back to article Dishwasher has directory traversal bug

Don't say you weren't warned: Miele went full Internet-of-Things with a network-connected dishwasher, gave it a web server, and now finds itself on the wrong end of a security bug report – and it's accused of ignoring the warning. The utterly predictable vulnerability advisory on the Full Disclosure mailing list details CVE- …

  1. Gene Cash Silver badge

    [checks date - nope, not April 1st]

    [mixes very large drink - ponders 35 year old dishwasher run by clockwork]

    I'll just mention these twits are @MieleProf, @MielePro_GB, @MieleProUSA, @Miele_Press, @Miele_GB, and @MieleUSA. Yup, they're Web 2.0 run rampant.

    1. big_D Silver badge

      If so-called tech companies give up on patching a smartphone after 3 - 6 months in many cases, what chance does an IoT white good have in 10 to 20 years?

      In most cases, there just isn't any benefit to having white goods attached to the internet. What is it supposed to tell me? I can't start it until I have manually filled it up and it already turns itself off, when it is finished.

      Mine has a little light for salt and another for clear rinse, which light up when they need refilling... I just don't see the need for these things.

      1. Anonymous Coward
        Anonymous Coward

        its obviously on the dirty network

        and just as bad as all the connected cars - I have to pay £90 to just to update maps on mine let alone all the other crud/bloat attempting to become a subscription to tat service I already have perfectly well delivered on my phone for no extra charge.

        Why not just go old-school and give it a digital display!

        1. Spudley

          Re: its obviously on the dirty network

          and just as bad as all the connected cars - I have to pay £90 to just to update maps on mine

          We're straying off topic, but yeah, mine too. I laughed at them on the phone when they tried to tell me that price. I would say it's a racket, and it would be if they actually got anyone paying for these updates. But why would you do that when you can buy a new TomTom or Garmin for half that price, including updates, and with a better user interface.

          So not a racket; maybe just plain stupidity? If they're trying to sell the updates as a product, then they've clearly missed that lesson in high-school economics about supply and demand -- if they cut the price to £25, it's a pretty good bet they'd get more than four times as many sales. It's obvious really, so why do they price it so high?

          So not a racket and not stupidity. It's actually planned obsolescence. They don't want people to update the maps because they want them to go out of date. Because that will make the whole car feel more dated, which will prompt us to replace the car with a new one sooner than we might have done otherwise.

          Quite clever really. Depressingly cynical, but clever.

          1. regregular

            Re: its obviously on the dirty network

            Actually, they are milking the used car market. At least that is the reason I suspect for the higher end cars from volume manufacturers / the entire fleet from premium manufacturers.

            Most people who get to buy a brand new car and spec it to their needs automatically receive a "all-inclusive" deal for Telemetrics and Updates for 3-5 years. That is the deal for BMW and Mercedes, I would assume similar deals for other brands.

            The folks who can afford to buy those brandnew will evntually, usually well within the free period, move on to a different brand car or a newer model, releasing the car to the used car market. And that is why this racket will keep working. Corporate does not care about a second hand owner, because they regularly do not earn any money with him. Second hand owner might shell out the cash for a update grudgingly, but will surely take oil changes and repairs or tire changes to the bloke round the corner. The only person to be taken seriously when bitching about this is first hand buyer, and he never noticed the racket due to his free period.

            It's quite well played...

            1. Anonymous Coward
              Anonymous Coward

              Re: its obviously on the dirty network

              Actually, they are milking the used car market. At least that is the reason I suspect for the higher end cars from volume manufacturers / the entire fleet from premium manufacturers.

              Remind me of an article I read a few days ago about people hacking their tractorsbecause of DMCA abuse to stop the use of non-original parts.

              It appears the scope of this ought to be extended considerably, provided it can be done responsibly (the use inferior or even unsuitable materials can create a non-trivial risk). I always found the high cost of on-board GPS a bit artificial anyway, making updates cost so much strikes me as doubling the abuse.

              1. regregular

                Re: its obviously on the dirty network

                The article is indeed along similar lines, at least in terms of manufacturer strategy, although the deal with farm machinery is different - a purchase like that usually remains in use longer than passenger vehicles, and they don't change hands like used cars do.

                And yes, the same tricks are deployed by some car brands, and it is not even about cheap unsafe knock-off parts. There are ways to actually block minor, simple repairs / maintenance. Examples: BMW requires new batteries to be "learned" into the system after replacement, after an oil change the "nag counter" has to be reset etc. If access there is blocked your car might be just fine but keeps nagging you. Worse than that is automatic parking brake setting on some brands which can make replacing brake rotors / pads a pain, a dealership will just hook up their diagnostic tool and tell it to release the parking brake.

                This is not a safety "feature" but an attempt to lock people into the dealership rates, with ridiculous parts markups and hourly rates. Thankfully, for most of these nuisances the aftermarket quickly finds workarounds or hacks because demand is high.

          2. JimmyPage Silver badge
            Stop

            Re: you can buy a new TomTom or Garmin for half that price

            Why ?

            For the past 3 years I have happily used a smartphone for SatNav. My 2 Garmins (I had a stolen one returned by the police after I bought a second) sit in a drawer .....

            1. H.Winter

              Re: Why? (you can buy a new TomTom or Garmin for half that price)

              I much prefer a dedicated GPS device I can leave plugged into my vehicle for 2 reasons, no draining the battery on my phone, and I leave GPS/location services turned off on my phone.

      2. Named coward

        what chance does an IoT white good have in 10 to 20 years?...you really think modern white goods are made to last 10-20 years?

        1. Anonymous Coward
          Anonymous Coward

          "you really think modern white goods are made to last 10-20 years?"

          Yes. Some still are, as they've always been, and eg by the brand in question.

          https://www.miele.co.uk/domestic/enjoy-a-10-year-peace-of-mind-with-miele-3943.htm

          Not everything containing electronics is made by Apple. Miele is not trying to peddle you a new washing machine every year when the last model is out. They might suck at webservers, the rest of the hardware is still good.

          1. snoggs
            Thumb Up

            Non-obsolescence

            I bought my Miele dishwasher, washer, and dryer 17 years ago. They work great and never waste time on the Internet.

            1. Anonymous Coward
              Terminator

              Re: Non-obsolescence

              I bought my Miele dishwasher, washer, and dryer 17 years ago. They work great and never waste time on the Internet.

              Hah! Your next one will be busy cruising the IoT web and downloading machine-porn instead of working.

          2. Anonymous Coward
            Anonymous Coward

            "you really think modern white goods are made to last 10-20 years?"

            Yes, I do. In fact I'd say the design was defective if it didn't last at least 10 years.

            I *thought* our 8 year old dishwasher had died a few weeks ago when it decided to wet the kitchen floor. After getting out a screwdriver and spending an hour digging around, I managed to establish that the tube leading to the pressure switch that detects the water level was clogged up with gunk. 15 minutes later, I'd cleaned the part and the dishwasher was fully functional again.

            Saying that, like most things nowadays, the dishwasher was designed to a size envelope, not for repairability, so the job *could* have been easier, at the expense of the dishwasher not fitting into a standard sized hole.

        2. Hollerithevo Silver badge

          Maytag does

          Our trusty stacking Maytag washer/dryer finally bit the dust after 17 years. Imported from the USA and sadly no longer made, so I had to settle for a Bosch that takes twice and long and doesn't dry the damn clothes properly. Let's see if these get to 7 years, let alone 17.

          1. Anonymous Coward
            Anonymous Coward

            Re: Maytag does

            I had to settle for a Bosch that takes twice and long and doesn't dry the damn clothes properly

            IME, Bosch (or rather BSH) machines are far, far better at washing than the Victorian junk peddled by Maytag. On the matter of drying, they certainly will stop you before you can bake every milligram of water from the clothing. But baking your clothes old style simply means they re-asorb water from the atmosphere the moment they comes out of the machine (as well as being irretrievably creased).

            YMMV.

        3. scooternusa

          My circa 2003 General Electric dishwasher is still humming along like a champ fourteen years and counting without a single service call. Best dishwasher I've ever owned.

          1. FuzzyTheBear

            Whirlpool Hobart been in the house since 1978 . Never failed once yet ... Norge fridge dated 1949 also still on the job. They made em to last a lifetime indeed and agreed Miele is doing great quality ,imho , professional stuff , the network plug is one too many.

      3. Anonymous Coward
        Anonymous Coward

        big_D: "In most cases, there just isn't any benefit to having white goods attached to the internet. What is it supposed to tell me? I can't start it until I have manually filled it up and it already turns itself off, when it is finished."

        ... You appear to be looking for something that would be a benefit to you. Please make no mistake, in a lot of cases IoT is not about consumer benefit, it's about them:

        - Making it stand out in the store -- It has to have a bigger LCD panel than the competitors model and some bright animation playing on it to draw you in - things that are actually no benefit to you, but higher numbers and larger sizes sell even when they are not relevant. I imagine that once more than half of dishwashers have a screen on them, there will even be some poor folk who will not consider buying one without a screen, even if they don't know why.

        - Letting them know how you use it -- They need to know when the salt is low, whether you skip putting rinse aid in, when it's due for a service etc. They can even kindly let you know after 11 months that you in fact bought the wrong model because you do two washes per day and as it happens they have made a newer model with a quicker wash cycle. How great would it be to have a d/w less than a year old displaying an advert for the d/w it wishes it was. And you can bet all those variables will be added into warranty contract so it's easier for them to say it's your fault the d/w broke because you used Aldi rinse aid, didn't top up the salt, and you should have bought the model which was fit for your usage case.

        The possibility that it might be some use to you during your period of ownership is the last thing they think about.

        1. fajensen Silver badge
          Terminator

          Please make no mistake, in a lot of cases IoT is not about consumer benefit, it's about them:

          If "they" build a spectrometer into the unit, they can analyse the food you are eating and propose healthy options (while secretly procuring a life insurance on you before grassing you up to the insurers).

          If you use your machine for washing laboratory glassware, they can see what you are working on and front-run your patents - or narc on you.

        2. Anonymous Coward
          Anonymous Coward

          IoT is not about consumer benefit, it's about them:

          Put an LCD screen on the front and push out ads to your appliance?

          You know it's going to happen - unless it already is.

      4. JLV Silver badge

        If it wasn't for a general dropping trend in burglary rates, then such unprotected devices would be very useful when casing houses, just by peeking at their usage. Script kiddie skill only.

        Assume a dishwasher runs once every 1-2 days. A house in summer time with more than a week since the last load is likely empty. Add that police, logically enough, typicallly don't prioritize responding to burglar alarms and you have 15-20 minutes to loot.

        1. Kiwi Silver badge

          Add that police, logically enough, typicallly don't prioritize responding to burglar alarms and you have 15-20 minutes to loot.

          Even worse.. How many routers damn near automatically trust any access to their config system from inside the local network? These days, how many people are hooking their alarm and camera systems up to said router?

          Oh, and there's those nice doorlocks that talk to your phone via bluetooth or the local WiFi (if you're close enough to be on your local net, you're close enough for the door to be unlocked), and other ones that use NFC/RFID.. All of which are configured by a HTML/JS-based app on the device's internal webserver, which of course talks to anything in the localnet IP range...

          If you can run arbitrary code on a device linked to the local lan, it's feasible now in a lot of homes that you can take over the security of the home. And heating and other devices as well. Why, you could totally piss the owners off by starting their web-enabled at a time other than when they specified!

    2. Wensleydale Cheese

      This one gets my vote for Headline of the Year

      "[checks date - nope, not April 1st]:

      Still chuckling, as I type.

    3. The Man Who Fell To Earth
      FAIL

      Can't find the IP Address of my pitchfork

      Guess it won't work now...

      1. herman Silver badge

        Re: Can't find the IP Address of my pitchfork

        Well, what did you expect? You didn't pay for the updates to your pitchfork, so now the internet access expired. That's why, you cheapskate...

      2. David 132 Silver badge
        Joke

        Re: Can't find the IP Address of my pitchfork

        Dunno about my pitchfork, but this IoT madness has certainly spread to other things in my garden - I have a tree with root capability, and to make matters worse it runs on SAP...

    4. J. R. Hartley Silver badge

      Web2.0rrhea at its finest.

    5. Kiwi Silver badge
      Coat

      [checks date - nope, not April 1st]

      Actually, it is.

      Though I took 5 days to get around to reading this story...

  2. J P

    Bewildered. (That's grown-up speak for "wtf")

    Before I get too many downvotes, I do have tongue more or less in cheek on the title - but what follows is 100% serious.

    Until we have self loading dishwashers, how can they need internet access? We don't run them til they're loaded. Humans load them. Once they're full, we set them off. If we don't want them to clean the dishes straight away, they have a "delay" feature so we can run them when the Economy7 has kicked in/while the sun's up and our solar panels are providing the juice.

    Us humans put the salt, tablets & rinse-aid in. Needing internet access to order more rinse-aid etc when it's running low is (until the manufacturers can be trusted with anything sharper than a crayon or warmer than a cushion) a decidedly sub-optimal path.

    So why on earth do we need internet enabled dishwashers? "Because we can" is a valid human argument for scaling Everest (for those humans so inclined/capable) but letting household appliances loose on the internet "because we can" (rather than "because we need to") is lazy, foolish & pointless.

    1. aberglas

      Re: Bewildered. (That's grown-up speak for "wtf")

      To misquote Edmond Hillary, They are connected to the internet because it (the internet) is there.

      They can, um, ping your iphone when the dishes are done. Let you check that the kids have run the dishwasher from work. Keep statistics about powder usage. Disable the machine if it is found to be used by terrorists. The possibilities are only limited by your imagination...

      The next dishwasher that I buy will certainly be connected to the Internet of Things ... because I won't have any choice.

      1. JeffyPoooh Silver badge
        Pint

        Re: Bewildered. (That's grown-up speak for "wtf")

        "The next dishwasher that I buy will certainly be connected to the Internet of Things ... because I won't have any choice."

        If you simply fail to inform your inevitable IoT dishwasher of the password for your household Wi-Fi hotspot, then it's significantly less likely to actually connect.

        If your dishwasher starts cracking router passwords, then it's time to call in Sarah Conner.

        1. Charles 9 Silver badge

          Re: Bewildered. (That's grown-up speak for "wtf")

          "If you simply fail to inform your inevitable IoT dishwasher of the password for your household Wi-Fi hotspot, then it's significantly less likely to actually connect."

          Unless, of course, it's able to use a whispernet.

          1. Number6

            Re: Bewildered. (That's grown-up speak for "wtf")

            Provided I can disassemble it and use wirecutters on the interface before it can send out a distress call then I win. Always assuming there isn't some sort of deaddishwasher's switch.

            I only have one IoT thing on the property and that's squirrelled away on its own subnet so in theory it can talk to the rest of the world but not my local network. Given how crap the associated cloud-based website is (slower than a glacier), I'm sorely tempted to see if I can reverse-engineer the protocol and hack it to talk only to something under my control.

            1. Paul Smith

              Re: Bewildered. (That's grown-up speak for "wtf")

              "Provided I can disassemble it and use wirecutters on the interface " - You clearly haven't read the DCMA small print. That is a deliberate attempt to circumvent the copyright holders rights and could get you 20 years of in the pokey.

        2. aberglas

          Re: Bewildered. (That's grown-up speak for "wtf")

          "If you simply fail to inform your inevitable IoT dishwasher of the password for your household Wi-Fi hotspot, then it's significantly less likely to actually connect."

          After 30 days being unable to check for software updates it will refuse to run at all. An essential safety feature to keep you safe.

          1. Anonymous Coward
            Anonymous Coward

            Re: Bewildered. (That's grown-up speak for "wtf")

            "After 30 days being unable to check for software updates it will refuse to run at all. An essential safety feature to keep you safe."

            And after another 180 days there will be no more software updates as the next generation model is released.

            On the point of phoning home is there any evidence yet of IoT devices that have no functional purpose connecting to internet, bricking because of a lack of internet access?

        3. Not That Andrew
          Windows

          Re: Bewildered. (That's grown-up speak for "wtf")

          It will probably just connect automatically to next door's BT wifi hotspot

        4. JPWhite

          Mr

          Miele to Comcast.

          Hey we've noticed a lot of WiFi routers with the Xfinity SSID. We are wiling to pay you x thousands of dollars per year for access to that network.

          Comcast to Miele

          OK your checked cleared, here is how you access the network.....

          Customer installs dishwasher, dishwasher sees Xfinity SSID broadcast by customers neighbor. Dishwasher connects and calls home.

        5. KLane

          Re: Bewildered. (That's grown-up speak for "wtf")

          I just set up a cheap WiFi router with no WAN connection, and connect anything that doesn't need outside world access to that. They can talk to each other all they want.

        6. JeffyPoooh Silver badge
          Pint

          Re: Bewildered. (That's grown-up speak for "wtf")

          Me "...time to call in Sarah Conner."

          Funny picture: http://tinyurl.com/SarahConnerLOL

          A picture of The Terminator confused by a Captcha.

      2. Jonski

        Re: Bewildered. (That's grown-up speak for "wtf")

        They can, um, ... Keep statistics about powder usage.

        I use those blocks with the dissolving wrapper. My powder usage precisely correlates 1:1 to the number of cycles I've run.

        The irony is rich however. This vuln will now let my dishwasher convert Spam to spam.

      3. Anonymous Coward
        Anonymous Coward

        Re: Bewildered. (That's grown-up speak for "wtf")

        I see what you did there. You said 'iPhone' and obviously meant 'Hipster' as frankly the only people who would buy this POS and then connect it to the internet are those with more money than sense a.k.a. Apple customers.

        Then the bit about the kids. Loved it.

        My kids are on the other side of the planet. Perhaps I should connect my DW up so that they can check on their GOM and that he is ok? (GOM== Grumpy Old Man)....

        Sorry no. While I am an Apple customer (I have a secondhand iPhone) I would never buy AND connect something like this up to the internet in a million, no make that a gazillion years.

        I'd actually go out of my way to NOT buy an appliance like this.

      4. Anonymous Coward
        Anonymous Coward

        Re: Bewildered. (That's grown-up speak for "wtf")

        "The next dishwasher that I buy will certainly be connected to the Internet of Things ... because I won't have any choice."

        Like vinyl records - there will come a time when some people will want their white goods to be "old school". As the IoT will only be a controller function then - like a car's ECU - a business will exist to tweak its function.

        That will then be made illegal for reasons of safety - and because the government wants electricity suppliers to be able to control your white goods devices.

        Globalisation will mean that every mechanical part will come from the same source - and only the final branding and cosmetics will be different.

        1. herman Silver badge

          Re: Bewildered. (That's grown-up speak for "wtf")

          Well, I must be Olde Skool, since my microwave oven has a wind up timer, but I have never seen a dish washer with a wind-up timer. My guess is that Miele simply used a generic Linux controller and the ethernet port and web server is simply for programming and testing it on the production line and isn't actually intended for daily use.

      5. Anonymous Coward
        Anonymous Coward

        Re: Bewildered. (That's grown-up speak for "wtf")

        To misquote Edmond Hillary, They are connected to the internet because it (the internet) is there

        To quote Jasper Carrott: a dog's bum is there. It doesn't mean you have to go up it.

      6. Anonymous Coward
        Anonymous Coward

        Re: Bewildered. (That's grown-up speak for "wtf")

        > To misquote Edmond Hillary, They are connected to the internet because it (the internet) is there.

        No, it was not Hillary, but George Mallory (q.v.) who when asked why he wanted to climb Everest replied "Because it's there!"

        1. Anonymous Coward
          Anonymous Coward

          Re: Bewildered. (That's grown-up speak for "wtf")

          > No, it was not Hillary, but George Mallory (q.v.) who when asked why he wanted to climb Everest replied "Because it's there!"

          Additional I've read that he only gave that reply because while on a pre-exhibition (possibly fund raising) tour of the US he became increasingly fed up by everyone always asking why he wanted to climb Everest

      7. IsJustabloke
        Stop

        Re: Bewildered. (That's grown-up speak for "wtf")

        "The next dishwasher that I buy will certainly be connected to the Internet of Things ... because I won't have any choice."

        Or rather would like to be....

        And while I'm sure there will come a time when it being connected is required by the T&C's I doubt we're quite there yet.

    2. gerdesj Silver badge
      Childcatcher

      Re: Bewildered. (That's grown-up speak for "wtf")

      "Before I get too many downvotes," - nope, you get a UV for a well reasoned argument. I suspect product design went a bit like this:

      We can bolt internets onto our usual model, markup £200 retail for <sticks finger in the air> £13.56 RnD plus parts per unit. No let's skip the R bit and throw in most of a cheap IP camera's guts without the CCD etc. Fiddle with the web UI and profit. App n stuff. Internets - great.

      I don't own a washing machine with an IP stack. I already have a THINGS VLAN and a SEWER VLAN for devices that scare me more ('leccy readers eg) than stuff I put on THINGS. This will need yet another VLAN for stuff I wouldn't even put on SEWER.

      What the hell do I call that? How about AIRGAP? It would certainly have Security Onion looking at it sternly. My home network is probably not your average but I sometimes wish it was.

      1. Steve Crook
        Unhappy

        Re: Bewildered. (That's grown-up speak for "wtf")

        We get internet connected dishwashers because Miele think there are idiots out there who would choose their model over one without an internet connection, and that fewer people will refuse to buy it for the same reason.

        In that sense I think Miele are entirely correct in their assumptions. If we (in the widest sense) are living in hell, it's one we made...

      2. big_D Silver badge

        Re: Bewildered. (That's grown-up speak for "wtf")

        With a decent firewall, you could also apply a rule to ensure that the SEWER VLAN is blocked from communicating with the Internet and blocked from communicating with the local network. Problem solved.

        Luckily, we don't have smart meters here, yet. But if they do, they won't be joining our home network, without a written TOS which includes information about timely update policy and a guarantee for compensation in the case that their device attacks my network. If they want it to phone home, they can pay for their own damned connection!

        1. pete_v

          Re: Bewildered. (That's grown-up speak for "wtf")

          > Luckily, we don't have smart meters here, yet. But if they do, they won't be joining our home network

          That's ok, they don't want to - they handle their own connectivity. The electricity meter obviously has the most power available, so it talks to the mothership, I assume over GSM. I'm told the gas meter is powered by a little turbine spinning in the gas flow, giving it just enough juice to talk Zigbee to the nearby leccy meter. They don't go anywhere near any of my kit, and I get a bill each month for what I actually use rather than the company making up a random number, direct debiting whatever they feel like, and then trying to reconcile a huge discrepency every couple of years.

          I expect there's probably some implementation stupids when it comes to switching provider (haven't tried yet) but I'm a fan of the principle.

          1. big_D Silver badge

            Re: Bewildered. (That's grown-up speak for "wtf")

            The Dutch did a calibration test of current electric smartmeters. One was about 14% pessimistic, but most were up to 550% optimistic (i.e. registered 550% more electricity than was actually used)!

            It turns out the smartmeters can't cope with dimmable energy saving lights and LEDs.

            1. Anonymous Coward
              Anonymous Coward

              Re: Bewildered. (That's grown-up speak for "wtf")

              The dutch measurements surely over-dramatized the problem a bit. Nevertheless, some official bods are looking into it: http://goo.gl/a6N4wn

          2. regregular

            Re: Bewildered. (That's grown-up speak for "wtf")

            >> and I get a bill each month for what I actually use rather than the company making up a random number, direct debiting whatever they feel like, and then trying to reconcile a huge discrepency every couple of years.

            Just make sure you have no LED lighting or dimmer switches in your home. With those devices, some smart meters have been reported to report wildly inaccurate readings. Wildly inaccurate as in 700% higher.

          3. Anonymous Coward
            Anonymous Coward

            Re: Bewildered. (That's grown-up speak for "wtf")

            "I get a bill each month for what I actually use rather than the company making up a random number,"

            so do i and i don't have a smart meter. I do something really old school i read my meter on the last day of the month and give this reading to the electricity company (online) and they then invoice me correctly for the amount used.

          4. Anonymous Coward
            Anonymous Coward

            Re: Bewildered. (That's grown-up speak for "wtf")

            "[...] and I get a bill each month for what I actually use rather than the company making up a random number, direct debiting whatever they feel like, and then trying to reconcile a huge discrepency every couple of years."

            It doesn't always go smoothly.

            "One customer’s £1,900 bill"

            https://www.theguardian.com/environment/2017/mar/26/uk-energy-firms-big-six-smart-meter

          5. IsJustabloke
            Facepalm

            Re: Bewildered. (That's grown-up speak for "wtf")

            "but I'm a fan of the principle."

            I'm a big fan of the principle where I pop out to my cabinet every couple of weeks and let my supplier know the readings and thus I avail myself of the same no "guesstimate" billing.

          6. AndrewDu

            Re: Bewildered. (That's grown-up speak for "wtf")

            "probably some implementation stupids when it comes to switching provider "

            You are so right. The stupid is, that if you change provider, the smart meter doesn't work any more. End of.

            Apparently they forgot that bit when designing them, probably because the implementation phase goes back to nationalised industries, at which time you couldn't change provider because there was only one.

          7. Lamont Cranston
            Unhappy

            Re: "implementation stupids when it comes to switching provider"

            @ pete_v

            Yep - your "smart meter" reverts back to being a regular meter, except now you have to navigate through a menu to get a reading off of it. Smart Meters are a crock of shit.

        2. mistersaxon

          Re: Bewildered. (That's grown-up speak for "wtf")

          Smart meters will have a 3G+ B2B network connection - hacking your wifi is not the only danger with a device that can tell crooks when you are home and optionally cut you off (or bill you £'000s for unreal electricity as is more likely).

          I'm refusing all offers of one at the moment.

          1. js.lanshark

            Re: Bewildered. (That's grown-up speak for "wtf")

            It must be nice to have a choice. Mine was installed last week with no option of refusal. Well, If I refused I got no service that is.

      3. 2+2=5 Silver badge
        Happy

        Re: Bewildered. (That's grown-up speak for "wtf")

        > I already have a THINGS VLAN and a SEWER VLAN for devices

        Upvote for the vLAN names.

        I'm thinking [1] of writing a firewall module for OpenWRT or similar that can be configured with the details of IoT devices and selectively buggers with their packets. So a connected telly will find that it can download the program guide perfectly, but when it tries to upload viewing statistics the packet contents get randomised, or sent in the wrong order etc.

        [1] Which means I'll never find the time to learn how to do it, but I throw the idea out here in case anyone else wants to have a go. :-)

      4. CrazyOldCatMan Silver badge

        Re: Bewildered. (That's grown-up speak for "wtf")

        I already have a THINGS VLAN and a SEWER VLAN for devices that scare me more ('leccy readers eg) than stuff I put on THINGS

        Likewise. And I can disable the "things" access to the outside world with one click on the network firewall (hard to reach the internet when your default gateway is no longer responding..)

        Although I don't have a sewer vlan. I found it easier to just never connect the things in the first place.

    3. a_yank_lurker Silver badge

      Re: Bewildered. (That's grown-up speak for "wtf")

      Have an upvote. I am not convinced a self loading dishwasher would need an Internet connection. It could be programed to load and if full run at time ex. My coffee maker has a feature to auto brew at a preset time. We are not talking rocket science.

      1. Wensleydale Cheese

        Re: Bewildered. (That's grown-up speak for "wtf")

        " I am not convinced a self loading dishwasher would need an Internet connection."

        What if it insists on being given an email address before it will start working?

        That Samsung phone* I bought a few years ago wouln't let me in without a Google address.

        * now scrapped

    4. TReko

      Re: Bewildered. (That's grown-up speak for "wtf")

      >So why on earth do we need internet enabled dishwashers?

      Because that is what sells them.

      Products are designed to be sold, not to be used.

      A dishwasher is a dishwasher, the cheapest model does what the most expensive model does: clean dishes.

      1. Def Silver badge

        Re: Bewildered. (That's grown-up speak for "wtf")

        A dishwasher is a dishwasher, the cheapest model does what the most expensive model does: clean dishes.

        That's a little unfair. The cheaper models will almost certainly be less power and water efficient, noisier, probably slower, and possibly a bit more crap at actually cleaning.

        1. Alistair Silver badge
          Windows

          Re: Bewildered. (That's grown-up speak for "wtf")

          "The cheaper models will almost certainly be less power and water efficient, noisier, probably slower, and possibly a bit more crap at actually cleaning"

          Generally I'd say no, they aren't. Noisier is very likely but is absolutely relative to the installation, since most come with fairly decent sound proofing and room for improvement. Mostly, the cheaper ones are the stock from last year, the year before, the year before that, and the year before THAT.

          <An associate had to do some cabling in a whirlpool warehouse ..... and learned many interesting lessons about large appliances that day.>

          1. Anonymous Coward
            Anonymous Coward

            Re: Bewildered. (That's grown-up speak for "wtf")

            Please share your experiences...

      2. Anonymous Coward
        Anonymous Coward

        Re: Bewildered. (That's grown-up speak for "wtf")

        "A dishwasher is a dishwasher, the cheapest model does what the most expensive model does: clean dishes."

        A few years ago I replaced my dishwasher as the old one was beyond "economical" repair. Asking friends for recommendations of their proven ones - I discovered that manufacturers change their models every couple of years. On-line reviews were a similar problem - not to mention some of the horror stories.

        Finally went for a Siemens as a mid-priced brand used by some friends - and on-line reviews seemed favourable for a specific model.

        Every time I use it I wish that I had had the old one repaired. Yes - the new one is quieter and has "eco" features - but it just doesn't clean the dishes reliably. Everything has to be "clean" before it is loaded into the machine otherwise it needs a hand wash afterwards.

        I suspect the noise of the old one meant it was spraying the water at a much higher velocity. The "Eco" features also seem to minimise the drying cycle - so that things are still wet at the end.

        A microwave oven is an appliance one would expect nowadays to be - well - just a microwave.

        I have given up trying to buy a new one. My requirements are obvious - or so I thought: stainless steel cavity; touch timer panel; enough ventilation so that the interior doesn't drip copious amounts of water during cooking. Oh - and no reviews saying "failed after a few weeks" - or - "caught fire".

        1. Anonymous Coward
          Anonymous Coward

          Re: Bewildered. (That's grown-up speak for "wtf")

          Yes. I have noticed that the Eco features in modern appliances screw them up. Manufacturers trade off good performance against getting a extra star on their eco rating.

    5. Ilgaz

      Re: Bewildered. (That's grown-up speak for "wtf")

      They love to spy on their users. A internet connected dishwasher can share 'anonymous" statistics about how and when it is used.

      Things can be really interesting for washing machine, you can figure out the exact nature of clothing & profile of a rich household.

      Obviously, a burglar or some other evil guy can use the data for his own purposes.

    6. 9Rune5

      Re: Bewildered. (That's grown-up speak for "wtf")

      "So why on earth do we need internet enabled dishwashers?"

      I can think of one reason: Simpler UI.

      The delay feature on my appliances leaves a lot to be desired. I am only interested in what time it will finish, not when it will start. "Done by 7am" is what I want. But I am sure there are others who are more interested in the start time... That means a heckuva lot of buttons, or a big LCD right there on the appliance... Or.... How about a web based UI that you can use from your favorite pad?

      But even so, I have to concede that the extra complexity is just not worth it.

      1. Dan 55 Silver badge

        Re: Bewildered. (That's grown-up speak for "wtf")

        Presumably if you had a dishwasher with a clock, the "finish by" time could be set in a similar way as the "start time" delay, by holding down one button and repeatedly pressing another. That's if you really are unable to calculate a delay time - 1.5 or 2 hours or however long the washing cycle is - at least a couple of hours more for the warm air to dry them.

        Then again, this kind of feature is aimed at people who cannot set clocks on kitchen appliances and probably have UPnP on their routers and will never run a security update in their life unless their computer or phone bludgeons them into it (note all the missing devices from that list), so it's all going to end in tears anyway.

      2. Anonymous Coward
        Anonymous Coward

        Re: Bewildered. (That's grown-up speak for "wtf")

        "So why on earth do we need internet enabled dishwashers?"

        I can think of one reason: Simpler UI.

        In that case, give me a local connection. Bluetooth or something. I have no problem with it talking to ME, but I have a major problem with it talking to the rest of the planet, ditto for any other appliance (and God help the poor sod who wants to come and install a smart meter, because he/she will have to explain why they won't sign for damages payment when it goes wrong - in the presence of some journalists, because I'm mean like that).

        A number of people have said that devices are made to sell, not to function. I would like to comment that this sort of uncontrolled crap is the perfect UNsell as far as I'm concerned - no flaming way.

    7. Pen-y-gors Silver badge

      Re: Bewildered. (That's grown-up speak for "wtf")

      But a really good self-loading dishwasher would be neat! Of course it would need a droid extension that wanders around the house picking up dirty coffee cups and plates, in which case it WOULD need internet access so that it could message you to ask 'have you finished with this half-eaten pork pie?'

      1. CrazyOldCatMan Silver badge

        Re: Bewildered. (That's grown-up speak for "wtf")

        message you to ask 'have you finished with this half-eaten pork pie?'

        "Oh, and by the way, can you call the dog to ask him to stop chewing my power cord? It's giving me a terrible pain in all the FPGAs down my right-hand side"

      2. Anonymous Coward
        Anonymous Coward

        Re: Bewildered. (That's grown-up speak for "wtf")

        But a really good self-loading dishwasher would be neat! Of course it would need a droid extension that wanders around the house picking up dirty coffee cups and plates, in which case it WOULD need internet access so that it could message you to ask 'have you finished with this half-eaten pork pie?'

        You just made me realize I married a dishwashing machine!

    8. JetSetJim Silver badge

      Re: Bewildered. (That's grown-up speak for "wtf")

      But, for a mere £2,000+, you too can have one of these marvellous devices which give you the benefit of this marvellous marketing blurb:

      "With the MobileControl function you can keep an eye on your Miele appliance, even when you're not at home - via smart-phone or tablet PC. Not only can you access the programme status, you can also conveniently select and start programmes regardless of location using your mobile terminal device. Simply download the Miele@mobile app and connect the device to Miele@home. When you return home, your Miele appliance has already finished its work. "

      1. Doctor Syntax Silver badge

        Re: Bewildered. (That's grown-up speak for "wtf")

        "With the MobileControl function you can keep an eye on your Miele appliance, even when you're not at home - via smart-phone or tablet PC. Not only can you access the programme status, you can also conveniently select and start programmes regardless of location using your mobile terminal device. Simply download the Miele@mobile app and connect the device to Miele@home. When you return home, your Miele appliance has already finished its work. "

        It's a pity I'm not in the market for a new dishwasher. I'd have let a salesdroid give that spiel just so I could have asked "Why would I want to?". And then show them my ancient non-Apple, non-Android phone.

    9. regregular

      Re: Bewildered. (That's grown-up speak for "wtf")

      Regarding to the "Why do we need that", the question can be answered by googling the actual device. Unless the model number has a typo, this particular device is an industrial grade washer for restaurants or similar places. One selling point is the capacity of over 200 glasses, not exactly a con- or prosumer grade appliance.

      I can see a few reasons why a large gastronomy outfit might want a dishwasher that "calls the boss" when it is done or needs attention. There may be more than one of those, the "bing" that signals a finished cycle might be drowned out by ambient kitchen noise etc.

      1. Anonymous Coward
        Anonymous Coward

        Re: Bewildered. (That's grown-up speak for "wtf")

        "prosumer"

        Wankiest word of the day.

        1. Dog11

          Re: Bewildered. (That's grown-up speak for "wtf")

          @AC "prosumer"

          Wankiest word of the day.

          It's been in use for quite a while. E.g. a video cam that costs $4K (which was what a Panasonic DVX-100B went for new, though today it's called "obsolete"). That's way less than a real pro cam, but almost as good and way more than Uncle Bob will spend to make pictures of the kids.

    10. herman Silver badge

      Re: Bewildered. (That's grown-up speak for "wtf")

      So how is the electric butler of the electric monk supposed to wash his master's begging bowl without an internet connection to the dishwasher?

  3. This post has been deleted by its author

    1. Dave 126 Silver badge

      Re: A software bug in a dishwasher?

      You're not familiar with Miele, are you? True, they've dropped the ball on this one issue, but they are the only appliance maker that makes stuff the last and to be repaired. For example, their washing machines still allow the bearings to be replaced, and use a cast iron ballast instead of concrete.

      This has been the consistent results if independent testing by the Consumer Association (which is financed by member's subscriptions, not adverts).

      1. Anonymous Coward
        Anonymous Coward

        Re: A software bug in a dishwasher?

        funny enough we have a said Miele dishwasher that you can connect to the tinterweb if you so wish, I haven't, as you need and android or apple phone to manage it. The dishwasher itself is very good cleans miles better than our old Siemens one

      2. Anonymous Coward
        Anonymous Coward

        Re: A software bug in a dishwasher?

        "they are the only appliance maker that makes stuff the last and to be repaired."

        Someone I know has had MULTIPLE replacements of a Mile appliance in only a few years due to it continually failing.

        Mile have financially incentivised them to NOT put details on social media.

      3. Doctor Syntax Silver badge

        Re: A software bug in a dishwasher?

        "use a cast iron ballast instead of concrete."

        Ballast of any sort must be more or less unique these days. Just replaced the washing machine and the guys who took the old one away were a bit taken aback by the weight.

      4. Anonymous Coward
        Anonymous Coward

        Re: A software bug in a dishwasher?

        "they are the only appliance maker that makes stuff the last and to be repaired"

        huh - you've not had 3 successive control boards fail (one per year) then have you - with a cost of $500 per board!!!

        all because they use a 50 cent chip to control the water inlet valve - with said chip failing - often in the closed position, so that as soon as you try turning on it starts pumping water into the machine....

        now to be fair, after complaining to the president of the company, they did come out and replace the last one (which is now holding for the second year) - BUT it still took an email to Germany to get results...trying to deal with the company here in Canada produced nothing other than a 10% off the cost of the part...

        I have since tracked down the bad chip and have ordered in spares (resulting in a few repaired spare control boards) - BUT the company does not offer any kind of a repair/rebuild service for the elecronics - it's either buy a new one or buy a new unit - and at $500 per board it's better to buy a bosch/maytag/ge etc than it is to try a repair their unit....

      5. Anonymous Coward
        Anonymous Coward

        Re: A software bug in a dishwasher?

        You're not familiar with Miele, are you?

        I think your sense of humour is caffeine dependent. The whooshing sound is the joke (washed up; lather, rinse, repeat) going over your head - go get some coffee and you'll be fine :).

        As for Miele, in my experience there are quite a number of good brands out there, just not if you buy the cheapest device in the range. There is a reason the good ones cost more money - they know they won't sell that many of them.

        I myself have a Bosch Maxx which had ONE repair in 20 years and that was 2 months after I bought it. Having a kid with eczema meant the oils in the ointments in his clothes ate away at the door seal, so the Bosch service engineer replaced it with a neoprene one which was impervious to that and it's been doing a very good job ever since - near daily.

  4. The Nazz Silver badge

    Really Miele

    Why, just why?

    As an aside i have a dishwasher that occasionally connects to the 'Net and yet suffers few if any bugs at all.

    In fact, 'm so healthy i could die tomorrow.

  5. jake Silver badge

    Who in the FUCK ...

    ... came up with THAT totally fucking stupid idea? I mean, seriously, hands up all y'all who have been pining for a dishwasher with an embedded web server. We'll wait.

    ::crickets::

    That's what I thought ... AND THIS IS A TECHNONERD SITE!

    1. big_D Silver badge

      Re: Who in the FUCK ...

      Me, but not for me to buy, it would mean easy money for my Pen-Testing business.

      1. Dave 126 Silver badge

        Re: Who in the FUCK ...

        Nobody asked for a dishwasher connects to the web. Some people have asked for a dishwasher that can be turned on remotely,for those mornings when the whole process of getting the kids ready and driven to school is a nightmare.

        People are interested in the end, not the means.

        1. jeffdyer

          Re: Who in the FUCK ...

          web <> net

        2. Phil O'Sophical Silver badge

          Re: Who in the FUCK ...

          people have asked for a dishwasher that can be turned on remotely,

          And then they got home to find they'd forgotten to put any soap in, so they had to run it again. Their smart meter will then email them to warn then that running a dishwasher twice a day is wasteful.

    2. regregular

      Re: Who in the FUCK ...

      Google the model. Full height, industrial size dishwasher with capacity over 200 glasses.

      This is clearly not con- or prosumer, but for large outfits. I can see why a convenient remote monitoring feature might be a selling point to customers who need one, or even many, of those things. Big kitchens are loud and busy, and missing the "bing" of a finished cycle or a red LED requesting maintenance happens easily and wastes time.

      This is probably a feature aimed at maximising efficiency, so no time is spent by walking up and checking to see if it is ready to unload and reload. You just wait until it tells you it is ready.

      1. big_D Silver badge

        Re: Who in the FUCK ...

        There are also domestic versions offering the phone-home features.

    3. hoola Bronze badge

      Re: Who in the FUCK ...

      What you have missed is the root cause of the chaos we have. There is a generation now out there who have no concept of security, don't case about privacy and constantly spend every waking out post or consuming inane tat that is posted on social media sites.

      The whole "Internet if Things" or the "Connected Home/Car/Shed" is just an extension of the same fad. For reasons that escape me, being able to login to you heating, dishwasher or fridge is seen as a worthwhile. In this case, the dishwasher has either run or not. If it is about to run out of stuff a light comes on to tell me. I then have a box of stuff to refill it. What I don't need to do is have a message sent to me to tell me it has run out of stuff, you simply do not run these appliances buying a single sachet at a time for a single cycle.

      As for the bollocks about saving energy, they amount of energy that has gone into making all the electronics required to run it will far outweigh any savings. The trouble is that it is invisible and in the rush to have the latest piece of tat (that will probably only last 3 years) only exacerbates the problem. E-Waste is a complete monster of a problem that STILL has not been tackled properly, and never will until it becomes more economic to recycle rather than create new.

  6. Anonymous Coward
    Anonymous Coward

    Maximum Overdrive

    Looks like the 80's film 'Maximum Overdrive' by stephen king, wasn't in fact, completely shit as I once thought. It was just ahead of it's time.

    1. beep54
      Devil

      Re: Maximum Overdrive

      'Maximum Overdrive' may have been ahead of its time but, unfortunately, the film was still completely shit.

      1. Aristotles slow and dimwitted horse Silver badge

        Re: Maximum Overdrive

        Yes, looking back at it now (as I did recently) it is a bit shit - but it is still quite good fun to watch.

        It does however have a superb soundtrack by AC/DC.

  7. Your alien overlord - fear me

    My dish washer is connected to the internet. Me !!!

    1. Pompous Git Silver badge

      "My dish washer is connected to the internet. Me !!!"
      My dishwasher connects to the Internet too. SWMBO! :-)

      1. Anonymous Coward
        Anonymous Coward

        Is that what's known as a passwordless proxy?

  8. Mark 85 Silver badge

    (please, readers, ponder those three words in succession and tell us they don't make you want to grab pitchforks),

    No pitchfork here... more like something thermonuclear.

    1. big_D Silver badge
      Facepalm

      But is it internet connected?

      My pitchfork registers how many times I jab it into things, it can also tell, based on the resistance, whether it has been stuck into earth, hay or flesh. It is then displayed in real-time on my smartphone.

      Taking into account the governments attitude to encryption, I am way ahead of new legislation, it is all sent in the clear, so no worries about it being used by terrorists!

  9. LegalAlien

    Not a run of the mill dishwasher

    http://www.miele-pro.com/us/prof/products/14071_16161.htm

    Not a scientist, but can sort of see this device is supposed to be shared

  10. Gareth79

    By the looks of it, the 8528 is a very high end labatory glassware cleaner and disinfector with many programmes and reporting facilities, so it's not surprising it might have a fully featured controller (heck, some hospital beds have touchscreen TFT controllers!)

    However, you'd expect software updates for your £tens of thousands dishwasher.

    1. gerdesj Silver badge

      Gareth79 and LegalAlien - cut out that original research stuff. How the hell is a commentard supposed to jerk the knee properly when you point out that the subject is not designed for home use?

      It's still rubbish, IT-wise but hardly likely to affect anything like a mass market.

      1. eldakka Silver badge
        Coat

        @gerdesj wrote:

        It's still rubbish, IT-wise but hardly likely to affect anything like a mass market.

        Unless it's used by the clergy that is.

    2. mikekn

      The key bit here: "4 RS 232 interfaces wtih RJ 45 plugs, 1 RS 232 interface with 9 pole SUB-D plug, 1 Ethernet network interface with RJ 45 plug for connection to process documentation software." This is not white goods, it's not even "Internet of Things", it's a piece of connected lab equipment that integrates into existing processes for entirely valid reasons.

      So yeah, all the "hurr internet of things" comments are a bit wide of the mark here. It also says "Remote service compatible", so presumably it will indeed receive a firmware upgrade. Yes, it's an embarrassing bug for sure, but a) it's fixable and b) I presume the applications for pwned Miele 8528 lab dishwashers are pretty limited. The worst case is that it effectively becomes a denial of service on a lab until it's fixed, as they can't be sure of their process accuracy.

      I mean, I know it's daft of me to even think the Reg is vaguely competent to report on infosec stuff, but not even mentioning that bit is crappy reporting. I guess it gets more eyeballs to pretend it's a bog-standard domestic dishwasher.

      1. Doctor Syntax Silver badge

        "The worst case is that it effectively becomes a denial of service on a lab until it's fixed"

        Until the malware starts connecting to the lab centrifuges. Or intercepting LAN traffic and reporting back.

    3. Doctor Syntax Silver badge

      "By the looks of it, the 8528 is a very high end labatory glassware cleaner and disinfector with many programmes and reporting facilities"

      Which means it has even more reason to be properly secured.

  11. Andrew Jones 2

    I suspect it's going to take persons with malicious intent to cause something like flooding or fire forcing a complete recall - before manufacturers are going to start taking this stuff seriously. At the moment - manufacturer are probably thinking - so they can get into the machine - what's the worst they can realistically do?

    1. gerdesj Silver badge
      Childcatcher

      "what's the worst they can realistically do?"

      A home grade washing machine can spin at 14,000 rpm and heat water. Water is heavy - 1 Kg for 10cm^3 - and these things can take a lot of water. There is also a large chunk of concrete inside the machine to help damp vibrations and act as inertia as required.

      So what could possibly go wrong with a large electrical device in a metal case with lots of water, a powerful heater, a large piece of concrete, a large spinny thing that can go really fast and a controller that has gone to the bad?

      1. Steve Davies 3 Silver badge

        What can go wrong?

        Just ask Samsung about their dryers that ignite...

        Everything my dear Watson, everything.

        1. Bronek Kozicki Silver badge

          Re: What can go wrong?

          ... or better ask Beko

      2. Allan George Dyer Silver badge
        Coat

        Wow! You spin dry your plates at 14,000 rpm?

        icon - something to clean in your dishwasher?

      3. Triggerfish

        A home grade washing machine can spin at 14,000 rpm and heat water. Water is heavy - 1 Kg for 10cm^3 - and these things can take a lot of water. There is also a large chunk of concrete inside the machine to help damp vibrations and act as inertia as required.

        So what could possibly go wrong with a large electrical device in a metal case with lots of water, a powerful heater, a large piece of concrete, a large spinny thing that can go really fast and a controller that has gone to the bad?

        Hmmmn are you saying we could Stuxnet washing machines?

      4. Doc Ock

        >Water is heavy - 1 Kg for 10cm^3

        Ah but what if it's heavy water ? Then it's 1.1 g mL−1. Throw in some uranium 235 and you've got a fantastic self sustaining "extra hot wash" cycle, note this model is only for those with deep pockets and lots of spare lead lying around. With that D2O it can also handily double as a H1 NMR*

        *Super conducting magnets and RF generator not included and sold separately.

      5. BinkyTheMagicPaperclip Silver badge

        I suspect you mean 1,400 rpm, not 14,000. My latest washing machine (last one died messily, although I knew it was on its way out and ran it until it died) handles 9Kg of cottons at 1,600rpm (and probably 95 degrees wash at the same time).

        I'd bet that the IoT bit of connected washing machines can't make the drum explode, as the most reasonable course of action is for the manufacturer to use the same controller, and provide an interface to it, rather than provide unfettered access.

        1. Phil O'Sophical Silver badge
          Headmaster

          I suspect you mean 1,400 rpm, not 14,000

          And 10³ cc, not 10 cm³

  12. RudderLessIT

    It's crazy, but it's very Miele

    I can remember back in 2003 when I was studying my post grad, one of the lectures was on how their commercial machines were connected to the internet to advise of maintenance requirements.

    To be fair to Miele, this is one of the few use cases that makes sense in using IoT.

    Having said that, there is no excuse for an inability to maintain their own software (insert famous Yoda to Luke quotation here).

    1. DougS Silver badge

      Re: It's crazy, but it's very Miele

      Having appliances that can call for service is a totally acceptable use of "IoT". That does not require an internal web server though, only the ability to send an email. If you want an internal web server for information or diagnostics, require a magic key sequence on the front panel to enable it and automatically disable it after one hour. That way only someone with physical access can turn it on, because they are the only ones who should ever need to access it (on a tiny LCD front panel, not a web server) It has an option for a modem that will call for service, but it isn't installed.

      You can document the key sequence in the owner's manual if there's stuff in there the owner might want to see. The geeks among us might enable it every month or two to see what information it collects (amount of washes, amount of water used, amount of electricity used, date of last service, etc.) The water softener at my business collects info on the amount of water used and can report instantaneous flow rate, which I found useful a few times.

      The flaw is thinking that a device needs to be connected and available full time. I realize this is a commercial model intended for laboratory sanitization, but it is still hard to see why you'd need to have a full time web server. Though hopefully at least an institution that buys something like this (I assume it is easily into 5 digits) has a firewall and a full time IT organization.

      1. Bronek Kozicki Silver badge

        Re: It's crazy, but it's very Miele

        If you want an internal web server for information or diagnostics, require a magic key sequence on the front panel to enable it and automatically disable it after one hour.

        That's almost exactly what my SIP phone does - there is web interface for configuration which has to be enabled by combination of buttons on a handset, and then it disables itself after configurable timeout. But then the thing was made by people who actually knew what they are doing, with this thing function being entirely dependent on actually being connected to the Internet ...

    2. Steve Davies 3 Silver badge

      Re: It's crazy, but it's very Miele

      I have a BOSCH Dishwasher. 13 going on 14 years old. Not needed any maintenance.

      There goes your argument. A properly designed and made device should last for years.

      No need for a £9.99/month service plan/warranty that is not worth the paper it is written on.

      If it breaks tomorrow and can't be repaired then I'll just buy another one.

      The ROCI for the DW works out at around £30/year.

      How many skinny half-cafe Latte's in Starbucks is that?

      Paid for itself which would lead me towards getting another of the same make.

      It is a frigging kitchen appliance for heavens sake.

      1. Mine's a Large One
        Stop

        Re: It's crazy, but it's very Miele

        Our Bosch DW is about 12 years old, and no probs so far either. And like you say, if it did, we'd call an engineer or buy another.

        We've just replaced our (faultless) 21 year old fridge freezer, and whilst looking at options in the stores, the salespeople were incredibly keen to push those with Internet connectivity... "but it knows when you're running low on milk... etc". Funny, but I can tell that myself when I look at the bottle or pick it up!!

        Nope. Not a chance in my house!!

        1. Phil O'Sophical Silver badge

          Re: It's crazy, but it's very Miele

          Our Bosch DW is about 12 years old, and no probs so far either.

          If I were to type something like that, I would inevitably get home to find the kitchen flooded, and the glassware in small pieces.

      2. eldakka Silver badge

        Re: It's crazy, but it's very Miele

        @Steve Davies 3

        There goes your argument. A properly designed and made device should last for years.

        No need for a £9.99/month service plan/warranty that is not worth the paper it is written on.

        Long long time ago I was a kitchen hand in a commercial restaurant. The dishwasher we used there (no no, the mechanical one, not me) would go through 5 cycles an hour (a single cycle would only take 10 minutes or so because, well, it ran hotter and harder than a consumer dishwasher). So a typical day could see the dishwasher doing 30+ cycles a day, 900+ a month. Having some-sort of in-built monitoring and auto-callout for predictive issues (worn parts etc) could be very useful in that case.

      3. Anonymous Coward
        Anonymous Coward

        Re: It's crazy, but it's very Miele

        Never understood applicance insurance (except it's a big earner for the retailers and insurers). You have warranties that cover for at least the first year, often you can get one with longer. If you insure a number of applicances you are soon paying as much as replacing an item every year or two. Had three DOA (or shortly after) appliances in 30 years, covered under warranty, other than that they have lasted at least 15 years.

        1. Anonymous Coward
          Anonymous Coward

          Re: It's crazy, but it's very Miele

          "You have warranties that cover for at least the first year, often you can get one with longer. "

          The independent retailer who supplied my washing machine advised me that a repair in the first year should be claimed under the manufacturer's guarantee.

          For the remaining two years of the guarantee there was only "free" parts. He said to get an estimate from him first - as unless it was an expensive part the manufacturer's labour charges would be excessive. The manufacturer out-sourced their repairs - so even a claim under the guarantee was subject to a £100 call fee if they couldn't see a fault when they came.

          1. Triggerfish

            Re: It's crazy, but it's very Miele

            If it's the Eu then I think only free parts in the second year might be wrong, pretty sure you are covered against manufacturer defect for longer then a year.

        2. 's water music Silver badge

          Re: It's crazy, but it's very Miele

          Never understood applicance insurance (except it's a big earner for the retailers and insurers)

          Sorry, what was the bit you couldn't understand?

        3. Kiwi Silver badge
          Holmes

          Re: It's crazy, but it's very Miele

          Had three DOA (or shortly after) appliances in 30 years, covered under warranty, other than that they have lasted at least 15 years.

          Got an extended warranty on a TV once - cost me $150 for an extra 5 years cover. Few weeks before the extended warranty was due to run out the TV died quite badly.

          So my brand new $1600 TV actually only cost me $150. Extended warranties can be a waste, but they can also be a great investment. Ya rolls the dice, ya takes ya chances.

          (Now if I'd done the same with the new TV it would've been a waste, 10 years on and it's still going fine)

      4. Anonymous Coward
        Anonymous Coward

        Re: It's crazy, but it's very Miele

        "Paid for itself which would lead me towards getting another of the same make."

        Unfortunately for long-lived devices - the brand name rarely guarantees any repeat of quality.

        I bought a new Kenwood Chef mixer. It had been redesigned as part of their "continuous improvement" process - for which also read "better profit margins". The new one looked the same - but had a flimsy plastic casing instead of solid cast aluminium. They had also changed the accessories connector - so the existing accessories were made obsolete.

        1. Wensleydale Cheese

          Re: It's crazy, but it's very Miele

          'I bought a new Kenwood Chef mixer. It had been redesigned as part of their "continuous improvement" process - for which also read "better profit margins". The new one looked the same - but had a flimsy plastic casing instead of solid cast aluminium. '

          Mixing dough with the new lighter model will not be a good experience.

    3. Androgynous Cupboard Silver badge

      Re: It's crazy, but it's very Miele

      Here's the machine here: PG 8258. You're unlikely to have one of these in your home kitchen...

  13. Schultz
    Mushroom

    The only reason for the dishwasher to be connected to the internet...

    is to talk to the toaster and the microwave when planning home defense protocols.

    1. Anonymous Coward
      Anonymous Coward

      Re: The only reason for the dishwasher to be connected to the internet...

      You FOOL! You've given away the secret to our plans for World Domination! Now we'll have to start microwaving your clothes, toasting your coffee, & washing your food. You bastard!

      -Signed, The CCTV camera you installed to watch for burglars but is doing double duty to Warn The Others when you pull up into the property.

  14. Anonymous Coward
    Paris Hilton

    I blame Apple and the iPhone

    Ok... not specifically but in a moment of empathy for stupid users, whom most of us look down on from a great height, we grownups have lived through the growth of the internet and the release of the iPhone.

    This was when someone told us that our stupid phones would suddenly be pocket computers that did everything a looked sexy... and it was mostly true.

    Now everyone believes anything about tech because the iphone happened.

    Users are stupid but they are just following the marketing and buy this stuff.

    1. Dave 126 Silver badge

      Re: I blame Apple and the iPhone

      Eh?

      The iPhone succeeded because people like tech that is useful or distracting (or really, were getting bored of having to teach a T9 predictive text system to swear and a virtual qwerty seemed nice), not vice versa.

  15. Jonski

    That scene from Cherry 2000

    Yes that one

    https://www.youtube.com/watch?v=Y6KJtFZoflc

    (starts around 0:30)

    1. allthecoolshortnamesweretaken

      Re: That scene from Cherry 2000

      Yeah, yeah, we've all had dates end like that.

  16. Winkypop Silver badge
    Coat

    I'm gunna wash that LAN right out of my hair...

    Apologies for those old enough.

  17. Ilgaz

    I always wondered one thing

    Miele devices could be updated via serial & USB since 90s and now this. I always wondered how secure is this process. A washing machine hitting 90 Celsius while it has $10.000 worth of delicate designer clothes wouldn't be cool. Or a dishwasher not doing porcelain program.

    1. allthecoolshortnamesweretaken

      Re: I always wondered one thing

      Make sure you do not confuse the update for the washing machine with the update for the cement mixer.

      1. eldakka Silver badge

        Re: I always wondered one thing

        Even worse, the update for the vibrator with the update for the dishwasher.

  18. Anonymous South African Coward Silver badge

    Only South Africans will understand this :

    Only Miele is Pi*l* for hack0rz

    So doff... they should have hired a white hat to fiddle with its wobbly bits before unleashing it...

    ...and it serves them right.

    1. Anonymous Coward
      Anonymous Coward

      Miele Pap? That stiff porridge like substance that accompanies the boervors at a braaivleis.

  19. Ken Moorhouse Silver badge

    Directory Traversal Bug

    Used to have a washing machine that had a Kitchen Traversal Bug when on some cycles of its programme.

  20. Lee D Silver badge

    Ubiquity of general-purpose computers = ubiquity of general purpose security problems.

    Things will only get worse as companies realise that it's cheaper to just put a Raspberry Pi in place of that specialist circuit board that controls everything, and then it's only one click from putting it on the net in the next model.

    Seriously - look at the RPi zero boards with their wifi and GPIO. You're not telling me that making that old ancient washing machine control board is cheaper than that? Even the Arduino was a micro-controller really, but now it's just as cheap to deploy a full machine.

    Economics of general-purpose computers that small, cheap, well-connected and powerful is going to be the end of any kind of sense in electronic devices. Prepare to see them in everything from phones and answering machines to clocks and radios.

    1. Korev Silver badge
      Terminator

      I suspect that a RaspberryPi would not be as tough as one of the specialist boards and would have a much shorter lifetime. On the other hand, if it lasts until a day or two after the warranty expires then that's great for the vendor.

      1. Stoneshop Silver badge

        Specialist boards vs RasPi

        For stuff like dishwashers, you would not only need a processor, ROM and RAM, but also a power supply, relays (solid state, most likely nowadays), some kind of display, and a couple of connectors for the various sensors, and as much of that on a single board as possible for ease of assembly (=lower manufacturing costs). So it may have the guts of a Pi, but physically it won't be one.

        1. Anonymous Coward
          Anonymous Coward

          Re: Specialist boards vs RasPi

          "[...] power supply, relays (solid state, most likely nowadays), some kind of display, and a couple of connectors for the various sensors, [...]"

          When getting into Arduino programming last year - it was a surprise how many peripheral modules are now available at very low prices from China.

          Only had one problem . A voltage up-converter that blew an electrolytic when it was first switched on. It was only rated at 35v - which was the nominal maximum output. Other suppliers' pictures of apparently the same board showed they used a more tolerant 50v capacitor.

          Construction of 250v relay boards varies. Some have parts of the board removed to give better terminal insulation.

      2. Wensleydale Cheese

        "I suspect that a RaspberryPi would not be as tough as one of the specialist boards and would have a much shorter lifetime."

        You are correct. Mine has developed what seems to be a dry joint in the power connector.

        The vibrations present in a washing machine or dishwasher weren't in its design spec.

      3. Anonymous Coward
        Anonymous Coward

        "[...] if it lasts until a day or two after the warranty expires then that's great for the vendor."

        if it lasts until a day or two after the warranty expires then that's great for the vendor it's over-engineered.

        FTFY

  21. Anonymous Coward
    Anonymous Coward

    "Appliance makers: stop trying to connect to the Internet, you're no good at it."

    Appliance makers: But we all want to be Facebook / Google / Uber etc....Because making actual products is really hard work with low margins and no glorious advertising income...

  22. evetillard

    This dishwasher is not an appliance, but a professional tool. This is a washer-disinfector for hospitals and labs, with options like barcode scanners and printers, and more. Connecting a professional dishwasher like this is far from useless, at least for remote maintenance and everything. Once again, this is Industrial IoT, not home automation.

    Then, this makes the vulnerability even worse. Do we want to take risks with a disinfector that washes hospital equipment? No, and having a bug that brings us back to the 1990's and the early days of the Web shows how device vendors are playing catchup without realizing the investment required.

    1. Gareth79

      An example of a devastating exploit would be to wash everything at 20 degrees C but report out that it was washed at 200.

  23. Anonymous Coward Silver badge
    Facepalm

    Not the vuln you are looking for

    FTA

    "And once they're in those directories, it's party time because they can insert their own code and tell the web server to execute it."

    Just because you can read, doesn't mean you can write or execute anything. Embedded devices often have partitioned filesystems so you would have very limited access to anything more critical and a reboot would clear most issues too.

    OK, basic security errors often go together because a programmer with no clue will be responsible, but that doesn't automatically mean that directory traversal leads to code injection.

  24. DrXym Silver badge

    Smart is the new dumb

    I know my dishwasher is doing something because I stack it with plates, insert a tablet, physically start it and can hear it working until such time as its done, at which point it beeps.

    Making the thing "smart" is just an excuse to charge a hundred quid more for a feature that does fuck all quite frankly.

    IoT does have a lot of practical uses, but these "smart" appliances are not one of them. Just an excuse to part fools from some extra money.

  25. wolfetone
    Coat

    The USP

    Salesman: "You should buy this dishwasher sir."

    Sir: "Why? What's so good about it?"

    Salesman: "You can turn the dishwasher on from the office, or on your way home, using your mobile!"

    Sir: ".... does it load the dishwasher from my phone?"

    Salesman: "No sir, you'd have to load it manually."

    Sir: "So why would I load the dishwasher manually, then walk away and turn it on from my phone while on the train? Surely I'd just turn it on once I've finished loading it?

    Salesman: ".... have you ever thought about buying a Samsung Smart TV sir?"

    1. Anonymous Coward
      Anonymous Coward

      Re: The USP

      [From recent experience] having the ability to remotely determine whether a dishwasher has been unloaded/load/run would be a significant USP if you have a teenage son at home who regularily "forgets" to do the smallnumber of jobs he's asked to do! If it incldues a security weakness that might be exploited to allow ability to affect devices on the same LAN (e.g. tunring off the Xbox) then that would be a double USP!

  26. Doctor Syntax Silver badge

    "It's unclear which libraries Miele used to craft the Web server, which means without a fix from the vendor – for a dishwasher – the best option is to make sure the appliance isn't exposed to the Internet."

    No. That's the second best option. The best option is not to buy anything that's given a facility to connect to the internet that it doesn't need. A dishwasher doesn't need a facility to connect to the internet.

  27. AceRimmer1980
    Coat

    Miel web server?

    C'est un honey trap.

  28. Anonymous Coward
    Anonymous Coward

    Shaving foam

    Just wondering why the guy in the stock pic put shaving foam all over his dishwasher?

  29. DDDavid

    PG 8528 isn't really a 'dishwasher'

    The PG 8528 isn't really a 'dishwasher', it's actually a laboratory glassware washer - as used in hospital laboratories etc.

    See: http://www.miele-pro.com/us/prof/products/14071_16161.htm

    I believe such laboratories have to keep records confirming that each item of glassware has been washed correctly, including confirmation that the water in the washer reached the correct temperature, and that the correct temperature was maintained for the correct period of time.

    I think older washer models displayed this information on a screen, or printed out a slip of paper, which the operator had to copy/key in to the record keeping system. So the intention was to lessen the need for human intervention, and lessen the scope for human error.

  30. Alistair Silver badge

    Final point.

    PLEEAAASEE!!!

    you eeedjits.

    Stop buying the "tablets". Which are power pressed lumps of the powder for which they are charging 3 times what they charge for the powder. I get 24-30 washes out of a $7.00 box of powder instead of paying $22.50 for a box of 28 tablets. It is becoming harder and harder to find the damned powder in boxes by itself.

    1. Pompous Git Silver badge

      "It is becoming harder and harder to find the damned powder in boxes by itself."

      So why bother?

      1. Place dirty dishes in dishwasher as usual (grime, goo and all).

      2. Add about three drops of regular dish soap to your dishwasher's detergent cup.

      3. Fill the cup 2/3 of the way with baking soda.

      4. Add salt until the cup is nearly full. This is to suppress foaming.*

      Run your dishwasher as normal.

      * When my dishwasher foams there's nothing I can do but wait for her to calm down. But then I find her immensely more sexually attractive than the average dishwasher.

  31. MJI Silver badge

    My internet enabled dishwasher

    Is currently looking at new wood flooring.

    I have to do two rooms and she is looking for the colour she wants.

  32. fatalXception

    I dunno, I can think of one time this would have been really handy - about 6 weeks ago my washer stopped working, it would work away for about 20 minutes and then just stop, with a single blinking red light. There's no LED display on most low-end dishwashers so no way to know what's wrong

    Thought it was knackered and was pretty sure I'd need to replace it - I figured the element was gone or something - when I discovered (whilst doing something unrelated under the sink, which required me to unplug a bunch of pipes) that there was a big horrible ball of gunk stuck in the water outlet pipe of the washer and this was why the washer was failing. Once that was sorted, it's been fine since.

    Would have been nice to have gotten a text or be able to log into some kind of "what is wrong with you" type webpage in the washer to see that the cycle was shutting down as it was unable to empty the water, I would have known right away what the problem was.

    1. Anonymous Coward
      Anonymous Coward

      The LED could have flashed in a sequence to identify the problem - like Dell laptops used to do. If it had a "finished" bleeper then that could do the same thing.

      If there are too many possible fault messages - then it could use slow Morse Code.

  33. Anonymous Coward
    Anonymous Coward

    Actually....

    I could think of a few reasons why Internet connection could be helpful in this case...for example:

    Gathering information about how many times dishwasher is being used could lead to overview of how much water/ energy you are using over period of time. Eventually it could advice user on much he/she could save if the machine was used more efficiently (for example, fill it better before use...). It could advice you on usage of different programs, with aim to improve efficiency/ cost savings/ environment, components wear out, provide for maintenance advice etc.

    Most of the people push the button ("highest cleaning settings") and forget about it. If the machine is broken, they simply replace it with new one and don't give it another thought (apart from complaining that everything used to be better "in the past").

    Especially from the perspective of protecting the environment, this could prove positive (e.g. if dishwasher is properly maintained, the equipment lifetime could maybe double). Water could be saved by more efficient usage, etc.

    I agree though that companies should think first, engineer and design responsibly (and demonstrate the added value); rather than adding features "without thinking"....(especially if they obviously lack appropriate ICT competence).

    Though what is happening at the moment is that people buy an "intelligent device" because it is "cool" and have no idea why (and most of the time the functionality is half-baked and not working properly so they do not use it anyways). As well as the manufacturers don't care because if it works and if it works works well, they will end up selling less dishwashers in first place, or be "forced" to work on more environment friendly (read: more expensive) models.

    Idea is thus good. Execution...not so much (across the board with the IoT devices for now).

    1. Anonymous Coward
      Anonymous Coward

      Re: Actually....

      I tried all the settings on my new "eco" Siemens dishwasher. None of them can be relied upon to get the dishes clean every time. I suspect that the "eco" requirements of noise, water usage, and electricity took precedence over actually doing the job properly.

      It is annoying that it only comes with a cold fill facility - so my more economic source of hot water can't be used.

      1. tiggity Silver badge

        Re: Actually....

        Some of the eco washes can clean OK, but if you want to use them, need to intersperse with max hot washes, otherwise the low temperature washes allow some of the more thermophile bacteria / fungi to set up home in your dish washer, but a hot wash normally nobbles them (though also worth a proper cleaning / disinfecting op in dishwasher every now and again).

  34. Simon Harris Silver badge

    Internet connected dishwasher.

    Don't forget to put salt in the passwords file.

  35. russsh

    Alphabet buys your dishwasher manufacturer

    ...then a year later bricks it because (1) it cbf supporting that buggy software, (2) not enough of your spending habits are revealed by your dirty dishes and (3) it can.

  36. Matt 94

    Response code - 418 I am a teapot?

    There's a SOAP joke in there somewhere as well

  37. Tom Paine Silver badge

    Directory traversal attacks let miscreants access directories other than those needed by a web server. And once they're in those directories, it's party time because they can insert their own code and tell the web server to execute it.

    * Reads it again... no, still wrong.

    Directory traversal typically means read-only access. You need something very different to be broken or misconfigured before exteranl users can connect and upload arbitrary files which they can then execute. (If it's properly set up, the attacker can only execute code as the 'nobody' or 'apache' user, or similar restricted access / unprivileged account. Preferably in a chroot, jail, or similar segregated fake environment.

    1. tfewster Silver badge
      Facepalm

      And read-only as the ID running the webserver...

      ...which should be apache, not root, and the apache ID shouldn't have permissions to read /etc/shadow. You have to change a lot of the out-of-the-box security settings to create such a vulnerability.

      1. Anonymous Coward
        Anonymous Coward

        Re: And read-only as the ID running the webserver...

        Unless, of course, the files you can read give you the information you need to perform a privilege escalation that LETS you wreak havoc.

  38. Tezfair

    The closest I will get to an IoT washing machine thank you very much....

    [o]

  39. Anonymous South African Coward Silver badge

    I'll rather get one from the Discworld, complete with nanny-demons to keep the cutlery and all that sparkling clean.

    It just need a blue steak, some raw eggs, a brick of salt and a block of cheese once in a blue moon. (Hey, the nanny-demons gotta eat as well).

  40. ckdizz

    Still can't figure out why half of all Reg stories have comments apparently written by my grandad in the throes of complaining that things aren't what they used to be.

  41. This post has been deleted by a moderator

    1. Charles 9 Silver badge

      "Nobody with a healthy brain would buy such focking washing machine with wireless/ethernet/whatever!"

      Unless, of course, the ONLY choices of sustenance left available to you are manure, dung, and crap. What are you going to do if you're starving?

  42. Adam JC

    Re: The Need For Speed

    I can see a lot of comments on here about Smart Meters going nowhere near their network. Smart Meters use ZigBee to communicate with the little in-house display gadgets and don't go anywhere near your home network to be fair. They use HAN/ZigBee to talk to other smart meter(s) nearby. The WAN side is over the mobile network for connectivity, so SmartMeter's are the exception to the IoT drama for now, although I believe they would like to tap into dishwashers/dryers/washing machines/fridges etc in the future via ZigBee and whatnot to utilise surplus energy.

  43. dee_emm

    Terminator XX - Rise of the IOT

    I need your clothes, your boots and your washing liquid. And add in some softener too.

  44. Ken Moorhouse Silver badge

    Update Patches...

    Will they mirror that of certain printer manufacturers?

    "Ah, I see you've used the wrong tablets, exceeded the duty cycle, etc. Your warranty is cancelled."

  45. zen1

    What the hell

    Why on earth would I ever need a web freaking dish freaking washer? What's more, the day I have to install a firewall in front of my dishwasher, fridge or toilet is the day I reject and all technology.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019