College Students Uncover Major Security Flaw in Internet-Connected Laundry Machines

A vulnerability found by two UC Santa Cruz students allows free use of CSC ServiceWorks' machines, affecting over a million units globally.

The flaw exists in the CSC Go app's API, enabling commands to be sent directly to the servers without payment validation.
Students Alexander Sherbrooke and Iakov Taranenko discovered the exploit and attempted to report it to CSC ServiceWorks without success.
The vulnerability affects over a million machines in the US, Canada, and Europe, used across college campuses and housing communities.
Despite multiple attempts, CSC ServiceWorks has not responded or fixed the issue, leading the students to disclose the flaw publicly.
This incident highlights ongoing cybersecurity challenges in the Internet of Things (IoT) sector.