Skip to main content
  1. Home
  2. Web
  3. News

Dangerous security flaw discovered in smart commercial dishwasher

By

miele professional smart bug iotwasher
Miele
Another ‘smart’ appliance has been found with serious security flaws by white hat hackers. This time around it’s a commercial washer-disinfector produced by Miele Professional, which connects to the Internet of Things, but allows anyone connecting to it to request any file from its web server.

The Miele Professional PG8528 is big dishwasher and disinfector that’s designed for cleaning restaurant dishes and/or medical apparatus. As with many contemporary appliances, Miele has made it connected. With a built-in RS232 serial connector and Ethernet cable, it can be hooked up to various other appliances and a local network for wider internet connectivity.

That’s great for smart functions, but when it has a poorly secured web server back-end, it means that the appliance could be hacked by anyone with a rudimentary understanding of security.

Related

The flaw is because the PST10 webserver embedded in the machine, “typically listens to port 80 and is prone to a directory traversal attack.” That could theoretically allow an attacker to discover sensitive information about the local network or the organization managing it, thereby giving them a new attack vector in the future.

This bug was discovered by Jens Regel of Schneider & Wulf, who purportedly contacted Miele Professional about the problem in November last year. However after speaking with a security representative at the company, they received no response for several months. With that in mind, they have now made the flaw public, in the hope that the company does something about it.

At the time of writing, no official statement has been made by Miele Professional, and the full disclosure page for the bug suggests that there has been no fix for the security problem as of yet.

Unfortunately, this sort of exploit path using IoT devices is becoming far too common. While we might not go as hard on the acronyms as ZDnet, as it points out, with more and more device manufacturers looking to make their appliances smart without impacting the cost of the product too much, we could see many more of these kinds of bugs in the future. In turn, that could enable much more dangerous attack vectors.

Possibly complicating matters, the head of the FCC, Maureen Ohlhausen, recently stated that she would rather the IoT industry be self-regulated, rather than being obligated to respond to strict federal regulation. In the absence of responsible industry players, that could leave many consumers at risk of further attacks.

Editors’ Recommendations

Topics
Jon Martindale
Jon Martindale
Computing Coordinator
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
How to download a video from Facebook
An elderly person holding a phone.

Facebook is a great place for sharing photos, videos, and other media with friends and family. But what if you’d like to download a video to store offline? This means you’d be able to watch the clip on your PC or mobile device, without needing to be connected to the internet. Fortunately, there’s a way to download Facebook videos to your everyday gadgets, although it’s not as straightforward a process as it could be.

Read more
How to delete your Gmail account (and what you need to know)
The top corner of Gmail on a laptop screen.

Is it time to part ways with your Gmail account? Whether you’re moving onto greener email pastures, or you want to start fresh with a new Gmail address, deleting your old Gmail account is something anyone can do. Of course, we’re not just going to bid you farewell without a guide all our own. If you need to delete your Gmail account, we hope these step-by-step instructions will make the process even easier.

Read more
How to change margins in Google Docs
Laptop Working from Home

You may find that Google Docs has a UI that is almost too clean. It can be difficult to find basic things you're used to, such as margin settings. Don't worry, though, you can change margins in Google Docs just like with any other word processor through a couple of different means.

Read more