Why the fsck would a dishwasher need to be connected to the internet? From Motherboard:
A Hackable Dishwasher Is Connecting Hospitals to the Internet of Shit
If it's connected to the internet, it can be hacked. In an age where manufacturers are rushing to put any kind of device onto the internet, we're quickly finding out that how adage holds true. Crock-pots, light bulbs, thermostats, GPS trackers for kids, billboards, and even teddy bears have all been hacked recently.
Alas, that's not stopping anyone from connecting stuff to the internet. The German domestic-appliance giant Miele decided to make a dishwasher that can be connected to the internet and, of course, someone found out it has a bug that allows hackers to break into it, infect it with malware, and give them the opportunity to use it as leverage to hack other devices on the network.
The worst part of all this is that this ain't your average dishwasher. This is a "washer-disinfector" that's mostly used in hospitals or medical facilities and labs. So it can be a good target if your end goal is to steal private medical information or maybe hold the hospitals' computers for ransom.
Jens Regel, a security consultant, found a "web server directory traversal" bug in the Miele PG 8528 when he was prodding a network for vulnerabilities during a consulting gig, what's known in the industry as a penetration test or "pentest." That kind of vulnerability allows an unauthorized attacker to gain access to the file system of the server to which the machine connects to.
Unreal - and there is no patch forthcoming from Miele. Another example of this is the Pyxis Supplystation from Carefusion - from last March's article in BoingBoing:
Automated drug cabinets have 1400+ critical vulns that will never be patched
The Pyxis Supplystation from Carefusion is an automated pharmaceutical drug cabinet system that's still widely used despite being end-of-lifed by its manufacturer -- a new report from CERT discloses that independent researchers Billy Rios and Mike Ahmadi have found over 1,400 critical remote-attack vulnerabilities.
Many of the vulnerabilities need very little skill to exploit and the researchers say they believe they're already being exploited in the wild, with exploits being publicly available.
The cabinets are based on Microsoft's discontinued Windows XP/Server 2000 products. Carefusion will not issue patches for the old systems, but they have provided some advice to help customers mitigate the risk from these bugs (things like using VPNs, having a firewall, etc).
The ICS-CERT (different CERT than what I am doing out here) report is here: Advisory (ICSMA-16-089-01) CareFusion Pyxis SupplyStation System Vulnerabilities
Christ on a Corn Dog - how many people will be seriously injured with crap like this. I am reminded of the Therac-25 from the 1980's. Next time I am at the hospital visiting anyone, I'm bringing my laptop with nmap and some other goodies installed.