Stories
Slash Boxes
Comments

SoylentNews is people

Dishwasher has Directory Traversal Bug

posted by on Wednesday March 29 2017, @11:28AM   Printer-friendly
from the let's-make-the-Internet-squeaky-clean dept.

davidjohnpaul writes:

A directory traversal bug has been found in a Miele dishwasher. This allows access to arbitrary files on the dishwasher's Web server from unauthenticated users. It has been questioned whether appliance makers should be the ones connecting things to networks, since their lack of experience means there isn't even an official channel to report or fix security bugs. Miele are yet to comment.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Dishwasher has Directory Traversal Bug | Log In/Create an Account | Top | 69 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by jmorris on Wednesday March 29 2017, @10:15PM (1 child)

    by jmorris (4844) on Wednesday March 29 2017, @10:15PM (#486221)

    Stop bitching about IoT and do something about it. Do not buy it, we are all early adopters so provide proper leadership and do not buy any of it under the current broken and one sided system.

    Insist on some sane ground rules before even considering buying any of this crap.

    1. If it depends on the vendor's website, the vendor must promise, in writing and backed by a bond, that the website will be maintained for at least ten years beyond the last non-clearance sale of the product. If it tied to an app it must be maintained, including porting it to new platforms that rise to 10% or more market penetration, for the same period. Or the protocol can be fully documented in sufficient detail to permit anyone with normal skill to develop one themselves.

    2. If the software installed is locked down so that it can't be patched by the owner, security updates must be provided for the same ten year period OR the locks released and the same board support package used for the original development made available to all registered customers at no cost. GPL preferred of course but even if closed, customers must get a copy at zero cost if the product is abandoned.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by kaszz on Thursday March 30 2017, @02:33PM

    by kaszz (4211) on Thursday March 30 2017, @02:33PM (#486473) Journal

    I doubt your points will happen anytime soon.

    But practically one can always tell the seller "full docs or no deal". Or make sure one can hack it oneself with proper firmware.