Miele ships dishwasher with full web server, including directory traversal bug and open write access. So if your router has UPNP enabled, the whole world can now control your dishwasher…
Please stop putting web servers in everything!
https://www.theregister.co.uk/2017/03/26/miele_joins_internetofst_hall_of_shame/
I wish, companies would know their strengths and weaknesses and act accordingly. Being able to build perfect and durable dishwashers doesn’t automatically make you an IT security expert.
That is for sure!
well if the internet would unload the dishwasher and put the dishes away…..
and fold the laundry…
mary Zeman err…, it doesn’t???
After reading a German article about this issue (after all Miele is located quite near to my home town), I now can understand why this web server was implemented in the first place: as the device is not only a professional dishwasher but also used for disinfection, the web server allows to document the disinfection processes done by that machine. This may be necessary f.i. in hospitals as well as in the pharma or food industry.
Uwe Raabe Even more so, security should have been a key feature.
Lars Fosdal Indeed!