Is Your Dishwasher Trying To Kill You?

Does every device in your home really need to be connected to the internet? And could it be turned against you? Jake Moore, Cyber Security Specialist at ESET explains more:

If you try to purchase a new appliance these days, there is a good chance you will be guided toward the most up-to-date, state-of-the-art, smart appliances first. Whether you are in the market for a new dishwasher, fridge or even toaster, the chances are there is an internet-enabled device waiting to target you, but why the increase in IoT (internet of things)? Do we really crave every item in our houses to be smart, or do these companies have something a little more sinister up their sleeves where they actually just make things smart in order to learn more about us?

From the toothbrush that sends you a notification in the form of a graph of how well you brushed your teeth in the morning to the smart fork that senses if it thinks you’re eating too fast (I really am not making this up), we might just be walking into a future of IP-connected mayhem. IoT has boomed in the last decade and while I love a good gadget with a truly smart capability, where should we draw the line?

Some devices are arguably being produced with internet capability just for the sake of it. With more and more smart products coming to market as standard, what if I really don’t want an internet-connected washing machine? Does it make my life easier? And what about the security implications of having all these extra IP addresses in the home? Let’s not forget the saying that the ‘S’ in ‘IoT’ stands for security!

Data collectors

I was recently in the market for a new dishwasher and after lots of research, I found one that came highly reviewed and recommended. It happened to come with smart functionality by default and an app to download for all your smart home needs – apparently. I found a statement in marketing material about IoT dishwashers suggesting that you can take advantage of knowing ‘how long until the wash is done’, though I don’t see that as much of an issue when I’m out and about. I’m not sure about you, but this usually isn’t on my mind when I go out for a walk; then again, I guess they are catering for all people.

Such smart appliances are often around the same price as their equivalent non-smart model now too. Now I know I didn’t really need my dishwasher to be smart, but it was the same price and the techie inside me actually wanted to know its capabilities or to see if it could improve my life somewhat, so I carried on with the purchase and installed the app.

While setting up the app on my iPhone, I noticed a lot of data was being collected and linked to me, including my location, user content and contact info plus other identifiers. I went through all the settings and discovered a lack of two-factor authentication too, but this is typical with a lot of IoT.

Once I’d connected the app to the dishwasher, I wanted to see what type of connectivity I could take advantage of. I played around with the app for a bit and learned what was on offer. I opened the door to load the dishwasher, but I was soon interrupted as I had been sent a notification. I checked my phone and realized that I had been notified that the door had been opened…. I know! I opened it!

I quickly turned this notification off, but I soon found the app was not all that intuitive and in fact quite cumbersome. Later that evening and although I could have turned it on remotely, I was standing right next to it as I had just placed the last plate in; although I had my tablet with me, it was far quicker to turn it on physically, and like the reviews said, the dishwasher was refreshingly quiet when it started.

However, two hours later, it all changed in the house. I was standing next to my new appliance when and the door began to open on its own accord as if it was possessed and was coming after me! Had my dishwasher been hacked and was now riddled with malware being remotely operated in order to kill me?! As the steam rose from the glistening plates, I soon realized that it was in fact the automatic door-opening feature that had sprung into action to improve the “drying performance”.

Ok, I overreacted a little, but this strange new spaceship-like feature caught me off guard and made me jump in the process. However, what this ordeal made me question was whether appliances and other gadgets really need to be smart? In this case, I am certain that the app was not, in fact, making my life more streamlined, so I deleted the app and made a conscious effort to stand clear of the door near the end of a cycle.

My hypothesis is that companies are in desperate need of our data. Cars have been sending a wealth of information back to their manufacturers for many years now and they are often the first to tell you that you have gone over the 10,000 miles threshold and now require service. This is now the norm for other gadgets around the home and we are seemingly willingly accepting this.

However, this information could be used against us if it were to get into the wrong hands. Malicious actors are constantly attacking websites looking for data and unfortunately some personal data inevitably still gets compromised and ends up on the dark web. Theoretically, threat actors could gain access to this live data in the cloud and even learn our daily habits, which could include when we have vacated the premises.

Although I am not aware of any data leaks involving smart household appliances, it is worth noting that these devices suck up a lot of personal data and store it in the cloud for multiple purposes – with, in my personal opinion, very little of this trade-off actually helping the products. This data trove can be seen as currency to some stakeholders and could be targeted so we must limit the amount of data we release in the first place.

If your device has to be internet enabled to function, consider reducing the amount of data you hand over to the developers of smart products. Furthermore, use unique passwords or passphrases, enable two-factor authentication where possible, and keep your devices updated to steer clear of as many vulnerabilities as possible.

Just consider this: If a malicious actor were to hold my dishwasher to ransom, there is a good chance they would get my money as I really hate washing up that much. So, until smart dishwasher apps come with being able to load the dishwasher, put the dishes in and unload it after a wash as standard, I think I’ll stick to traditional appliance usage in the kitchen for now.

Follow Jake on Linkedin for more insights into Cyber Security.

Jake Moore

Jake is a Cyber Security Specialist for ESET, Europe's number one internet security and antivirus company.

Ab Initio partners with BT Group to deliver big data

Luke Conrad • 24th October 2022

AI is becoming an increasingly important element of the digital transformation of many businesses. As well as introducing new opportunities, it also poses a number of challenges for IT teams and the data teams supporting them. Ab Initio has announced a partnership with BT Group to implement its big data management solutions on BT’s internal...

WAICF – Dive into AI visiting one of the most...

Delia Salinas • 10th March 2022

Every year Cannes held an international technological event called World Artificial Intelligence Cannes Festival, better known by its acronym WAICF. One of the most luxurious cities around the world, located on the French Riviera and host of the annual Cannes Film Festival, Midem, and Cannes Lions International Festival of Creativity. 

Bouncing back from a natural disaster with resilience

Amber Donovan-Stevens • 16th December 2021

In the last decade, we’ve seen some of the most extreme weather events since records began, all driven by our human impact on the plant. Businesses are rapidly trying to implement new green policies to do their part, but climate change has also forced businesses to adapt and redefine their disaster recovery approach. Curtis Preston,...