3 Million Malware-Infected Smart Toothbrushes Used In Swiss DDoS Attacks [UPDATE] (tomshardware.com) 56
An anonymous reader quotes a report from Tom's Hardware: According to a recent report published by the Aargauer Zeitung (h/t Golem.de), around three million smart toothbrushes have been infected by hackers and enslaved into botnets. The source report says this sizable army of connected dental cleansing tools was used in a DDoS attack on a Swiss company's website. The firm's site collapsed under the strain of the attack, reportedly resulting in the loss of millions of Euros of business. In this particular case, the toothbrush botnet was thought to have been vulnerable due to its Java-based OS. No particular toothbrush brand was mentioned in the source report. Normally, the toothbrushes would have used their connectivity for tracking and improving user oral hygiene habits, but after a malware infection, these toothbrushes were press-ganged into a botnet.
Stefan Zuger from the Swiss branch of the global cybersecurity firm Fortinet provided the publication with a few tips on what people could do to protect their own toothbrushes -- or other connected gadgetry like routers, set-top boxes, surveillance cameras, doorbells, baby monitors, washing machines, and so on. "Every device that is connected to the Internet is a potential target -- or can be misused for an attack," Zuger told the Swiss newspaper. The security expert also explained that every connected device was being continually probed for vulnerabilities by hackers, so there is a real arms race between device software/firmware makers and cyber criminals. Fortinet recently connected an 'unprotected' PC to the internet and found it took only 20 minutes before it became malware-ridden. UPDATE 1/7/24: This attack "didn't actually happen," writes Jason Koebler via 404 Media. "There are no additional details about this apparent attack, and most of the article cites general research by a publicly traded cybersecurity company called Fortinet which has detected malicious, hijacked internet of things devices over the years. A search on Fortinet's website shows no recent published research about hacked smart toothbrushes."
The cybersecurity firm Fortinet said in a statement: "To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred. FortiGuard Labs has not observed Mirai or other IoT botnets target toothbrushes or similar embedded devices."
Stefan Zuger from the Swiss branch of the global cybersecurity firm Fortinet provided the publication with a few tips on what people could do to protect their own toothbrushes -- or other connected gadgetry like routers, set-top boxes, surveillance cameras, doorbells, baby monitors, washing machines, and so on. "Every device that is connected to the Internet is a potential target -- or can be misused for an attack," Zuger told the Swiss newspaper. The security expert also explained that every connected device was being continually probed for vulnerabilities by hackers, so there is a real arms race between device software/firmware makers and cyber criminals. Fortinet recently connected an 'unprotected' PC to the internet and found it took only 20 minutes before it became malware-ridden. UPDATE 1/7/24: This attack "didn't actually happen," writes Jason Koebler via 404 Media. "There are no additional details about this apparent attack, and most of the article cites general research by a publicly traded cybersecurity company called Fortinet which has detected malicious, hijacked internet of things devices over the years. A search on Fortinet's website shows no recent published research about hacked smart toothbrushes."
The cybersecurity firm Fortinet said in a statement: "To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred. FortiGuard Labs has not observed Mirai or other IoT botnets target toothbrushes or similar embedded devices."
Yay fake news (Score:5, Informative)
https://cyberplace.social/@Gos... [cyberplace.social]
Re:Yay fake news (Score:5, Funny)
You can't brush this off so easily! It's time we put some teeth into security requirements, to prevent our people from getting cleaned out. FLOSS, anything else stinks.
Re: (Score:2)
Oh, gum on! That's too many dam puns.
Re: (Score:2)
Because Joe.Random on Mastodon said so?
Re: (Score:2)
Re: (Score:2)
A simple assertion means little no matter who says it unless they personally witnessed what they are reporting. Corroborating evidence, however, is worthwhile. Personally, I considered the story "disputed" until further reports that it was fake. NOW it's "fake".
nope (Score:2)
Not this time.
Liability for attacks (Score:2)
At some point, I think the victim should be allowed to sue the manufacturers of such devices.
It's the only way it's going to stop this problem from spiraling out of control.
Re: (Score:2)
Ooops. My bad. The story isn't true.
Re: (Score:2)
Re: (Score:2)
Fake story aside, people should stop buying Internet connected things.
Like nothing but your phone and PC need to be connected to the Internet. No lights, no heating, no nothing. Use old school thermostats and switches. You can open the fridge door to see if you need mayo and write it on a pad magnetically attached to the fridge door if you do.
(Subject Goes Here) (Score:3)
In Soviet Russia toothb... oh wait, nevermind.
Why. (Score:4, Insightful)
“I needed to charge my phone, but my friend was using the only outlet to charge his book and cigarette. The future is stupid.”
I know this stupid ‘smart’ toothbrush will be sold on the merits of ‘track your brushing habits, ensure you brush long enough, automatically re-order brush heads, compete with your friends on social media for most hours spent brushing’ and other, pointless ‘features’. This is all stupid.
Re: (Score:2)
Cryptocurrency (Score:2)
Why, I ask; does *anyone* want an INTERNET CONNECTED TOOTHBRUSH.
It mines cryptocurrency while on the charger.
On a more serious note, the next hack will probably have the 3M toothbrushes mining crypto for the hacker.
Re: (Score:2)
I was wondering where I could buy internet connected knives and forks. By knowing what we eat, could organize menus...
Hey, I think I will try to get funding with such a good idea.
Re: (Score:2)
I was wondering where I could buy internet connected knives and forks. By knowing what we eat, could organize menus...
Hey, I think I will try to get funding with such a good idea.
v1.0 will probably have to limit its goal to portion control. How much the forks and knives are in motion.
v2.0 is where you can add the cameras to identify the food being eaten.
Don't try to do to much in v1.0, your less likely to get investors. Good luck.
Re: (Score:3)
Why, I ask; does *anyone* want an INTERNET CONNECTED TOOTHBRUSH.
Remember how we used to joke here about people trying to network their toasters? Yep, we're there.
Ya, but ... (Score:5, Funny)
Despite the apparent use of FLOSS, this can't simply be brushed off and the perpetrators won't receive a plaque for their achievement.
Re: (Score:2)
Anyone working on a pull request?
Re: (Score:2)
Why the heck is it called a "pull request" by gihub users? You can "pull" all you want but it won't change anything if the code isn't merged. That's why it is called a "merge request", I always use the term "merge request".
Re: (Score:2)
> Why the heck is it called a "pull request" by gihub users?
*that* uncle and his finger, of course!
Perfect (Score:2)
Am I the only one that loves that this happened?
Re:Perfect (Score:4, Funny)
Maybe, since it never "happened".
Presumably... (Score:3)
Smart toothbrushes??? (Score:5, Insightful)
Okay... unlike, it seems, a lot of slashdot these days; I remain wholeheartedly optimistic, impressed, and enthusiastic about technological progress; and by no means want it to stop. But smart toothbrushes? Why are these even a thing???
I mean... I use a Sonicare myself. And it does the thing where it beeps to remind me to switch from front to back then top to bottom and shuts off when done. But that's just a timer. Just how in the name of almighty Cthulhu's butthole would WiFi and an internet connection ever benefit my teeth cleanings? Do they have sensors to monitor and make sure everything is properly cleaned? 'Cuz that's the only possible use I can think of for an online toothbrush. And I've been brushing my teeth my entire life. I don't think I need any online guidance or to post to HealthKit when I do.
Re: (Score:3)
Parenting made easy.
1. Give kids 'smart' toothbrush.
2. Give kids 'smart' electric shock bracelet.
3. IFTTT toothbrush not used by 8am, bracelet turns on.
Re: (Score:2)
Re: (Score:2)
Its a joke, there is no use case for a connected toothbrush.
Re: (Score:2)
Just how in the name of almighty Cthulhu's butthole would WiFi and an internet connection ever benefit my teeth cleanings?
Are you that clueless you can't see it's for the benefit of the manufacturer, not the customer? It's become a bit of a thing lately...
Do you live in a totalitarian state where you are issued a wifi enabled toothbrush so the gov't could monitor you brushing habits? Here is the US, and I presume the EU as well, toothbrushes are still chosen by their users. So the user / customer has to see some utility for them to pick the wifi toothbrush.
Re: (Score:2)
I was in the market for a new one recently, and today I pat myself a bit on the shoulder for not picking the next-up model which would've had "smart" features. So yes, exactly what you say: The "smart" features is essentially a "nanny-me" package. It would report when and for how long you cleaned your teeth and if you did it properly. You know, if you like to make a spreadsheet out of your morning routine. I see about... 23 customers world-wide for whom that would be a god-given amazing feature that they re
java (Score:2)
They lost me when they talked about the toothbrush running java.
Re: (Score:2)
That's the moment that got me! The whole thing went from preposterous to magical.
I wonder about two meetings. The first, committing to the idea of an online toothbrush (WTF). The second, the decision to use Java to power the idea (WTF^2).
And then the events. First, people bought the thing, millions of people (WTF). The second, someone thought to target the toothbrushes (not surprising really).
It's a fantastic story about an idea where crazy people (everyone involved) realize their whims creating and ex
Re: (Score:1)
Hah, good for those java toothbrush weenies. Those of us in the know use PHP platformed toothbrushes! I'm a power user with wordpress and drupal in mine.
Re: (Score:2)
My AI chatbot runs in my toothbrush, while I'm brushing, and makes these comments for me.
v2 has a camera for cavity detection (Score:2)
That's the moment that got me! The whole thing went from preposterous to magical.
I wonder about two meetings. The first, committing to the idea of an online toothbrush (WTF). The second, the decision to use Java to power the idea (WTF^2).
And then the events. First, people bought the thing, millions of people (WTF). The second, someone thought to target the toothbrushes (not surprising really).
It's a fantastic story about an idea where crazy people (everyone involved) realize their whims creating and exercising a most unlikely attack vector.
They had a meeting regarding v2, it'll have a camera for cavity detection.
Re: (Score:2)
"Millions in lost revenue due to a DDoS on the company website" sounds like bullshit as well
Re: (Score:2)
They lost me when they talked about the toothbrush running java.
Yeah, python would have seemed much more believable.
Seriously, python is an option on microcontrollers. Micro python, circuit python.
Re: (Score:2)
Took me forever to get the GC tuning dialed on my toothbrush, it kept crashing when I'd switch bottom to top. Now the pauses are hardly noticeable.
Confounded IoT Hackers! (Score:2)
Confound those rotten hackers! No one can enjoy the simple pleasures of online gadgets safely anymore. I'm going to go and do something about all of this crackery, right after I clean my teeth.
Mmmmfmghmffff splthhhhhhh Mffggghhhhhhhhhch
It's actually a good thing. (Score:2)
dreams of conquest (Score:2)
'Heh heh heh- my secret plan to enslave the world using toothbrushes is working! Next my Internet-connected toilet plungers will infiltrate the Pentagon and bring the military to its knees! I will be flushed with happiness! Finally, my cooling fans from hell will empty server rooms of air and choke the techs and make motherboards burn up! Nyar har har!' ...
"Mr. Gates? Mr Gates? Wake up. You were moaning in your sleep, sir. Something about "
"...and sharks with frikking laser beams too!"
Re: Time to BAN the Apple iBrush Pro! (Score:2)
Who decides which users 'deserve' encryption protection from the government and who does not? The government? What could possibly go wrong...
Good old "Internet of crappy things" (Score:2)
We need vendor liability for any and all damages in such cases. Unless they prove sound IT security practices and provide security updates for the full lifetime of the device, theis should always automatically be gross negligence and they need to prove differently.
Without that liability, nothing will get better and the situation will get worse and worse.
Beware (Score:2)
A hacked toothbrush can make your teeth fall on hacker's whim, so all you IOT-loving guys better update your firewall and AV products immediately.
Re: Beware (Score:2)
What? By removing the batteries your smart toothbrush simply reverts to a plain toothbrush.
A hacked toothbrush can still take a smear of toothpaste and the bristles are still capable of brushing one's teeth with no more effort if the internal computer is on or off.
The smart toothbrush does not rely on its 'smarts' to function as a toothbrush...
Why do I feel so helpless... (Score:2)
30 years ago, I thought I had lost my mind the first time I asked someone to take a picture with their phone. I still remember how weird those words felt in my mouth. And then 10 years ago, I saw a new-in-the-box sewing machine with "Runs Windows!" plastered on the side. I thought then I had truly lost my mind. Were there device drivers for sewing machines baked into windows? Should I search for my windows directory for "bobbin.dll"?
But today is a new day, when my toothbrush runs windows and my roomba
why... (Score:2)
Re: why... (Score:2)
They wanted to post their brushing regimen like FarmVille and wordle "accomplishments"?
Re: (Score:2)
If we can't secure toothbrushes... (Score:2)
If we can't secure toothbrushes, how in the world can we think we'll be able to secure/control A. I. Going forward?
Seriously, the world really needed internet-connected toothbrushes? What dental crisis justified littering the internet with several million weakly protected systems?