When the robots takeover, nowhere will be safe. Not even car washes.
Hackers revealed how ridiculously easy it is to turn a mild-meaning, fully-automated car wash into a violent attacking monster through remotely hijacking the system.
PDQ LaserWashes are touchless, automatic car washes that eliminate the need for attendants. The washes can be programmed when to open and close, and drivers pick their wash type with a touchscreen.
Technicians can monitor the car washes over the internet, which is where issues arise.
Cybersecurity researchers told Motherboard hackers can easily break into the system by guessing passwords that allow access to them and bypassing authentication tools. From there, particularly violent hackers have a smorgasbord of ways to kill those using the car wash:
The car wash’s software tracks where a carwash is in its cycle, making it easy to know when the wash is about to end and a vehicle to exit. An attacker can send an instantaneous command to close one or both doors to trap the vehicle inside, or open and close one door repeatedly to strike the vehicle a number of times as a driver tries to flee.
They could also manipulate the mechanical arm to hit the vehicle or spew water continuously, making it difficult for a trapped occupant to exit the car. They didn’t try this during their live tests, however, to avoid damaging the arm.
A software-based safety mechanism prevents the arm from hitting a vehicle normally, but they were able to disable this, too.
“We believe this to be the first exploit of a connected device that causes the device to physically attack someone,” the lead on the research told Motherboard. With automation taking our factory jobs, driving and food services, I would not have guessed car washes to be the first that could put me in danger.
Beware of robot car washes.