Ventured

Tech, Business, and Real Estate News

3 Million Smart Toothbrushes Were Just Used In A DDoS Attack. Really

Source: ZDNet, Steven Vaughan-Nichols, Senior Contributing Editor
Photo: chang/Getty Images

What’s next, malware-infected dental floss? But seriously: It’s a reminder that even the smallest smart home devices can be a threat. Here’s how to protect yourself.

It sounds more like science fiction than reality, but Swiss newspaper Aargauer Zeitung reports that approximately three million smart toothbrushes were hijacked by hackers to launch a Distributed Denial of Service (DDoS) attack. These innocuous bathroom gadgets — transformed into soldiers in a botnet army — knocked out a Swiss company for several hours, costing millions of euros in damages.

No, we’re not kidding.

While the details are scarce, we know that the compromised toothbrushes were running Java, a popular language for Internet of Things (IoT) devices. Once infected, a global network of malicious toothbrushes launched their successful attack.

The repurposed toothbrushes accomplished this by flooding the Swiss website with bogus traffic, effectively knocking services offline and causing widespread disruption.

This episode underlines the ever-expanding threat landscape as the IoT becomes increasingly embedded in our daily lives. “Smart” toothbrushes are now 10 years old. Devices that once seemed harmless and disconnected from the digital ecosystem are now potential entry points for cybercriminals. The implications are vast, not only for individual privacy and security but also for national infrastructure and economic stability.

As Stefan Zuger, director of system engineering in the Swiss office of the security company Fortinet, said, “Every device that is connected to the Internet is a potential target – or can be misused for an attack.”

Anyone paying close attention to cybersecurity has known about this threat for years. As James Clapper, former US director of national intelligence, told us in 2016: “Devices, designed and fielded with minimal security requirements and testing, and an ever-increasing complexity of networks could lead to widespread vulnerabilities in civilian infrastructures and US government systems.”

It’s no longer “could.” We’re now living in homes filled with insecure IoT devices.

Why? As Mark Houpt, data center operator DataBank chief information security officer, explained, it’s because many IoT devices are inherently insecure for two key reasons: Neglect and the lack of an interface upon which to add security and hardening measures. I mean, exactly how do you control your toothbrush’s security setting? How do you add an antivirus program to your refrigerator?

You can’t.

So, what can you do?

Well, for starters, as Zuger said, you can automatically update all your devices whenever an update is available “You can’t update enough.”

You should also never charge your device at a public USB port. That same port that charges your gadget can also infect it.

I also suggest paying attention if your device suddenly starts losing power faster than normal. Sure, it may just be an aging battery, but it also could be malware running in the background.

You should also be wary of public Wi-Fi connections. The same connection that lets you watch a TikTok may also be loading malware on your smartphone.

While at your home, I urge you to set up a firewall on your Internet connection. If an attacker can’t get to your smart toilet, it can’t infect it. And, boy, isn’t a malware-infected toilet an ugly thought?

Finally –and I’m quite serious about this — don’t buy an IoT-enabled device unless you have a real need for it. A smart TV? Sure, how else are you going to stream the Super Bowl? But a washing machine, an iron, a toothbrush? No. Just say no.

As we forge ahead into an increasingly connected future, let’s ensure that our digital hygiene is as robust as our dental hygiene.

https://www.zdnet.com/home-and-office/smart-home/3-million-smart-toothbrushes-were-just-used-in-a-ddos-attack-really