Categories

Free laundry hack highlights lack of security

Posted on Monday, July 5th, 2010 in Bus Pirate, security by Ian

cam0 pried open a laundry smartcard and found an unprotected SPI EEPROM chip. He googled the part number and found a datasheet that describes the chip protocol, then dumped the data with a Bus Pirate. He found the card balance by comparing the contents before and after a load of laundry, the value was stored in plain text. The EEPROM was completely unprotected, so the card could be changed just by following the datasheet.

We obviously can’t and don’t endorse theft of laundry, but this is interesting hack from a security perspective. The manufacture evidently intended this card only for trusted environments, or counted on security through users’ ignorance of electronics. As cam0 notes, this type of card is probably no longer in use. Most common smartcards are encrypted or write protected. The SLE4442, for example, requires a password to change values on the card.

Via Hack a Day, Hacked Gadgets.

This entry was posted on Monday, July 5th, 2010 at 10:16 am and is filed under Bus Pirate, security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “Free laundry hack highlights lack of security”

  1. DrF says:

    I keep meaning to try and read the odd shaped electric keys we now have that replaced the cards we used to have (same thing different package)… never seem to get around to that :)
    I assume there better protected than this guys laundry card though, since you need a pin to top them up.

    I found it a interesting read, still trying to figure out the BP and its seemingly never ending uses:)

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Geert Jordaens: I'm not sure what kind of licensing I have to add since it is a fairly straight forward implementation of the adaptive Huffman Decoding. For...
  • erich: For anyone interested, I've added some c++ code for adaptive huffman decoding in the git repository.
  • Sjaak: I would add some more protection in the used trigger file (on the serverpilot site) then not using a standard name :) hopefully they use...
  • Pete Castagna: My friend Charlie who worked in synthesizers at a DOD type of place made a modification to this avalanche pulse generator that allowed him to...
  • Sam Catchpole: Yes please :D