Vulnerability found in network-connected device from German manufacturer Miele.
The internet of things has brought “wave of the future” aspirations to our current tech reality, with much of the devices hitting the market looking for all the world like something out of a Disney EPCOT Center display. Unfortunately, as both tech experts and consumers have discovered, the race to connect our appliances to our smartphones via the internet has resulted in more than a few data breaches and hacking events.
Full disclosure: if anyone wanted to surprise me with the slow cooker that you can activate from your smartphone, I would not be opposed to such a time-saving, convenient gift. However, improved convenience and functionality are not always the driving factors in IoT innovations, or in improved security.
No one’s safe
One university learned this the hard way when they suffered a DDoS attack, all thanks to their light bulbs and vending machines. Hackers broke into those devices and initiated repetitive searches for seafood, all in a successful attempt to bog down the network and keep legitimate activity from taking place.
In a more ominous scenario, the medical industry has already learned of actual security flaws in IoT medical implants like insulin pumps and pacemakers. One company in particular, St. Jude Medical (owned by Abbott Laboratories), has already had to issue a patch to close security vulnerabilities in its pacemakers.
But what about vulnerabilities that can’t be closed up? That’s what one appliance manufacturer is facing due its non-response over a security flaw, as reported by Bitdefender. Miele, whose (for some unknown reason) connected dishwasher was found to have a serious security vulnerability, failed to respond to a security researcher who disclosed the details of his findings directly to the company. Their lack of response has prompted the researcher, Jens Regel of Schneider & Wulf, to make the vulnerability public. To date, there is still no word from the manufacturer and no patch has been issued via its website for this dishwasher.
This news is simply the latest example of the most blatant flaw IoT-capable device manufacturers have: their focus is on making the device do something “new and different,” rather than on protecting consumers’ privacy. Why does a dishwasher need to connect online, and why does it even have connectivity capability to other ports in the owner’s connection? Unlike other examples, like doctors being able to call up a patient’s glucose readings remotely, or a vending machine that can accept card or mobile payments, both of which rely on an internet connection, some of the “bells and whistles” approach to connected devices seems to be more about flashy new options and less about actual improvements in functionality. The end result is yet another open door to exposing consumer data.
Worried about the security of your IoT device? Download the latest security software now, here on FileHippo.