Other issues in this category (35)
Friday, December 8, 2017
It’s come to this: vulnerabilities are being discovered in dishwashers. Surprising, right?
In reality, there’s nothing surprising about it. Surely, this isn’t the first dishwasher that could be manipulated into doing something it was not supposed to do. Before the advent of the World Wide Web, hackers had to crack public telephones and safes or program calculators—they could only meddle with things they could actually get their hands on.
Now things have changed. The cost of turning a piece of equipment into a smart device is small compared with the total cost of its components. And no one wonders anymore why a dishwasher would need to run a server and use an Internet connection. Now the question is why shouldn't we connect everything within our reach to the Internet? Then we can claim that these devices incorporate a sophisticated array of features and another marketing advantage is ready to be advertised. Isn't this a good thing?
The problem is that household appliance manufacturers are neither programmers nor system administrators. In this case the vulnerability is not particularly dangerous—in theory, an attacker can gain access to the dishwasher server and steal data. This loophole can potentially be dangerous if the dishwasher is connected to a network alongside other smart devices, but thus far that’s unlikely.
The bad news is that unlike vulnerabilities in operating systems and applications—we’re well used to those—a dishwasher loophole is much harder to patch. After all, the appliance doesn't check for updates daily; it never had to do that in the past.
Another drawback is that, as we can see, appliance manufacturers don't have a sufficient IT security background. Normally if a researcher discovers a software vulnerability, he or she can shoot off an email to its respective developer and receive a "thank you" or even some monetary reward. Here the expert discovered the issue, notified the manufacturer and received no reply for three months. Needless to say, the issue wasn't fixed.#IoT #vulnerability #exploit #Linux
The Anti-virus Times recommends
- If you’re wondering whether you should connect a device to the Internet or not, well, don't. Don't do it simply out of curiosity.
- If a device requires an Internet connection and can be accessed over the Internet, don't forget to change the factory password.
- And finally, even if you configured the connection and access parameters properly, bear in mind that loopholes are everywhere, and, if possible, scan the device with an anti-virus periodically. Dr.Web for Linux can scan smart devices via ssh; take advantage of this feature.