We already know that hackers from NSA / FSB / PLA are working day and night on nation-state level attacks. They divert toilet tissue deliveries and hack traffic signals to raise my blood pressure to a tipping point where, presumably, I am supposed to demand local regime change?
Now I have to worry about passing drones using blinkenlights to Stuxnet my wool wash and shrink my merino socks? Brilliant. Bloody brilliant.
It’s like the most banal version of Battlestar Galactica ever but instead of an alien intelligence leveraging computer integration to attack mankind from within, it’s a guy in a t-shirt in a sweaty bunker filling my dishwasher to the brim with cold water then laughing at me via my Ring camera as he watches me flood my kitchen.
Pretty cool for BSH and Miele to hop on a call with the researchers just to make sure there were no issues they were unaware of. Sounded like it was productive and positive for everyone involved. Hopefully they don't start doubling down on hardware security though :p
The optical communication for the Miele was pretty interesting too. I'm assuming it's to prevent moisture from corroding a port of some kind. Does anyone know of other devices this is used in or other benefits to this?
> I'm assuming it's to prevent moisture from corroding a port of some kind.
The primary value discussed in the talk was electrical isolation since there's mains voltage in the appliance and the potential for shorts or inadequate isolation would require some kind of isolation, so a path that optically isolates the communication makes quite a bit of sense.
I'm also curious if other devices have gone this route.
LG appliances at least used to use acoustic signaling for diagnostics: hold a phone up and the washer makes some modem-esque (I think it’s 4-tone / 4-FSK) noises and the app or technician can diagnose issues. It was originally engineered to even work over voice codecs, so a customer without a smartphone could relay the diagnostic session to a technician.
There are lots of examples on YouTube, this one seems succinct: https://youtube.com/shorts/3Eb315vL9uw . They picked good tones to make it satisfying IMO. I don’t know of anyone who’s reversed the bitstream in public, though, but it doesn’t seem like it should be very hard.
That's a great example, thanks! I was looking for "LG Smart Diagnostics" and "audio" and then "LG Acoustic Diagnostics" and found TVs calibrating their audio playback but not this. Trying "LG Audible Diagnosis" found a bunch like yours.
That's some advanced gatekeeping right there. Where other appliances might have a blink code or several digit error display (Miele) to look up in a manual, the phone method tires you to the manufacturer.
The support hotline will ask you to hold your phone towards the device. It is less error-prone (than a human) and contains more info than a blink code. I find it really clever.
The absolutely "leetest" thing I have ever seen was a device where the firmware update was to be done by:
1. Hold a button while booting (pretty normal)
2. This reconfigures the circuit path of one of the LEDs so it is reverse-biased to VCC via its resistor and switches one of the microcontroller GPIOs to ADC input
3. You go to a website that plays a strobe pattern (encoding the firmware)
4. You hold that website in front of the LED till other LEDs blink, signifying a successful update
They could have done this using a photodiode, but no, they had to abuse an LED. Not many people are aware that LEDs can in a certain configuration be used to measure light.
Electric meters often blink a signal LED for every X kWh, so other devices can read the signal. I'm not sure if this is used for bidirectional communications, though.
Alternatively, I guess you could also use really thin cables to carry the low voltage paths; and that act as fuses, if ever a lot of current at high voltage was flowing across them? But probably not very reliable both in regular operation and as fuses.
We have a Miele washing machine and a Miele dryer. Solid machines all around even after years of use.
Fusible traces aren’t uncommon - but they would effectively destroy the device if current limits are exceeded, and they certainly would be if the power supply is non-isolated, so it wouldn’t actually be a solution to the firmware update problem.
The usual solution here is an optical coupling of some kind - optocouplers (a box with a LED, photodiode, and air gap between them) are very common for this purpose, and are an inexpensive and effective option for digital signaling across an isolation boundary.
In this case they’ve basically built a custom optocoupler out of discrete components, which is a bit unusual, but makes sense when you consider the risk of corrosion due to water ingress at the diagnostic ports, and the need to access it while - for example - a dishwasher cycle is running.
Very interesting talk! I think it is quite cool that Miele and BSH reached out when they saw the event announcements to make sure there are not any issues they're not aware of. Seems like a productive experience for all involved!
The WiFi implementation was interesting to me, I am glad that it is reasonably safe. I understand much of the skepticism around these kinds of features, but I also see the value in many settings. As long as they remain optional, I think the benefits outweigh the drawbacks. Kudos for BSH having good developer documentation and a local mode. I feel like a local mode should be mandatory, for safety and support reasons
Whenever someone brings up washing machines and software, I am always reminded of Forth[0]:
As an example, imagine a microprocessor-controlled washing
machine programmed in Forth. The ultimate command in your
example is named WASHER. Here is the definition of WASHER,
as written in Forth:
: WASHER WASH SPIN RINSE SPIN ;
I'm "fearful" of a future where every random appliance needs to be connected to the internet in order to function at all. I hope some legislation gets passed (in the EU in my case) that forces manufacturers to ensure the machine works offline and connecting it is purely an opt-in feature.
This might also need some kind of certification. Some sort of independent industry-financed lab atmosphere. I think UL (Underwriters Laboratories) worked that way.
Most washing machines use a wax motor to lock the door, it heats up wax to cause it to expand when it melts, which drives a pin. They're fairly failsafe as if you kill power, they will open no matter what.
Latching relays/(technically solenoid) could be driven on/off fast, the downside is in a power cut or an emergency, the relay wouldn't release unless specifically driven so.
So the third option is a momentary solenoid, which would need to be powered the whole time the door is shut, and they require a surprisingly significant amount of power. Typically 10-20w. Negligible when it compares to the KW+ heating elements, but they do add up for the energy ratings..
Fwiw, I currently have a haier, which does have one of the second options, and opens immediately after a wash and it's amazing. Can't go back.
But, wax motors continue to be used because they're just the right tool for the job.
You can still buy machines without the lid lock. They use an alternative design that can stop motion quickly enough to meet safety standards. I can open the lid on my washer in the middle of a heavy spin cycle at max RPM if I want to, but it will brake aggressively and come to a halt within 1-2 seconds. Being able to add laundry mid-cycle without asking permission from the computer is really nice.
Now I have to worry about passing drones using blinkenlights to Stuxnet my wool wash and shrink my merino socks? Brilliant. Bloody brilliant.
It’s like the most banal version of Battlestar Galactica ever but instead of an alien intelligence leveraging computer integration to attack mankind from within, it’s a guy in a t-shirt in a sweaty bunker filling my dishwasher to the brim with cold water then laughing at me via my Ring camera as he watches me flood my kitchen.
[Very cool talk, thanks for sharing :) ]
The optical communication for the Miele was pretty interesting too. I'm assuming it's to prevent moisture from corroding a port of some kind. Does anyone know of other devices this is used in or other benefits to this?
The primary value discussed in the talk was electrical isolation since there's mains voltage in the appliance and the potential for shorts or inadequate isolation would require some kind of isolation, so a path that optically isolates the communication makes quite a bit of sense.
I'm also curious if other devices have gone this route.
[1] https://github.com/kabelincho/LG-Smart-Diagnostics-modem
1. Hold a button while booting (pretty normal)
2. This reconfigures the circuit path of one of the LEDs so it is reverse-biased to VCC via its resistor and switches one of the microcontroller GPIOs to ADC input
3. You go to a website that plays a strobe pattern (encoding the firmware)
4. You hold that website in front of the LED till other LEDs blink, signifying a successful update
They could have done this using a photodiode, but no, they had to abuse an LED. Not many people are aware that LEDs can in a certain configuration be used to measure light.
Do you mean by mimicking the noises themselves?
https://en.wikipedia.org/wiki/IEC_62056
We have a Miele washing machine and a Miele dryer. Solid machines all around even after years of use.
The usual solution here is an optical coupling of some kind - optocouplers (a box with a LED, photodiode, and air gap between them) are very common for this purpose, and are an inexpensive and effective option for digital signaling across an isolation boundary.
In this case they’ve basically built a custom optocoupler out of discrete components, which is a bit unusual, but makes sense when you consider the risk of corrosion due to water ingress at the diagnostic ports, and the need to access it while - for example - a dishwasher cycle is running.
The WiFi implementation was interesting to me, I am glad that it is reasonably safe. I understand much of the skepticism around these kinds of features, but I also see the value in many settings. As long as they remain optional, I think the benefits outweigh the drawbacks. Kudos for BSH having good developer documentation and a local mode. I feel like a local mode should be mandatory, for safety and support reasons
Latching relays/(technically solenoid) could be driven on/off fast, the downside is in a power cut or an emergency, the relay wouldn't release unless specifically driven so.
So the third option is a momentary solenoid, which would need to be powered the whole time the door is shut, and they require a surprisingly significant amount of power. Typically 10-20w. Negligible when it compares to the KW+ heating elements, but they do add up for the energy ratings..
Fwiw, I currently have a haier, which does have one of the second options, and opens immediately after a wash and it's amazing. Can't go back.
But, wax motors continue to be used because they're just the right tool for the job.
"I'm sorry Dave but I'm afraid I can't do that"