Car Wash Hack Can Strike Vehicle, Trap or Douse Passengers

car wash

“The Internet of Every Little Thing. That is what they should have called it. Or the Internet of Cookies & Ice Cream. That screams out: Trust us! You’ve got nothin’ to hide if you’ve got nothin’ to hide. But Jesus, they do suck up every single piece of data. And if you don’t like it? Too bad. Man up and shut up, pussy willow. Keep your head down and your mouth shut…” Excerpt: Hawkins Bay

26 July 2017 | Kim Zetter| Motherboard

The security problems found in internet-enabled medical equipment and cars in recent years have raised a lot of awareness about the public safety risks of connected devices. But it’s not just life-saving implements and fast-moving vehicles that pose potential harm.

A group of security researchers have found vulnerabilities in internet-connected drive-through car washes that would let hackers remotely hijack the systems to physically attack vehicles and their occupants.

The vulnerabilities would let an attacker open and close the bay doors on a car wash to trap vehicles inside the chamber, or strike them with the doors, damaging them and possibly injuring occupants.

“We believe this to be the first exploit of a connected device that causes the device to physically attack someone,” Billy Rios, the founder of Whitescope security, told Motherboard. Rios conducted the research with Jonathan Butts of QED Secure Solutions. They plan to discuss their findings this week at the Black Hat security conference in Las Vegas.

Rios, working at times alone and with colleagues, has exposed many security problems over the years in drug-infusion pumps that deliver medicine to hospital patients; in airport x-ray machines designed to detect weapons; and in building systems that control electronic door locks, alarm systems, lights, elevators, and video surveillance cameras.

This time his focus was on the PDQ LaserWash, a fully-automated, brushless, touchless car wash system that sprays water and wax through a mechanical arm that moves around a vehicle. PDQ car washes are popular throughout the US because they don’t require attendants to operate.

Many of the facilities have bay doors at the entrance and exit that can be programmed to automatically open and close at the start and end of a day, and a touchscreen menu that allows drivers to choose their cleaning package without interacting with any workers.

The systems run on Windows CE and have a built-in web server that lets technicians configure and monitor them over the internet. And herein lies the problem.

Rios says he became interested in the car washes after hearing from a friendabout an accident that occurred years ago when technicians misconfigured one in a way that caused the mechanical arm to strike a minivan and douse the family inside with water. The driver damaged the vehicle and car wash as he accelerated quickly to escape.

Read More


Join the Hawkins Bay Revolution. Before it is banned. Or tossed in the bonfire.

amazonlogo

iBooks_icon_large

Kobo_logo_(2015).svg

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s