A CSC ServiceWorks security flaw could potentially allow millions of Americans to do their laundry for free, according to two University of California, Santa Cruz students.
First reported by TechCrunch, the vulnerability allegedly allows anyone to remotely control coin-operated commands without ever needing to pay.
The two students, Alexander Sherbrooke and Iakov Taranenko, found the same bug in the CSC ServiceWorks app that also allows them to raise the stored balance to several millions of dollars.
It is uncertain if the security bug could also allow people to remotely operate or stop multiple laundry machines.
Sherbrooke and Taraneko have already reported the security flaw to the CERT Coordination Center at Carnegie Mellon University after failing to contact CSC ServiceWorks.
As of writing, the CSC ServiceWorks bug remains, exposing thousands, if not millions, of businesses to huge financial losses. The company has yet to provide a statement regarding the vulnerability.
How to Protect Your CSC ServiceWorks Laundry Machine from Bug Exploit?
Since the issue is in the CSC ServiceWorks' systems, it is more difficult to prevent people from exploiting the security flaw.
However, laundromat owners and other businesses can still protect themselves from huge financial losses by temporarily disconnecting their remote laundry machines from their networks.
CSC laundry machine owners can also try to contact their dealers to check if they can have their machines only operated manually to prevent third parties from connecting to them.
It is important to remember, however, that these remedies are temporary, and only CSC ServiceWorks can provide a permanent fix to the issue.
Related Article : Apple iOS 17.5 Bug is Bringing Back Old Deleted Photos, Users Report
CSC ServiceWorks Criticized for Silencing the Security Bug Issue
In the interview with TechCrunch, Sherbrooke and Taraneko also highlighted the difficulty of contacting the company or any actions to notify other customers about the massive security flaw.
According to the US Santa Cruz students, CSC Serviceworks simply removed the million-dollar cash balance on the students' app after reporting the issue to the company.
It is also worth noting that the vulnerability was found earlier this year, an issue CSC ServiceWorks did not disclose to the public until the TechCrunch report.