IoT security woes: This smart dishwasher was found connected to an unsecured web server for months
A bug report from a security expert alleges that Miele ignored the security issue despite having been notified of it.
A smart dishwasher has reportedly been found connected to an unsecured web server, giving experts further arsenal to warn about the dangers of IoT devices. A bug report by a security expert alleges that Miele, the manufacturer of the smart dishwasher, ignored the security issue despite having been notified of it, indicating that the smart device may have been left exposed to an unsecured server for months.
According to Jens Regel of Schneider & Wulf, Miele's Professional PG 8528 PST10 devices were found to be "prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks".
According to Regel, he was able to get his hands on the embedded systems' shadow file, which in turn provided him access to all files in the system, ZDNet reported. "We are not aware of an actual fix," Regel said.
According to Miele's product description page, the ethernet connection is used to extract text reports from the dishwasher. "The ethernet interface is the universal solution for data exchange," the description states. "In comparison with other interfaces the user is offered a particularly high level of functionality."
However, security experts have reportedly bemoaned such situations, warning about the potential dangers such security flaws could pose. According to Mikko Hyppönen, chief research officer at F-Secure, the IoT security situation is unlikely to get any better any time soon.
"The price of turning a dumb device into a smart device will be 10 cents," Hyppönen said. "It's going to be so cheap that vendors will put the chip in any device, even if the benefits are only very small. But those benefits won't be benefits to you, the consumer -- they'll be benefits for the manufacturers because they want to collect analytics."
"The IoT devices of the future won't go online to benefit you -- you won't even know that it's an IoT device."
© Copyright IBTimes 2024. All rights reserved.