Connected cars have already raised a lot of concerns when it comes to cyber security. Remember back in 2015 when those guys from Twitter and IOActive hacked a 2014 Jeep Grand Cherokee and took control of its onboard systems? In fairness, FCA issued a recall shortly thereafter, but that’s not the point. Later on, in 2016, it was found that most Volkswagen’s built after 1995 could be remotely hacked to allow a hacker to unlock the doors and gain physical entry.
And, let’s not forget about those two guys that got arrested for hacking and stealing 30 Jeeps using nothing more than a laptop and some stolen software. Brand new VW’s now have their own unique keys and entry codes, and FCA has issued a fix for their problems, so why is this relevant? Because hacking isn’t just limited to cars. Think about this – it’s Sunday, you’re in the car wash, and getting ready to emerge from the exit with a freshly cleaned ride. All of the sudden: BAM – the doors shut, and one of the robotic arms starts hitting your car repeatedly, breaking the windows, damaging the body, and getting you wet at the same time.
Sounds pretty wild right? Well, as it turns out, it’s quite possible, and it was recently proven by a group of security researchers who presented their findings at the Black Hat hacking conference in Vegas last week. The system in question is known as the PDQ LaserWash, which just so happens to be a pretty popular system and is used across the U.S. The systems are connected to the internet and run on a version of Windows CE. The exploit has been known about for a couple of years, but it wasn’t until recently that a facility in Washington State allowed the research group to try it out. Unfortunately, they didn’t allow the team to record their results, so there’s no video of what’s actually going on, but the team says they were able to easily guess the default master password and use an “attack script” to control the car wash. In their test, they didn’t strike the vehicle with any components of the carwash, but they did lock the bay doors and demonstrated that it could be done. The team has notified the Department of Homeland Security, and PDQ is reportedly working on a fix for the exploit.