When Doing Laundry Becomes a Cybersecurity Lesson

 In a twist that reads like a tech startup pitch, and a cybersecurity thriller, two UC Santa Cruz students, Alexander Sherbrooke and Iakov Tarenenko, discovered a serious security flaw in CSC Service Works IoT laundry machines. By reverse engineering the mobile apps API, they exposed a loophole that allowed them to run machines without paying and even top up their laundry accounts with multi-million dollar balances.

What's striking and alarming, is how easily they could have been exploited beyond a harmless prank. Since CSC servers blindly trusted commands purportedly sent by the app, the students were able to directly manipulate machine behavior. While a physical button still needed to be pressed for a cycle to start, the vulnerability exposed the lack of backend checks and raised serious concerns about connected, heavy duty appliances operating via the internet.

This bug shines a light on the often overlooked risks of IoT devices, especially everyday items like washing machines. It underscores the importance of ethical disclosures, responsiveness from vendors, and robust security design. Thankfully, after the vulnerability went public, CSC finally acknowledged the issue and began patches, showing how transparency and prompt actions are vital in keeping us all safer.

By: Joshua Xiong

Sources: https://www.theverge.com/2024/5/19/24160383/students-security-bug-laundry-machines-csc-serviceworks

AI Generated Profile Pics: Romance Scam on Dating apps

 Hello guys, this is an interesting topic that I came across over the week.

Scammers are now using AI-generated Profile Pictures to populate fake profiles on dating apps, making romance scams harder to spot and more convincing than ever. This trend is apart of evolving "pig butchering" schemes, where criminals lure victims into imaginary relationships to eventually extract money. Often via cryptocurrency.

To protect yourself, stay alert for red flags like someone avoiding video calls, sounding too perfect, or trying to move the conversation off the app quickly. Ask questions that AI bots may struggle to answer. Use caution when profiles look too polished or overly generic. Dating platforms are beginning to crack down on by adding ID verification features, but users still play the first line of defense.

I found this quite alarming, as how AI has shifted the balance of power in online deception. I usually write about how to keep yourself safe, but as of the moment this feels more like a personally interesting blog. Scammers no longer need to steal photos or write fake bios themselves, in which they use the power of AI, which can generate perfect looking people and flawless conversations in seconds. Its practically catfishing but a lot worst. This just only shows how Ai isn't just a tool for productivity, its also being weaponized to manipulate emotions and exploit human trust in completely new ways.

Source: https://www.bloomberg.com/news/newsletters/2024-02-14/scammers-litter-dating-apps-with-ai-generated-profile-pics

by : Joshua Xiong