The Miele PG 8528 is a "washer-disinfector" intended for hospitals and other locations with potentially dangerous pathogens on their dirty dishes; it's networked and smart. And dumb.
The PG 8528 is vulnerable to a web server directory traversal attack; connect to it with a browser and you can break out of its web server and attack its whole filesystem, implanting malware that you can use to attack other devices on the network (like this widely used automated drug cabinet with 1600+ known vulnerabilities and no new patches coming).
The PG 8528 isn't supposed to be connected to the public internet, but at least one has been spotted in the wild, because being good at running a hospital doesn't make you good at information security.
Miele was notified of the bug, but, after a cursory followup, dropped it and pretended it didn't matter.
But at some point, at least one of these dishwashers was connected and findable on the internet, according to Dan Tentler, a security researcher who's one of the best at finding internet of things that shouldn't be online.
"This is fucking hilarious. A dishwasher on the internet," Tentler told Motherboard in an online chat, explaining that it's possible he might be able to find more in the future, now that he knows how to look for them.
A Hackable Dishwasher Is Connecting Hospitals to the Internet of Shit
Last week at Defcon, a security researcher named Smea presented their findings on vulnerabilities in the Lovesense Hush, an internet-of-things buttplug that has already been shown to have critical privacy vulnerabilities.
Few states have voting machines that are simultaneously more obviously defective and more ardently defended by the state government than Georgia, where 16-year-old touchscreen systems are prone to reporting ballots cast by 243% of the eligible voters and where gross irregularities in election administration sends voters to the wrong polling places or sends co-habitating husbands […]
Apple's Faceid -- a facial recognition tool that unlocks mobile devices -- has a countermeasure that is designed to prevent attackers from scanning an sleeping/unconscious (or dead) person's face to unlock their phone, by scanning the face for signs of consciousness.
If there’s one thing that stayed consistent through the last decade or so of tech industry turmoil, it’s the love affair between techies and Linux. There’s just a ton you can do with the OS, and its open-source format means you can customize your rig from the ground up. Apparently not content with that level […]
Accidents happen. And when they do, you’re going to want a dash cam for a second pair of eyes. At the minimum, a decent dash cam can save you vast sums of time and money in case of an accident. But a really good dash cam can do a whole lot more. Here are six […]
The field of data analytics is growing as fast as the internet itself. Self-driving cars, airline pricing, and huge marketing campaigns are all driven by the insights that data scientists can distill out of vast sums of information. Even with the help of powerful software like Python, it’s a highly skilled position. But those skills […]