Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Moidodyr

Read: 548 Comments: 3 Rating: 8

It’s come to this: vulnerabilities are being discovered in dishwashers. Surprising, right?

In reality, there’s nothing surprising about it. Surely, this isn’t the first dishwasher that could be manipulated into doing something it was not supposed to do. Before the advent of the World Wide Web, hackers had to crack public telephones and safes or program calculators—they could only meddle with things they could actually get their hands on.

Now things have changed. The cost of turning a piece of equipment into a smart device is small compared with the total cost of its components. And no one wonders anymore why a dishwasher would need to run a server and use an Internet connection. Now the question is why shouldn't we connect everything within our reach to the Internet? Then we can claim that these devices incorporate a sophisticated array of features and another marketing advantage is ready to be advertised. Isn't this a good thing?

The problem is that household appliance manufacturers are neither programmers nor system administrators. In this case the vulnerability is not particularly dangerous—in theory, an attacker can gain access to the dishwasher server and steal data. This loophole can potentially be dangerous if the dishwasher is connected to a network alongside other smart devices, but thus far that’s unlikely.

The bad news is that unlike vulnerabilities in operating systems and applications—we’re well used to those—a dishwasher loophole is much harder to patch. After all, the appliance doesn't check for updates daily; it never had to do that in the past.

Another drawback is that, as we can see, appliance manufacturers don't have a sufficient IT security background. Normally if a researcher discovers a software vulnerability, he or she can shoot off an email to its respective developer and receive a "thank you" or even some monetary reward. Here the expert discovered the issue, notified the manufacturer and received no reply for three months. Needless to say, the issue wasn't fixed.

#IoT #vulnerability #exploit #Linux

Dr.Web recommends

  • If you’re wondering whether you should connect a device to the Internet or not, well, don't. Don't do it simply out of curiosity.
  • If a device requires an Internet connection and can be accessed over the Internet, don't forget to change the factory password.
  • And finally, even if you configured the connection and access parameters properly, bear in mind that loopholes are everywhere, and, if possible, scan the device with an anti-virus periodically. Dr.Web for Linux can scan smart devices via ssh; take advantage of this feature.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments