SoylentNews is people
SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
SoylentNews
A directory traversal bug has been found in a Miele dishwasher. This allows access to arbitrary files on the dishwasher's Web server from unauthenticated users. It has been questioned whether appliance makers should be the ones connecting things to networks, since their lack of experience means there isn't even an official channel to report or fix security bugs. Miele are yet to comment.
This discussion has been archived.
No new comments can be posted.
Dishwasher has Directory Traversal Bug
|
Log In/Create an Account
| Top
| 69 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
How many QA engineers does it take to screw in a lightbulb?
3: 1 to screw it in and 2 to say "I told you so" when it doesn't work.
(Score: 5, Insightful) by Snotnose on Wednesday March 29 2017, @11:42AM (19 children)
Why the hell does a dishwasher need a web server in it?
When the dust settled America realized it was saved by a porn star.
(Score: 0) by Anonymous Coward on Wednesday March 29 2017, @12:07PM
Solution: replace Web server with Wet server.
Not only it makes more sense for a washer machine, but also eliminates the directories to transverse.
(Score: 2) by wisnoskij on Wednesday March 29 2017, @01:07PM
It is marketed to politicians, who might want to acid wash they server on a moments notice.
(Score: 1) by moondoctor on Wednesday March 29 2017, @01:39PM
Hospitals. Everything needs to be logged.
In a properly functioning organisation procurement should have assessed it's security and not approved purchase.
We're a long way from that universe...
(Score: 0) by Anonymous Coward on Wednesday March 29 2017, @02:01PM (5 children)
Didn't you get the memo? It's the Internet of Things. Adding web servers to appliances is like building bypasses: You just have to do it.
(Score: 3, Funny) by Anonymous Coward on Wednesday March 29 2017, @02:26PM (1 child)
"Didn't you get the memo? It's the Internet of Things."
As someone on HN put it, the "S" in IoT stands for "Security".
(Score: 0) by Anonymous Coward on Thursday March 30 2017, @04:17AM
As someone on HN put it, the "S" in IoT stands for "Security".
In the acronym IoS, the "S" most definitely doesn't stand for "Security".
(Score: 0) by Anonymous Coward on Wednesday March 29 2017, @03:20PM (2 children)
I'm not sure I got the memo. I've implemented RFC 2324 and 7168 at home, but I was stumped when the roommate wanted a dishwasher. Which RFC should I use? Is it up to us Soylentils to propose one?
(Score: 0) by Anonymous Coward on Wednesday March 29 2017, @07:00PM (1 child)
The correct answer is, no. We can't perpetuate the stupidity that is 'because we can'. we already suffer for the complete lack of wisdom dealing with our current level of technological 'progress'.
(Score: 0) by Anonymous Coward on Wednesday March 29 2017, @07:44PM
Well you're no fun. :(
(Score: 5, Funny) by Azuma Hazuki on Wednesday March 29 2017, @03:56PM
Obviously because it needs to serve SOAP content :D
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Wednesday March 29 2017, @04:04PM (2 children)
Many reasons, lets say you want to start your dishwasher remotely as you forgot to before you went to work.
(Score: 0) by Anonymous Coward on Wednesday March 29 2017, @08:03PM
Also for when you want to stop your dishwasher mid-cycle while you're out jogging.
(Score: 0) by Anonymous Coward on Wednesday March 29 2017, @08:13PM
Also to give notification beeps to tell me "CYCLE HAS FINISHED" every 15 seconds, non-stop, day and night, anywhere in the world - until I go to it and manually turn it off. Yes sir, right away sir.
(Score: 1, Funny) by Anonymous Coward on Wednesday March 29 2017, @06:17PM (1 child)
Same reason God needs a spaceship.
Actually, somebody told a rookie developer they need to "scrub inputs", and they took it literally.
(Score: 0) by Anonymous Coward on Wednesday March 29 2017, @07:02PM
To escape imprisonment?
(Score: 2, Informative) by Soylentbob on Wednesday March 29 2017, @07:26PM (2 children)
Ok, there were already enough funny answers, I'll try a halfway serious one:
Besides the normal soap (tab or powder), the dishwashers I know also have compartments for special salt and rinse aid. These are not filled for each use, and an app could inform the user if a re-fill is required. Also an app could show, how long the dishwasher still needs (e.g. when going shopping / planning the day), or how long since it is done (e.g. for people who don't want to open it right away, to give it some more time to dry).
I'm not saying I'd want these features, but they are the least useless features I could think of in this context.
(Score: 0) by Anonymous Coward on Wednesday March 29 2017, @08:07PM
I would like if they could hook it up to a rep in Bangalore so I could ask them why it managed to clean some cups so well but failed to clean some other cups at all. That has always been a mystery to me.
(Score: 1) by Soylentbob on Wednesday March 29 2017, @08:48PM
Oh, and as others mentioned elsewhere, this was not a dishwasher, but a lab cleaning device. So, temperature and other measures and also timing- and availability - information might be more relevant.
(Score: 2) by davester666 on Thursday March 30 2017, @05:27AM
It means they don't have to put any physical buttons or lights on it. You load it up, close the door, then use the app to give it the settings you want to use.
Then it gives you a notification when it's done on your phone.