Miele Had “Great Idea” to Include a Web Server in a Dishwasher, But Not to Apply The Necessary Security

Provide connection to the internet to home appliances is nothing new and we already have several years seeing examples such as refrigerators and vacuum cleaners. Something that might be useful and in some cases added an exhibition or source for the data collection, as it has happened with some Miele dishwasher that can be victims of an attack by an error on the web server that integrate.

The affected model is the Professional Miele PG 8528, a unit of washing and disinfection of hospitals in whose technical specifications instrumental figure an internet server. The idea is that the device can share data with others (for example, to external storage systems) and connect to the local network, but due to this error means a gateway to possible attacks.

A dishwasher that can be data wash

The bug details publishing them on the portal Seclists.org, in which we see all the technical aspects and where you stand on two facts: the type of error and the “response” from Miele. According to this report may be what a directory transversal attack, with which an attacker can access private information and sensitive device handles and stores, that you could insert their own code so that the server executed it.

The second point that draws attention is that this is not new (known since November 2016) and which has been notified to the manufacturer at least in two occasions by this portal. And apparently Miele has not responded, or to the portal or in a public way, and there is even a solution to this exploit.

No answers or solutions

Devices internet access gives possibilities of extending the use of the same as the power connecting several synchronized work or make a use with another user in the distance. But When this does not apply the right way (u honest) can have this type of ‘holes’, or you do not respect the privacy of users as we saw in the case of the smart TV from Vizio or We-Vibe sex toys, both having to pay fines for it.

Leaving aside the questionable need to integrate internet in all appliances, the case is that at the moment Miele has not acted, as we said. We’ll see if they soon send some kind of update that solves this problem now that the incident is public.