Skip to main content

Dangerous security flaw discovered in smart commercial dishwasher

miele professional smart bug iotwasher
Another ‘smart’ appliance has been found with serious security flaws by white hat hackers. This time around it’s a commercial washer-disinfector produced by Miele Professional, which connects to the Internet of Things, but allows anyone connecting to it to request any file from its web server.

The Miele Professional PG8528 is big dishwasher and disinfector that’s designed for cleaning restaurant dishes and/or medical apparatus. As with many contemporary appliances, Miele has made it connected. With a built-in RS232 serial connector and Ethernet cable, it can be hooked up to various other appliances and a local network for wider internet connectivity.

That’s great for smart functions, but when it has a poorly secured web server back-end, it means that the appliance could be hacked by anyone with a rudimentary understanding of security.

The flaw is because the PST10 webserver embedded in the machine, “typically listens to port 80 and is prone to a directory traversal attack.” That could theoretically allow an attacker to discover sensitive information about the local network or the organization managing it, thereby giving them a new attack vector in the future.

This bug was discovered by Jens Regel of Schneider & Wulf, who purportedly contacted Miele Professional about the problem in November last year. However after speaking with a security representative at the company, they received no response for several months. With that in mind, they have now made the flaw public, in the hope that the company does something about it.

At the time of writing, no official statement has been made by Miele Professional, and the full disclosure page for the bug suggests that there has been no fix for the security problem as of yet.

Unfortunately, this sort of exploit path using IoT devices is becoming far too common. While we might not go as hard on the acronyms as ZDnet, as it points out, with more and more device manufacturers looking to make their appliances smart without impacting the cost of the product too much, we could see many more of these kinds of bugs in the future. In turn, that could enable much more dangerous attack vectors.

Possibly complicating matters, the head of the FCC, Maureen Ohlhausen, recently stated that she would rather the IoT industry be self-regulated, rather than being obligated to respond to strict federal regulation. In the absence of responsible industry players, that could leave many consumers at risk of further attacks.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
How to easily log in to multiple Gmail accounts at once
woman sitting and using laptop

Have you found yourself rapidly accumulating Gmail accounts? Between work, school, and any personal accounts you may have created, it's completely reasonable to have three (or more) Google accounts that need to be checked regularly.

Read more
The best MasterClass courses for 2024
The MasterClass logo against a dark background.

Learning a new skill, art, or craft is a great way to expand your horizons, and even increase your value as a creator or within your career. There are a lot of online learning platforms out there to help you grow, but few are as universally recognized as MasterClass.

MasterClass is a streaming platform that offers online classes taught by some of the biggest names in their respective fields. With a subscription you’ll get access to the full library of MasterClass courses, which includes a huge variety of subjects such as food, writing, music, wellness, and home & lifestyle.

Read more
How to recall an email in Gmail on mobile and desktop
A person sitting at a desk, in front of a computer monitor with their head in their hands.

Sometimes the moment you hit send in Gmail you want to recall the message. We all make mistakes. Luckily, Google gets it and, just as you can recall an Outlook message, you can unsend a Gmail. In the past, you had to manually enable it, but now it’s on by default.

Here’s how to make the most of it.

Read more