The Miele PG 8528 is a "washer-disinfector" intended for hospitals and other locations with potentially dangerous pathogens on their dirty dishes; it's networked and smart. And dumb.
The PG 8528 is vulnerable to a web server directory traversal attack; connect to it with a browser and you can break out of its web server and attack its whole filesystem, implanting malware that you can use to attack other devices on the network (like this widely used automated drug cabinet with 1600+ known vulnerabilities and no new patches coming).
The PG 8528 isn't supposed to be connected to the public internet, but at least one has been spotted in the wild, because being good at running a hospital doesn't make you good at information security.
Miele was notified of the bug, but, after a cursory followup, dropped it and pretended it didn't matter.
But at some point, at least one of these dishwashers was connected and findable on the internet, according to Dan Tentler, a security researcher who's one of the best at finding internet of things that shouldn't be online.
"This is fucking hilarious. A dishwasher on the internet," Tentler told Motherboard in an online chat, explaining that it's possible he might be able to find more in the future, now that he knows how to look for them.
A Hackable Dishwasher Is Connecting Hospitals to the Internet of Shit
A little over a year ago, Bloomberg stunned the world with a report that claimed that Chinese intelligence services had figured out how to put undetectable, rice-grain-sized hardware implants into servers headed for the biggest US cloud and enterprise companies, and that when some of the victims discovered this fact, they quietly ripped out whole […]
How can a single, ill-conceived law wreak havoc in so many ways? It prevents you from making remix videos. It blocks computer security research. It keeps those with print disabilities from reading ebooks. It makes it illegal to repair people's cars. It makes it harder to compete with tech companies by designing interoperable products. It's even been used […]
Early versions of the free/open Unix variant BSD came with password files that included hashed passwords for such Unix luminaries as Dennis Ritchie, Stephen R. Bourne, Eric Schmidt, Brian W. Kernighan and Stuart Feldman.
There are a lot of different language apps out there because nobody learns anything the same exact way – especially not something as complex as a new language. For some people, the best way is to dive in and start talking, but that’s easier said than done if you’re not around those natives you aspire […]
There’s movie merch and then there are artifacts – one-of-a-kind items for the true fans only. These 11 items definitely fall into the latter category. We’ve unearthed movie art, props and other fan touchstones from the major nerd franchises of the last 50 years. Gaze upon these Star Wars and Marvel collectibles and don’t worry. […]
No matter what kind of office you work at, there’s probably an Excel expert in it. And no wonder: Businesses are still discovering uses for one of Microsoft’s flagship software suites beyond just bare-bones spreadsheets. Make October the month you become invaluable at work by taking one of these boot camps in Excel and its […]