devices that cause the washing unit to physically attack someone.
Billy Rios, the founder of the WhiteScope security and Vice Motherboard, disclosed at the conference that cyber criminals are exploiting car washing units through software vulnerabilities and are trapping the vehicles inside the washing units. They are then using the system’s mechanical washing arms to damage the vehicle and in some case the owners of the vehicle as well.
NOTE- The discovery was made at PDQ LaserWash, an automated car wash company that sprays water and wax via a brushless arm.
But Laserwash claims that only a few of their systems are online and so claims that the issue is being blown out of proportion by media. Also, the authorities of PDQ systems added that they will try to identify the exploit discovered by the researchers and fix it ASAP.
Researchers from Vice Motherboards said that already 7 of such car wash units operated across US (mainly in metros) have been targeted by criminals by now. They said that some car owners have reported such cases to law enforcement where their cars got damaged by faulty programming of entry and exit doors along with the washing arms.
When the law enforcement authorities launched a probe, they discovered that the car wash unit was under the influence of hackers.
Rios said that almost all car wash units operating in United Systems are running on Windows CE Software which has an inbuilt web server that allows technicians to monitor them over the internet. And this feature is said to be causing a lot of damage to car owners.
A spokesperson from PDQ issued a press statement early today saying that their company is aware of the black hat talk and their officials are investigating the issue.
The spokesperson added that their company allowed the researchers from Vice Motherboards to test their systems early this year. And they are glad the vulnerability was identified in time.