Have you ever seen Maximum Overdrive? Don’t worry, not many people have anyway. In this cheesy 1980s movie, a comet that passes the earth is what causes machines to wake up and attack people who were once in control of the said machines. And now, the closest thing to the plot of the movie has happened in a car wash in Washington state.
What happened was that hackers hijacked the PDQ LaserWash system that operates via the Internet and made the outside doors slam shut and trap a vehicle inside the car wash. Hackers also managed to take control over the mechanical arms and directed a powerful water stream onto the door of the pickup which made it impossible for the driver to make an exit.
The hackers also made a variation of the attack where they used the outside doors of the car wash to keep the driver inside. By sending an instantaneous command to close the one or two doors, they were able to trap the vehicle inside, and by opening and closing the doors repeatedly they discovered they could keep the driver inside by striking the car.
While this sounds horrific, you will be pleased to know that the hackers in question were actually researchers who were granted permission from the car wash owner to do these tests. The findings of these experiments will be presented at the Black Hat security conference this week, and the researchers say they’ve already shared the results with the Department of Homeland Security.
Researchers also told the car wash vendor about their findings concerning the vulnerability of the software that let them hijack the controls of the car wash.
The vulnerability comes from the default password settings over the Internet controls, which let hackers take control if left unchanged. This problem can be found in many Internet-enabled consumer products, especially security cameras and printers.
When looked in broader terms, this car wash hijack shows how dangerous it can be having Internet-operated machines that allow the hackers to widen their field of interest and move from computers to anything from light bulbs to cars.
Thankfully, in the case of the car wash, the hackers were researchers and had good intentions. But this leaves us believing we’ll be reliving the scenes from Maximum Overdrive not that far into the future.
This should serve as a reminder to everyone to not be lazy with their cyber hygiene and change those default passwords.