Two UCSC students found a security flaw in CSC ServiceWorks washing machines allowing free laundry cycles by manipulating the CSC Go mobile app's API. Despite reporting the bug months ago and attempting to notify the company, they still managed to exploit the vulnerability to accumulate millions in laundry credits. Contacting CSC ServiceWorks and CERT Coordination Center did not lead to a response or fix, and even after wiping their balance, the flaw remains unresolved
The students expressed concerns about potential legal repercussions for not reporting the issue correctly, emphasizing the need for a monitored security email inbox for such vulnerabilities to be addressed promptly. ```https://www.darkreading.com/ics-ot-security/students-spot-washing-machine-app-flaw-that-gives-out-free-cycles