News in brief: beware the hacked carwash; man sentenced over Mirai attack; farewell to the iPod

Your daily round-up of some of the other stories in the news

When a carwash goes rogue

We’ve written about hacking cars on Naked Security, and we’re all too well aware of the vulnerabilities of devices connected to the Internet of Things. But the news that a connected carwash could potentially be vulnerable to attacks has pretty much floored us.

First, we have to ask: why on earth does a carwash need to be connected? It turns out that some carwashes made by PDQ not only come with huge whirly brushes and water jets, but also with a web server that, according to Bleeping Computer, allows staff to manage the contraption remotely.

And, according to researchers led by Billy Rios, that web server comes with a default password that’s common to all the models identified in their alert, which means that if it’s not changed anyone could take control of the carwash.

The researchers said in their presentation at Black Hat in Las Vegas that they’d actually alerted the manufacturer to the vulnerability two years ago, but that it hadn’t yet been patched.

The research makes for scary reading: they said they could potentially lock cars with customers and operatives inside the carwash and direct water at them.

Next time you’re thinking of getting the car washed, you might want to check out what model your local garage has installed – and maybe pick somewhere else.

Man sentenced for Mirai attack on Deutsche Telekom

A British man was given a suspended sentence at a court in Germany on Friday after he admitted to having been behind the Mirai attack last year that knocked out nearly one in 20 German customers of the ISP Deutsche Telekom.

The 29-year-old man, identified as Daniel K, told the court in Cologne last week that the attack was “the worst mistake of my life”, and, according to Sky News, claimed that he’d been paid £7,700 by a Liberian company to develop a botnet.

The man, who uses the online handle “Spiderman”, is also facing charges in the UK, where authorities have asked for his extradition.

Deutsche Telekom said the attack had caused damages totalling €2m, and added that it’s considering a civil lawsuit against the man, who was arrested at Luton airport in the UK in February.

End of the line for the iPod

It’s the end of an era for those of us whose first experience of digital music on the move was Apple’s iconic iPod: the Cupertino company has said that it’s to finally retire its venerable iPod Nano and iPod Shuffle.

Those two devices are the last in the line of a product that was born back in 2001, launched by Steve Jobs with the tagline: “1,000 songs in your pocket”. The very first iteration was Mac-only and had a mechanical clickwheel and a mono screen, with a similar Windows-friendly version following soon after.

From there the iPod acquired a touchwheel and a colour screen, and then the ability to store and display photographs before shrinking down into the much smaller Shuffle and Nano devices, and also evolving into the iPod Touch, the immediate precursor to the iPhone.

While we mourn an iconic piece of hardware, let’s not forget that it wasn’t the first digital music player to sport a hard drive, and many of us would very much like to see iTunes, which was developed to manage the iPod, follow the device into oblivion.

But the writing was on the wall for the iPod as smartphones acquired not only the ability to play music, but also decent-sized hard drives. Meanwhile, I’m going to dust off my first-gen iPod Touch (running iOS 5) and see if a museum would like to give it a home.

Catch up with all of today’s stories on Naked Security