* Posts by mikekn

1 post • joined 27 Mar 2017

Dishwasher has directory traversal bug


The key bit here: "4 RS 232 interfaces wtih RJ 45 plugs, 1 RS 232 interface with 9 pole SUB-D plug, 1 Ethernet network interface with RJ 45 plug for connection to process documentation software." This is not white goods, it's not even "Internet of Things", it's a piece of connected lab equipment that integrates into existing processes for entirely valid reasons.

So yeah, all the "hurr internet of things" comments are a bit wide of the mark here. It also says "Remote service compatible", so presumably it will indeed receive a firmware upgrade. Yes, it's an embarrassing bug for sure, but a) it's fixable and b) I presume the applications for pwned Miele 8528 lab dishwashers are pretty limited. The worst case is that it effectively becomes a denial of service on a lab until it's fixed, as they can't be sure of their process accuracy.

I mean, I know it's daft of me to even think the Reg is vaguely competent to report on infosec stuff, but not even mentioning that bit is crappy reporting. I guess it gets more eyeballs to pretend it's a bog-standard domestic dishwasher.


Biting the hand that feeds IT © 1998–2020