Categories: NewsTechnology

PDQ’s Smart Car Wash Vulnerabilities Can Injure Humans and Cars Alike

Making electronics “smarter” does not necessarily mean they are protected from external threats. In fact, smart devices are often even more prone to cyber attacks due to their constant connection to the Internet. A recent experiment involving smart car wash equipment revealed how several key flaws could be used to cause physical injuries to both cars and people. It appears the smart car wash solutions from U.S.-based PDQ are the main culprit.

Smart Car Wash Security Flaws are Problematic

Most people look at the car wash in the same way they have done for decades now. The entire process has been automated for quite some time, though there may now be software powering the entire experience. PDQ, a well-known U.S.-based vendor of Internet-connected car wash equipment, has been making some bad headlines of late.

Two security researchers have uncovered how car wash equipment contains multiple vulnerabilities. If these loopholes were to be exploited by people with malicious intents, they could cause damage to cars or physical harm to passengers and employees. That is not something a smart car wash vendor wants to be associated with. Even though these flaws have existed since January 2015, PDQ has not taken the necessary steps to patch the weaknesses. That is absolutely unacceptable.

Making matters worse is that the affected PDQ products are not just sold in the U.S., but rather on a global scale. Their LaserWash, LaserJet, and ProTouch equipment all contain these same vulnerabilities, which can have disastrous effects. The complex multi-component devices have built-in web servers which allow employees and car wash operators to manage them remotely. In this day and age, that makes a lot of sense. However, manufacturers also must take the necessary steps to protect these servers from nefarious activity, which does not appear to be the case with PDQ.

Related Post

According to the researchers who disclosed these vulnerabilities back in 2015, the equipment’s login procedure has an authentication method which can be bypassed with ease. Once this occurred, they were given full access to the hardware’s control panel. This panel gives users full access to diagnostics, the setup of individual parts, and also the ability to cause damage to both cars and humans alike. PDQ decided to ignore this research for more than two years.

The researchers continued experimenting with the flaw they discovered in order to see what kind of damage could be done. They have since developed a few exploits which could have grave consequences, including the option to disable security sensors and alter hardware behavior. For example, it is possible to close the car wash’s doors when a car or person comes through. Additionally, the washing arms can be modified to hit cars and trap people in their cars for extended periods of time. All it would take is an automated script to put the well-being of one’s vehicle or oneself in danger.

Thankfully, PDQ has finally acknowledged these problems and promised they will fix the issues. This only occurred after the Industrial Control Systems Cyber Emergency Response Team issued a nationwide alert about this vendor’s equipment. Flaws like these should never be allowed to remain active for as long as they were in this case, especially after receiving proper documentation from researchers on the potential outcomes. PDQ certainly dropped the ball here.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Altcoins to Invest in Today: Qubetics Sets the Stage for Blockchain’s Future as Bitcoin Hits $108K and Litecoin Soars

The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…

9 hours ago

Dogecoin Millionaire Predicts This Undervalued Altcoin Could Match DOGE’s 2021 Gains

Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…

10 hours ago

Qubetics Presale Skyrockets to $7.5M as XRP and Arbitrum Lead Best Altcoins for Exponential Returns

The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…

11 hours ago

Over 300K Users Actively Mine Crypto On BlockDAG’s X1 Miner App While BNB Bulls Eye $3K; What’s XRP’s Price Target?

The crypto market is ablaze with excitement as altcoins like XRP and BNB make major…

11 hours ago

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

14 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

15 hours ago