Months after finding a security flaw in internet-connected laundry machines, students reported the vulnerability to the vendor, which remained unresolved despite repeated attempts to contact the company.
The flaw allowed remotely sending commands to laundry machines, starting cycles without payment. One student even added a multimillion-dollar balance to their account, exposing the vulnerability further.
CSC ServiceWorks, the laundry service company with over a million machines globally, did not respond to the students' attempts to report the security flaw.
No dedicated security contact page for vulnerability reporting led the students to reach out through online forms and phone calls, with no success in getting the issue fixed.
[
Collection
]
[
|
...
]