Autonomous Car Wash Systems Can Now Be Hacked to Destroy Vehicles

The researcher pointed out that smart or automated car wash facilities can be categorized as industrial control systems (ICS), which can be easily hacked and exploited as desired. As Rios and his team managed to penetrate inside the car wash's cyber system, they found a number of features that can be remotely controlled such as taking over the functions of bay doors, removing safety signals, and freely spraying water. The proof-of-concept video obtained by the research team didn't get the permission of PDQ Inc. to be released. It was relatively easy for the research team to penetrate through the interface as the system was only protected by a weak default password.

This system manipulation could potentially be a life-threatening attack as the facility's robotic arms can be used to repeatedly pound on the vehicle and disperse surges of water on its passengers. Furthermore, hackers could easily humiliate the car wash's users by emailing out details of the accident or directly post it to Facebook. These emailing and social media features are available for the facility's owners and operators to track the car wash system's usage.

[Image Source: PDQ Inc.]

With good intentions, Rios presented his team's findings to PDQ and highlighted the system vulnerabilities they discovered two years ago in 2015. However, the car wash manufacturer chose to not do anything about it and no patch has been provided as of Black Hat 2017. Just recently, PDQ has acknowledged their system's vulnerabilities and asserted that they are developing ways to fix the cyber flaws.

Rios' research evaluated that everyone must be quick to change their Internet-connected interface's default passwords and should be cautious before hooking up a personal device to the Internet.

Sources: Security Week, Kaspersky Lab

SEE ALSO: What Is Car Hacking and What Can You Do to Prevent It ?