Free laundry hack highlights lack of security

Posted on Monday, July 5th, 2010 in Bus Pirate, security by Ian

cam0 pried open a laundry smartcard and found an unprotected SPI EEPROM chip. He googled the part number and found a datasheet that describes the chip protocol, then dumped the data with a Bus Pirate. He found the card balance by comparing the contents before and after a load of laundry, the value was stored in plain text. The EEPROM was completely unprotected, so the card could be changed just by following the datasheet.

We obviously can’t and don’t endorse theft of laundry, but this is interesting hack from a security perspective. The manufacture evidently intended this card only for trusted environments, or counted on security through users’ ignorance of electronics. As cam0 notes, this type of card is probably no longer in use. Most common smartcards are encrypted or write protected. The SLE4442, for example, requires a password to change values on the card.

Via Hack a Day, Hacked Gadgets.

This entry was posted on Monday, July 5th, 2010 at 10:16 am and is filed under Bus Pirate, security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “Free laundry hack highlights lack of security”

  1. DrF says:

    I keep meaning to try and read the odd shaped electric keys we now have that replaced the cards we used to have (same thing different package)… never seem to get around to that :)
    I assume there better protected than this guys laundry card though, since you need a pin to top them up.

    I found it a interesting read, still trying to figure out the BP and its seemingly never ending uses:)

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Drone: So these go for around $330 USD and NO published calibration procedure online or otherwise? Given what's inside - I don't think I'll be considering...
  • Pekka Akselin: This is ridiculous!? :-) We are back at 256(!) byte EPROMs that needed multiple, a handful, of voltages to run! :-(
  • KH: Let's try a back-of-envelope calc balancing energies. From MCP1700 datasheet, there are graphs for a 200mA load step. Estimate the energy shortfall as 12uJ. Say...
  • Daniel: It's been a week and my comment is still awaiting moderation. Apparently the CIA doesn't want their involvement known?
  • KH: Agree, so okay, I guess he must have learned from somewhere. 100nF and 1000uF is so far apart, that was jarring; it's more magic incantation...