Smart car wash can be turned into a trap for the car and the passenger

It is easy to call in to the car wash, but attackers can make travel much more difficult.



Technology continues to evolve, mobile devices, household appliances and industrial systems are becoming "smarter." You can manage many of these systems remotely, as well as receive important information about their status in real time. All this is very convenient, but at the same time, and dangerous. Infobase specialists have long been discussing the need for reliable protection for systems and devices that require remote control.



And it's not about computers or smart refrigerators that make up botnets . Attackers, with due skill, can hack other objects, which you cannot immediately say that they can be controlled remotely. What are these objects? Well, for example, a car wash. The other day, a group of information security specialists showed the possibility of hacking a car wash into a trap for the driver and passengers of the car.



Vulnerabilities of such a system allow to control washing doors, manipulators and other elements. Theoretically, all this allows harm not only to the car, but also to people inside. “We believe that this is the first case of exploitation of a vulnerability system that allows you to physically attack,” said Billy Rios , founder of Whitescope security. In fact, this is not entirely true, since you can do harm with the help of car hacking, drones (with the pursuit of a potential victim or falling on her head) and other systems.



But really, nobody had previously told about hacking a smart car wash. The results of their work, hackers (in the positive sense of the term) will demonstrate at the Black Hat conference , which will soon be held in Las Vegas.



This is not the first project of this kind of Riota and his colleagues. Previously, they showed that vulnerable to external actions of burglars are medical devices on which patients' lives depend, baggage screening systems installed at airports, automation of residential and industrial buildings, which controls door closing, alarm systems, lighting, escalators, etc. .



As for washing, cybersecurity experts studied one of the models of such systems, namely PDQ LaserWash. Everything here is fully automated, there are no rotating brushes, there is nothing that would concern the machine in the process of washing, except jets of water and detergent. This kind of car wash is popular in the US, because it does not require the participation of the operator or driver. A number of mine have doors that close when the vehicle enters. The order is made using a special machine with a touch screen. Such systems work on Windows CE. To configure them, use the built-in web server with which you can connect via the Internet. And it was here that the problem was discovered.



A few years ago, Billy Riot heard from his friend the story that one of these sinks damaged his car and flooded the whole family with water. The problem was that the technician who serviced the system set it up incorrectly.





Two years ago, Riot and his colleagues studied washing software and presented the results at the Kaspersky Security Summit in Mexico. In 2015. Then they could not find the owners of the car wash, who would agree to the tests, to check whether the detected vulnerabilities could really be used to control the system remotely.



Getting access to the management of the sink was not so difficult. Yes, the system asks for a login and password, but the authentication implementation contains errors that made it possible to find a way around the need for authentication. In the US, according to experts, not all of the sinks of this type are connected to the Internet. But with the help of the search service Shodan managed to find more than 150 such sinks.



The hackers, having studied the vulnerability, wrote a script that automatically gains access to system management, waits until the car starts to leave the car wash and hits the car wash door on the car when it is already at the exit. The fact is that the car wash software monitors the process of cleaning the car and writes the current state of the car wash to the base. Accordingly, all this can be monitored remotely. Therefore, the easiest way to inflict damage is to touch the car door while the frightened driver tries to leave the mad car wash.



Usually, a special system equipped with infrared sensors monitors that this does not happen. But as it turned out, these sensors can be disabled. In addition, it is possible to control the mechanical manipulator, which splashes the car with water. An attacker, if desired, can establish a constant supply of water, which makes it difficult for the victim to get out of the car and escape. True, the testing of the manipulator control was not performed, because the authors of the study were afraid to damage it. But they say that if desired, the manipulator can be made to beat the vehicle.



All this is difficult to call the murder machine, of course, but the hacked system may well cause some harm to the car, its driver and passengers. The results of their work, the researchers sent as a washing machine manufacturer, as in the US Department of Homeland Security.