3 Million Smart Toothbrushes Hacked to Launch DDoS Attack (Updated)

About 3 million smart toothbrushes were infected with malware to launch a stroke DDoS against a Swiss company whose name has not been revealed. As reported by the Aargauer Zeitung media, the attack managed to take down the company’s website and caused million euros in losses.

A DDoS or denial of service occurs when a large enough number of devices simultaneously try to access a website or service, exceeding their ability to meet requests and causing their downfall.

Hackers use for this purpose what is called botnet or zombie network of devices. These are infected, but work normally and without the users knowing. When the hacker gives the order, participate in denial of service attack.

It is not unusual for them to occur, but it is striking that this was carried out using such apparently harmless devices and in such a large number. Normally, smart toothbrushes would have used their connectivity to track and improve the user’s oral hygiene habits, but they ended up being part of an extensive botnet. And it is that Any device connected to the Internet is susceptible to being targeted by hackers. In this case, they would have taken advantage of a vulnerability in the operating system based on Java that they employ. The brand name of the affected toothbrushes has also not been released.

According to Stefan Zugerfrom the cybersecurity company Fortinet, “every device that is connected to the Internet is a potential target, or can be misused for an attack.” For this reason, we should not think that devices such as routers, decoders, surveillance cameras, doorbells, baby monitors, washing machines and others are not at risk. All types of devices are continually scanned by hackers for vulnerabilities, “so there is a real arms race between device software/firmware manufacturers and cybercriminals”.

In this situation, Züger recommends users keep their devices, both firmware and software, updated, monitor their networks for suspicious activity, and install and use security software.

Update February 9

Fortinet has made the following clarification to La Razón:

“To clarify, the topic of toothbrushes being used in denial of service (DDoS) attacks was raised during an interview as an illustration of a specific type of attack, and is not based on research by Fortinet or FortiGuard Labs. It seems that due to translations, the narrative on this topic has been distorted to the point where the hypothetical and actual scenarios are blurred.

And in case general context about the IoT botnet environment is of interest, FortiGuard Labs is currently observing the following activity:

The Mirai botnet has been dethroned from its #1 position. In FortiGuard Labs’ H2 2022 Global Threat Landscape Report, which was released on February 22, 2023, Mirai was ranked #1 in terms of Volume per Organization . Between Q3 and Q4 2023, Mirai command and control detection volume decreased by 36% and is currently ranked #5.

FortiGuard Labs has not observed that Mirai or other IoT botnets attack toothbrushes or other similar embedded devices

Aargauer Zeitung, the outlet that originally published the news, has published an update on the information following Fortinet’s statement:

“What Fortinet’s California headquarters now calls a ‘translation problem’ sounded completely different during the investigation: Swiss Fortinet representatives described the toothbrush case as a real DDoS in a meeting where current threats were discussed: the attack described.

Fortinet provided specific details: information on how long the attack on a Swiss company’s website lasted; an order of magnitude of how great the damage was. Fortinet did not want to reveal which company it was with out of consideration for its customers.

The text was sent to Fortinet for verification before publication. The claim that this was a real case that really happened was not challenged. Fortinet’s global leadership has now backtracked on its statement, which was sent to several international media outlets.”