Be afraid: Automated car washes can be hacked and turned into killing machines
Automated car washes, of all things, can now be added to the list of things that can potentially kill you.
It turns out that car washes can be hacked for nefarious purposes, according to research presented by WhiteScope LLC information technology security researchers Billy Rios and Jonathan Butt at the Black Hat conference in Las Vegas last week. There’s a critical security vulnerability in the “Laserwash” series of car washes manufactured by PDQ Inc.
The researchers found that the car washes, which can be remotely monitored and controlled by their owners via a web-based user interface, use Windows CE, first deployed by Microsoft Corp. to power early smartphones in 1996. Since it’s no longer supported, it now represents a massive, open security risk.
Given that access, the car washes can be hijacked and used to attack unsuspecting users innocently having their cars washed in a scenario straight out of a B movie.
“Car washes are really just industrial control systems,” Rios told The Register. “We’ve written an exploit to cause a car wash system to physically attack; it will strike anyone in the car wash. We think this is the first exploit that causes a connected device to attack someone.”
Moreover, killing someone in a car wash is apparently not all that difficult once control of the car wash has been obtained. “We controlled all the machinery inside the car wash and could shut down the safety systems,” Rios added. “You could set the roller arms to come down much lower and crush the top of the car, provided there was not mechanical barriers in place.”
While it’s theoretical at this stage and there are no proven cases of a car wash being hacked for the purposes of injuring or killing someone, automated car washes have actually killed people or come close to doing so in the past. In March 2007, a Wyoming, Michigan man was dragged into a car wash and “killed in a tragic incident,” while in 2013 a man in England came close to dying after “a huge metal arm in a mechanized car wash collapsed, nearly crushing him as he sat inside his car.”
Photo: Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.