Just when you think you\u2019ve heard it all when it comes to connected devices being hacked, Black Hat rolls around and makes you reconsider what you thought were the most bizarre things ever hacked.<\/p>\n
Thoughts may immediately jump to the latest and greatest connected IoT wearable or something odd like Google Glass \u2014 both good guesses \u2014 but they\u2019d be wrong. Chances are you would never guess, but we\u2019ll wait while you glance up again at the title of this post.<\/p>\n
You see, researchers Billy Rios and Jonathan Butts discovered that car washes could be hacked. OK \u2014 I know it does not sound all that<\/em> exciting, but the researchers also noted that they had possibly discovered the first exploit that could cause physical harm to a person. [Ed. note: The Jeep hackers<\/a> might beg to differ.]<\/p>\n The veteran researchers looked into the PDQ LaserWash after hearing about how a misconfigured machine hit a car with a mechanical arm and doused the occupants with water.<\/p>\n Like many IoT devices and machines, car washes can be filed under \u201cThings you would never have thought needed to be online.\u201d And like many devices, the LaserWash had default passwords that the researchers said were easy to guess.<\/p>\n Once inside the system, the researchers were able to find areas of manipulation including opening and closing bay doors, spraying water, and disabling the infrared sensors. Those may seem harmless, but the researchers also showed a video where they made the bay door crash on a car, which could do some serious damage to a vehicle or the people inside. If the hackers were feeling extra sassy, they could send an e-mail detailing the accident or posting it straight to Facebook.<\/p>\n The e-mail function could be useful for the business owners and technicians for tracking issues and usage of the car wash; I still can\u2019t figure out why a car wash would need the ability to post to Facebook.<\/p>\n The researchers also noted that although they disclosed the vulnerability to the manufacturer, there is no patch as of Black Hat 2017.<\/p>\n The work done by Rios and Butts further highlights the need for everyone to change default passwords and think twice before connecting a device to the Internet. Although this was a test on a seemingly benign system, a car wash is a mini industrial control system<\/a> that if used inappropriately could inflict some pain and suffering to innocent people.<\/p>\n Hacking electricity, water, and food<\/a><\/p><\/blockquote>\n