Today we bring you a story that should illustrate just how seriously we need to start taking security when it comes to the internet of things (IoT).
German security researcher Jens Regel has discovered a web server security flaw in a Miele Professional PG 8528. In case you’re wondering what sort of computer that it is, let me save you the Google search: it isn’t a computer at all, it’s a dishwasher. A dishwasher with IoT functionality built right in.
To be fair this particular dishwasher is used in a lab, but that makes the flaw even more of a problem, as that flaw could potentially allow a hacker access to information more sensitive than that accessible via an average household’s WiFi network.
The flaw in the dishwasher’s security would allow an attacker to access the appliance’s embedded web server that constantly listens to port 80. Exploitation of this issue could help an attacker gain access to sensitive information on the network the appliance is attached to that could be used in other attacks, says Regel.
Worse than the open door in a dishwasher is the fact that despite contacting Miele about it, the flaw has seemingly not been patched.
The issue was first discovered in November 2016. The researcher then contacted Miele to inform them of the flaw, and to date Miele has not contacted Regel to say it has been patched.
One could argue that Miele is not a tech company and therefore shouldn’t carry the burden of having to issue patches for their appliance software, but frankly that’s a terrible argument, because if not them, then who?
The internet of things is growing at an alarming rate, and having unsecured gadgets scattered around the house is like having numerous entrances to a home, but no doors.
The time has come then, it seems, for appliance firms to become tech companies. Even if they don’t want to.