Smart Toothbrushes Used in Swiss DDoS Attack

UPDATE

Tom’s Hardware has confirmed that the Smart Toothbrush attack was actually just a hypothetical situation. Fortinet the security firm behind this hypothetical attack acquired the following statement from the firm:

“To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred.” Fortinet further added “FortiGuard Labs has not observed Mirai or other IoT botnets target toothbrushes or similar embedded devices.”

A line in the original report in German was translated from German to English as “This example, which seems like a Hollywood scenario, actually happened”. This has been confirmed as an accurate translation leading to the belief of this being a real attack.

Original Article

I’m not a massive fan of smart devices, not everything needs an app and not everything needs to talk to you, Alexa go away etc. Something that further backs my claim is some news from Switzerland where smart toothbrushes have been used for DDoS attacks causing millions of Euros in damages for a Swiss company.

Smart Toothbrushes Used in DDoS Attack

A recent report published by Aargauer Zeitung (Via TomsHardware) has claimed that around three million smart toothbrushes have been taken over by hackers and transformed into a botnet used to conduct a DDoS attack against a Swiss company. This DDoS attack caused the company’s website to go down and led to millions of Euros in losses for the company. Neither the company nor the specific smart toothbrush brands were named.

This attack was said to be possible due to the Java based OS on the unspecified smart toothbrushes which were infected with malware and then used for the attack. Now I really do question the need for a smart toothbrush, just use your toothbrush and be done with it, no need for the added rubbish. Not everything needs to be connected to the internet and this is just evidence of that, if it can be connected, cyber criminals can also connect.

Taking a look at the Philips Sonicare DiamondClean Smart, which I must note isn’t the confirmed subject of the attack, it basically uses a mobile app to show how well you’ve cleaned and will guide you to missed spots. It’s nice but something that’s just really not worth the hassle, and definitely not worth the £399 MSRP.