Is Your Dishwasher Trying To Kill You?

1st April 2021

Does every device in your home really need to be connected to the internet? And could it be turned against you? Jake Moore, Cyber Security Specialist at ESET explains more:

If you try to purchase a new appliance these days, there is a good chance you will be guided toward the most up-to-date, state-of-the-art, smart appliances first. Whether you are in the market for a new dishwasher, fridge or even toaster, the chances are there is an internet-enabled device waiting to target you, but why the increase in IoT (internet of things)? Do we really crave every item in our houses to be smart, or do these companies have something a little more sinister up their sleeves where they actually just make things smart in order to learn more about us?

From the toothbrush that sends you a notification in the form of a graph of how well you brushed your teeth in the morning to the smart fork that senses if it thinks you’re eating too fast (I really am not making this up), we might just be walking into a future of IP-connected mayhem. IoT has boomed in the last decade and while I love a good gadget with a truly smart capability, where should we draw the line?

The future of technology within health and social care
Trending
The future of technology within health and social care

Some devices are arguably being produced with internet capability just for the sake of it. With more and more smart products coming to market as standard, what if I really don’t want an internet-connected washing machine? Does it make my life easier? And what about the security implications of having all these extra IP addresses in the home? Let’s not forget the saying that the ‘S’ in ‘IoT’ stands for security!

Data collectors

I was recently in the market for a new dishwasher and after lots of research, I found one that came highly reviewed and recommended. It happened to come with smart functionality by default and an app to download for all your smart home needs – apparently. I found a statement in marketing material about IoT dishwashers suggesting that you can take advantage of knowing ‘how long until the wash is done’, though I don’t see that as much of an issue when I’m out and about. I’m not sure about you, but this usually isn’t on my mind when I go out for a walk; then again, I guess they are catering for all people.

Such smart appliances are often around the same price as their equivalent non-smart model now too. Now I know I didn’t really need my dishwasher to be smart, but it was the same price and the techie inside me actually wanted to know its capabilities or to see if it could improve my life somewhat, so I carried on with the purchase and installed the app.

While setting up the app on my iPhone, I noticed a lot of data was being collected and linked to me, including my location, user content and contact info plus other identifiers. I went through all the settings and discovered a lack of two-factor authentication too, but this is typical with a lot of IoT.

Once I’d connected the app to the dishwasher, I wanted to see what type of connectivity I could take advantage of. I played around with the app for a bit and learned what was on offer. I opened the door to load the dishwasher, but I was soon interrupted as I had been sent a notification. I checked my phone and realized that I had been notified that the door had been opened…. I know! I opened it!

I quickly turned this notification off, but I soon found the app was not all that intuitive and in fact quite cumbersome. Later that evening and although I could have turned it on remotely, I was standing right next to it as I had just placed the last plate in; although I had my tablet with me, it was far quicker to turn it on physically, and like the reviews said, the dishwasher was refreshingly quiet when it started.

However, two hours later, it all changed in the house. I was standing next to my new appliance when and the door began to open on its own accord as if it was possessed and was coming after me! Had my dishwasher been hacked and was now riddled with malware being remotely operated in order to kill me?! As the steam rose from the glistening plates, I soon realized that it was in fact the automatic door-opening feature that had sprung into action to improve the “drying performance”.

Ok, I overreacted a little, but this strange new spaceship-like feature caught me off guard and made me jump in the process. However, what this ordeal made me question was whether appliances and other gadgets really need to be smart? In this case, I am certain that the app was not, in fact, making my life more streamlined, so I deleted the app and made a conscious effort to stand clear of the door near the end of a cycle.

My hypothesis is that companies are in desperate need of our data. Cars have been sending a wealth of information back to their manufacturers for many years now and they are often the first to tell you that you have gone over the 10,000 miles threshold and now require service. This is now the norm for other gadgets around the home and we are seemingly willingly accepting this.

However, this information could be used against us if it were to get into the wrong hands. Malicious actors are constantly attacking websites looking for data and unfortunately some personal data inevitably still gets compromised and ends up on the dark web. Theoretically, threat actors could gain access to this live data in the cloud and even learn our daily habits, which could include when we have vacated the premises.

Although I am not aware of any data leaks involving smart household appliances, it is worth noting that these devices suck up a lot of personal data and store it in the cloud for multiple purposes – with, in my personal opinion, very little of this trade-off actually helping the products. This data trove can be seen as currency to some stakeholders and could be targeted so we must limit the amount of data we release in the first place.

If your device has to be internet enabled to function, consider reducing the amount of data you hand over to the developers of smart products. Furthermore, use unique passwords or passphrases, enable two-factor authentication where possible, and keep your devices updated to steer clear of as many vulnerabilities as possible.

Just consider this: If a malicious actor were to hold my dishwasher to ransom, there is a good chance they would get my money as I really hate washing up that much. So, until smart dishwasher apps come with being able to load the dishwasher, put the dishes in and unload it after a wash as standard, I think I’ll stick to traditional appliance usage in the kitchen for now.

Follow Jake on Linkedin for more insights into Cyber Security.

We think you'll like:

Jake Moore

Jake is a Cyber Security Specialist for ESET, Europe's number one internet security and antivirus company.

What is a User Journey

Erin Lanahan • 19th April 2024

User journey mapping is the compass guiding businesses to customer-centric success. By meticulously tracing the steps users take when interacting with products or services, businesses gain profound insights into user needs and behaviors. Understanding users’ emotions and preferences at each touchpoint enables the creation of tailored experiences that resonate deeply. Through strategic segmentation, persona-driven design,...

From Shadow IT to Shadow AI

Mark Molyneux • 16th April 2024

Mark Molyneux, EMEA CTO from Cohesity, explains the challenges this development brings with it and why, despite all the enthusiasm, companies should not repeat old mistakes from the early cloud era.

Fixing the Public Sector IT Debacle

Mark Grindey • 11th April 2024

Public sector IT services are no longer fit for purpose. Constant security breaches. Unacceptable downtime. Endemic over-spending. Delays in vital service innovation that would reduce costs and improve citizen experience.

Best of tech to meet at VivaTech in May

Viva Technology • 10th April 2024

A veritable crossroads for business and innovation, VivaTech once again promises to show why it has become an unmissable stop on the international business calendar. With its expanding global reach and emphasis on crucial themes like AI, sustainable tech, and mobility, VivaTech stands as the premier destination for decoding emerging trends and assessing their economic...

Enabling “Farm to Fork” efficiency between supermarkets & producers

Neil Baker • 03rd April 2024

Today, consumers across the UK are facing a cost of living crisis. As a result, many retailers and supermarkets are striving to keep their costs down, so that they can avoid passing these onto shoppers. Within this, one area that is increasingly under scrutiny for many organisations surrounds how to improve supply chain efficiency. This...

Addressing Regulatory Compliance in Government-Owned, Single-Use Devices

Nadav Avni • 26th March 2024

Corporate-owned single-use (COSU) devices, also known as dedicated devices, make work easier for businesses and many government agencies. They’re powerful smart devices that fulfil a single purpose. Think smart tablets used for inventory tracking, information kiosks, ATMs, or digital displays. But, in a government setting, these devices fall under strict regulatory compliance standards.

Advantages of Cloud-based CAD Solutions for Modern Designers

Marius Marcus • 22nd March 2024

Say goodbye to the days of clunky desktop software chaining us to specific desks. Instead, we’re stepping into a new era fueled by cloud CAD solutions. These game-changing tools not only offer designers unmatched flexibility but also foster collaboration and efficiency like never before!