Dishwasher has directory traversal bug (theregister.co.uk)
This is a commercial medical laboratory Washer-disinfector. The reporting is most likely mandated based on its usage in a medical setting. Some of these devices print out reports that are required to be stored. I suppose this would allow them to easily keep those records paperless.

I am in no way justifying the lack of security but I think its important to understand that its unlikely to be opened up for a free for all connected to the public internet.

Was there something wrong with having a serial connection to another device that handled the reporting like every other machine?

>I am in no way justifying the lack of security but I think its important to understand that its unlikely to be opened up for a free for all connected to the public internet.

Considering hospitals and technology I don't think this distinction matters much. There only line of defense seems to be isolation but things like wireless devices are becoming more common.

> its unlikely to be opened up for a free for all connected to the public internet.

Unfortunately, that kind of thought process is how you end up with dozens of vulnerable devices connected to a hospital intranet. Everything works fine as long as nobody tries anything fishy, but all you need is one device with a buggy Bluetooth implementation to bring down the whole house of cards and kill a bunch of people.

Why does everything need to be connected to the internet? Whatever happened to just adding in a USB port or something so you can download the data if you need it? Add in some storage and surely, a dishwasher doesn't need much storage so it would alleviate the problem and surely be cheaper not having to licence wifi.

What's the value of an internet connected dishwasher? All I can think of is remotely starting it, but all the real world applications of this could be handled by a delay start button. The other would be to tell you when it's done, which isn't really something I've ever been concerned about.

Even industrial washers that require reporting on temperatures reached and stuff like that don't really benefit from a connection.

I can see how load/fault data would be valuable to the manufacturer, but to a consumer...?

