It sounds more like science fiction than reality, but a Swiss newspaper reported that approximately three million smart toothbrushes were hijacked by hackers to launch a Distributed Denial of Service (DDoS) attack.
Sources, such as Bleeping Computer and Bleeping Media, found it hard to credit this toothsome tale. And later the security company Fortinet, which helped give the original story credence, admitted that mistakes were made and the story turned out to be fake.
According to ZDNET, quoting Aargauer Zeitung*, these innocuous bathroom gadgets — transformed into soldiers in a botnet army — were meant to knock out a Swiss company for several hours, costing millions of euros in damages. Allegedly the compromised toothbrushes were running Java, a popular language for Internet of Things (IoT) devices. Once infected, a global network of malicious toothbrushes would launch their successful attack. The repurposed toothbrushes would accomplish this by flooding the Swiss website with bogus traffic, effectively knocking services offline and causing widespread disruption.
But would such a thing actually be possible? IoT devices often lack robust security making them a hacker’s playground. The massive growth in IoT devices placed in the home and office is the perfect opportunity to create mayhem among users and businesses alike in the form of simple DDoS attacks. IoT devices are far too often packaged up with weak (if any) built-in security features so the public are on the back foot from the get go and often do not realise the potential weaknesses. Security updates also tend to be infrequent which put further risks on the owner. IoT owners must understand the risks when putting any internet connected device in their home and make sure they are kept up to date similar to any smartphone or laptop. However, this is also a timely reminder to question whether or not a device really needs to be smart.
by Jake Moore, ESET
*ESET does not bear any responsibility for the accuracy of this information.
ESET Ireland 