Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Privacy News

The Viral Smart Toothbrush Botnet Story Is Not Real (404media.co) 52

Posted by BeauHD from the false-alarm dept.
On Tuesday, The Independent, Tom's Hardware, and many other tech outlets reported on a story about how three million smart toothbrushes were used in a DDoS attack. The only problem? It "didn't actually happen," writes Jason Koebler via 404 Media. "There are no additional details about this apparent attack, and most of the article cites general research by a publicly traded cybersecurity company called Fortinet which has detected malicious, hijacked internet of things devices over the years. A search on Fortinet's website shows no recent published research about hacked smart toothbrushes." From the report: The original article, called "The toothbrushes are attacking," starts with the following passage: "She's at home in the bathroom, but she's part of a large-scale cyber attack. The electric toothbrush is programmed with Java, and criminals have unnoticed installed malware on it - like on 3 million other toothbrushes. One command is enough and the remote-controlled toothbrushes simultaneously access the website of a Swiss company. The site collapses and is paralyzed for four hours. Millions of dollars in damage is caused. This example, which seems like a Hollywood scenario, actually happened. It shows how versatile digital attacks have become." [...]

The "3 million hacked smart toothbrushes" story has now been viral for more than 24 hours and literally no new information about it has emerged despite widespread skepticism from people in the security industry and its virality. The two Fortinet executives cited in the original report did not respond to an email and LinkedIn message seeking clarification, and neither did Fortinet's PR team. The author of the Aargauer Zeitung story also did not respond to a request for more information. I called Fortinet's headquarters, asked to speak to the PR contact listed on the press release about its earnings, which was published after the toothbrush news began to go viral, and was promptly disconnected. The company has continued to tweet about other, unrelated things. They have not responded to BleepingComputer either, nor the many security researchers who are asking for further proof that this actually happened. While we don't know how this happened, Fortinet has been talking specifically about the dangers of internet-connected toothbrushes for years, and has been using it as an example in researcher talks. In a statement to 404 Media, Fortinet said "To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred."
This discussion has been archived. No new comments can be posted.

The Viral Smart Toothbrush Botnet Story Is Not Real More

The Viral Smart Toothbrush Botnet Story Is Not Real

Comments Filter:

  • They came clean (Score:5, Funny)

    by burtosis ( 1124179 ) on Thursday February 08, 2024 @05:24PM (#64225748)
    Really they should regularly check up on these matters before printing the articles, but at least they are brushing up on suppressing fake news.

  • The real question (Score:3)

    by smooth wombat ( 796938 ) on Thursday February 08, 2024 @05:29PM (#64225764) Journal

    Why the hell is a toothbrush connected to the net? There is no logical or justifiable reason to do so.

    • Re: (Score:2)

      by Ksevio ( 865461 )

      I guess they do some smart mapping of your mouth while you brush or something. Could also set up some automations to go with brushing like a reminder if you haven't done it (or a kid hasn't done it) or trigger a bedroom light or something at night when you're done brushing.

      Granted, most of the things I can come up with only require a local connection to your toothbrush, but that's also how most connect. Most I've seen connect via bluetooth (I can even see my neighbors smart toothbrush via bluetooth!) with

      • I guess they do some smart mapping of your mouth while you brush or something. Could also set up some automations to go with brushing like a reminder if you haven't done it (or a kid hasn't done it) or trigger a bedroom light or something at night when you're done brushing.

        Granted, most of the things I can come up with only require a local connection to your toothbrush, but that's also how most connect. Most I've seen connect via bluetooth (I can even see my neighbors smart toothbrush via bluetooth!) with only a couple using WiFi

        Most of this shit I've seen is to prevent parents from having to get off the couch to check if the kids are actually brushing their teeth. "App says they brushed for this many minutes. Cool." I have yet to see anything on smart toothbrushes that does anything more than time usage and maybe pressure while being used. What use that is to anybody outside of the parents not wanting to stand there watching their kids brush? I have zero clue. Unless we've gamified so much of our lives that there's some forum some

        • Re: (Score:2)

          by drnb ( 2434720 )
          We'll have greater utility in gen 2 smart toothbrushes where they add a camera and it does a dental exam while brushing. :-)

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      I don't think they are. I've seen Bluetooth ones that come with an app to provide timing and pressure advice, but never WiFi.

      Same with bathroom scales and the like.

    • Things today connect to a mobile phone and you set the settings, it's cheaper than screen and buttons and it is sort of expected for the high end of any electronics. Some items can be connected to a local net only, most people don't know or care and leave them on the open net to connect to them. Just speculating, they could include in the app: battery level, intensity and duration settings, usage statistics, health advice, toothpaste advertisements, advertisement about their other personal care products, re

    • Re: (Score:2)

      by drnb ( 2434720 )

      Why the hell is a toothbrush connected to the net? There is no logical or justifiable reason to do so.

      In theory they can remind you if you are brushing too infrequently or for too short a duration.

      We won't really have significant utility until they add a camera that allows it to do a AI based dental exam and send imagery to your dentist. :-)

    • Re: (Score:3)

      by gweihir ( 88907 )

      It is entirely logical: The vendor wants your data and wants to show you ads. Oh you mean for the user? Who cares about their users these days? People are just sheep to be exploited.

    • Re: (Score:2)

      by Tablizer ( 95088 )

      Logic? This is Earth. Its product-purchasing population consists mostly of humans.

  • Actually it was army of vibrators performing DoS.. (Score:4, Funny)

    by Lavandera ( 7308312 ) on Thursday February 08, 2024 @05:30PM (#64225770)

    The true story was that it was army of vibrators that performed DoS

    After they have been upgraded with AI they started to behave like husbands..

  • Struck me as weird because most of the smart tooth brushes advertised that I've seen have been Bluetooth to a phone. Full wifi server on a toothbrush seems like it'd be pretty hard on the battery. And an infrequently on Bluetooth toothbrush seemed like it'd be pretty hard to build a botnet around, but never know these days.
    • There is at least one model of toothbrush I find online that has a Wi-Fi connected base station. (I didn't look for more models once I saw that one exists, so I don't know how many others there might be.) It boasts of having Alexa integration ... though I can't imagine what the point of that is.
      • It's so Alexa can ask you questions while you've got the toothbrush in your mouth, of course. Get that real "at the dentist" experience.

      • Re: (Score:2)

        by Ksevio ( 865461 )

        That's the big problem. There are only a few models that even have direct internet connectivity and I can't imagine there are enough of them to create a meaningful botnet

  • Just a hunch... (Score:3)

    by bickerdyke ( 670000 ) on Thursday February 08, 2024 @05:37PM (#64225790)

    It's just a hunch, but I'd guess that at some point during the writing of the story a generative AI was involved....

    • Re: (Score:2)

      by drnb ( 2434720 )

      It's just a hunch, but I'd guess that at some point during the writing of the story a generative AI was involved....

      Well Google translate did a translation of the original German. Supposedly the translation included a quote indicating the story is true.

  • I don't think we needed another article telling us it was bullshit. It was painfully obvious.

    • Re:The Story Was Too Stupid To Believe Anyway. (Score:4, Informative)

      by klubar ( 591384 ) on Thursday February 08, 2024 @05:57PM (#64225872) Homepage

      Up there with the equally bogus story of the washing machine upload (or downloading) 3 GB of data a day. Something about all the space that needs to be filled.

      But like many false tech stories this will live on.

      According to one uncited study, abut 41% of Americans use "electric" toothbrushes, but this study (https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7133541/) strongly supports the hypothesis that electric toothbrushes do a better job at reducing plaque and gingivitis mthan manual toothbrushing in the short and long term..

      • I file this under fear mongering. Anything that can add on to an already paranoid world has to be good.

      • Up there with the equally bogus story of the washing machine upload (or downloading) 3 GB of data a day.

        Was that story debunked? Washing machines do have connectivity and it's certainly possible for badly written software to go wrong.

        • Re: (Score:1)

          by Anonymous Coward

          IIRC there was a bug in the router's software that was incorrectly measuring the data usage of the device

          • It was really a buggy router story, but since anyone can be a 'journalist' now such bad reporting can't make a blogger lose their job - and so the bad news reporting just multiplies. Eventually no one will be listening to anyone, just like social media.

      • Up there with the equally bogus story of the washing machine upload (or downloading) 3 GB of data a day. Something about all the space that needs to be filled.

        That story wasn't bogus, it just had a cause attributed attributed incorrectly. These are two very different things. This story here is about something that never happened and never was said. That washing machine was really at someone's house and that person really did see 3GB of data a day.

        Being wrong and being a fantasy are two different things. This case falls under the latter.

      • Re: (Score:2)

        by mspohr ( 589790 )

        I'm waiting for the toasters to take over.

    • Re: (Score:1)

      by gweihir ( 88907 )

      Not at all. There are reference cases for something like this using insecure IoT crap devices.

      • 'Like This." Not this. I won't even bring up the fact that if your fucking toothbrush is launching DDOS attacks etc. you have been eating too many mushrooms. Check your sig and apply here.

        • Re: (Score:1)

          by gweihir ( 88907 )

          Well, you sure are ignorant about the more recent history of IT security. That does not make that history go away, it just makes you clueless.

          • I am very aware of IoT threats. This isn't one of them. Sorry. Now run along before you want to talk about something that actually makes sense. I don't see any links you have posted invalidating my statement.

  • seems unlikely that smart toothbrushes have cpu / battery power to do one.
    Unless they are docked in the changer then maybe something.

    • seems unlikely that smart toothbrushes have cpu / battery power to do one. Unless they are docked in the changer then maybe something.

      Would have been more plausible to say they were mining crypto while docked.

  • Thanks for the correction.

    Far too much fake news gets uncorrected.

  • It's obvious BS - to /. readers perhaps. It won't be to many, and if it puts a little more fear or doubt about the "internet of things" that is a good thing. The more folk are startled about their privacy and security the less they will go with the easy option, AKA "adopt the position".
  • 2025 will be the year of the smart toothbrush botnet?
  • This story is too good for it to be bogus.

    Someone will make it true very very soon. I can't wait!

    • Re: (Score:2)

      by drnb ( 2434720 )

      This story is too good for it to be bogus.

      Someone will make it true very very soon. I can't wait!

      Yes and no. The coming hack will probably mine crypto while docked in the charger.

  • We have seen attacks that are close enough, among them DDoS from small and very small IoT devices. I distinctively remember one "record" DDoS that was small IoT devices that did not even really have storage and only got infected non-persistently in RAM.

    The issue is that there is no profit in doing things competently in the IoT space. Even only getting a competent security evaluation (not fixes) runs you something like $20'000. Getting a security aware dev (like I educate on Bachelor's level) is difficult, b

  • GO Journalism! (Score:3)

    by Fly Swatter ( 30498 ) on Friday February 09, 2024 @12:02AM (#64226606) Homepage
    Oh wait...

    This is why you don't report social media as 'news'. It is also why an AI should not be allowed to report 'news' either.
  • Thanks for letting me know which sites to avoid.
  • ... on the way from that company's publication into general public media. Happens all the time, and on many, many topics.

Slashdot Top Deals

Congratulations! You are the one-millionth user to log into our system. If there's anything special we can do for you, anything at all, don't hesitate to ask!

Close