A drive-through car wash can be more than a little scary for a kid, but here’s a reason to let it freak you out as an adult too. Smart car washes with internet-connected washing devices could be hacked to trap you inside a hurricane of water and soap, or even be used to smash up your car and maybe even you.
This discovery comes by way of researchers at Whitescope security who spoke to Motherboard and plan to discuss their finding at this year’s Black Hat security conference in Las Vegas. The research focused on a PDQ LaserWash system, which runs on Windows CE and makes use of a mechanical arm that reaches around the vehicle to spray. In this system, the doors on either end of the car wash tunnel are also computer controlled, giving hackers plenty of havoc to wreak.
Thanks to some assistance from a car wash in Washington state, the researchers were able to test vulnerabilities they found in the real world. By guessing the system’s username and password, they found they would be able to use the exit door to strike cars by convincing the system to ignore infrared safety sensors. They were also able to leverage enough control over the robot arm that it could spray water endlessly, trapping a customer inside, or even strike a car.
The researchers didn’t go so far as to actually try some of the more extreme hacks however. Not for fear of damaging the test car (which belonged to a researcher), but for fear of damaging the robot arm. The car was that agreed to the test also opted not to let the hackers record their successful sabotage. The parent company, PDQ, is now aware of the vulnerabilities.
The increasingly connected world poses myriad dangers, and the lack of strong security at all points makes the possibility of a truly catastrophic hack evermore possible. Webcams and DVRs with default passwords have been leveraged to assault and disable large chunks of the internet. Ethernet switches, meanwhile, can give hackers access to industrial locations like power plants. The only solution is robust security that can often seem expensive and overkill to companies concerned with their bottom line. That is, until a disaster shows that it was necessary in the first place. Things may have to get much worse before they get any better.