>>>
https://www.theregister.co.uk/2017/03/26/miele_joins_internetofst_hall_of_shame/>
>Surely a hacker can't reach through the router unless port 80 is forwarded? Even if port 80 were forwarded exclusively to the dishwasher- why wouldn't Miele nominate its IP range so hackers can be blocked as usual?
>
>FWIW, my new Samsung washing machine has a screen and smart internet interface. Samsung seems highly impressed that people like me really, really want to control the washing machine from my phone, but to me it's a gimmick until such time as the washing machine can load itself. Until then, it's no great burden to start the thing from its control panel after you load it. So the device doesn't deserve permanent internet access. Even if it did, you'd need to be on my side of the firewall router to access it, or you'd need to sign in through my hardware VPN so I can see who's doing what.
You've answered your own question. The main threat isn't from the public Internet, but from other devices on your LAN.
Do you have WiFi at home? Most people do. In the case of this IoT dishwasher I suspect it's WiFi only, no wired option available.
Do you have a guest network set up? Even if their router supports it most people don't know about it or haven't set it up. If your teenage kids' friends come over, which password do your kids give them? Sure, maybe you've set this all up properly, but 99% (not an exaggeration) of users don't.
For a while Windows 10 was, by default, sharing WiFi passwords. Looks like they turned off that "feature":
http://www.dailymail.co.uk/sciencetech/article-3585595/Microsoft-dumps-controversial-Windows-10-feature-automatically-shares-wifi-passwords-contacts.htmlNot to mention various WiFi hacking tools e.g.
http://resources.infosecinstitute.com/20-popular-wireless-hacking-tools-updated-for-2016/You might get the impression I'm not a big fan of WiFi for LANs ;)
Outside of direct hacking, if I were Miele I'd be looking into offering subscriptions to owners so that:
- Device sends usage and diagnostic information to Miele ("phones home")
- 3rd-party mediated service (similar to LogMeIn) allows a user to control their device from anywhere worldwide
Something like that would be a halo/gee whiz feature useful for marketing purposes. Some of it might even be useful if properly implemented. But privacy and security seem to be the last issues addressed, if they're addressed at all.
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up