Free laundry hack highlights lack of security
cam0 pried open a laundry smartcard and found an unprotected SPI EEPROM chip. He googled the part number and found a datasheet that describes the chip protocol, then dumped the data with a Bus Pirate. He found the card balance by comparing the contents before and after a load of laundry, the value was stored in plain text. The EEPROM was completely unprotected, so the card could be changed just by following the datasheet.
We obviously can’t and don’t endorse theft of laundry, but this is interesting hack from a security perspective. The manufacture evidently intended this card only for trusted environments, or counted on security through users’ ignorance of electronics. As cam0 notes, this type of card is probably no longer in use. Most common smartcards are encrypted or write protected. The SLE4442, for example, requires a password to change values on the card.Bus Pirate, security and tagged eeprom, free laundry, security, smart card hacking, spi.