Many news sites have reported that a denial of service (DDoS) attack had been carried out against a Swiss company, using three million connected electric toothbrushes. It’s wrong.
In recent days, we could read here and there in the press that 3 million electric toothbrushes had committed a DDoS attack on a company with colossal damage. None of this is true and there is no evidence to suggest that electric toothbrushes could carry out this type of computer attack.
Electric toothbrushes are innocent of DDoS attacks
It all started with Aargauer Zeitung. The Swiss news site publishes an article about an employee of cybersecurity company Fortinet. It declared that 3 million electric toothbrushes had been infected with malware in Java in order to carry out DDoS attacks against a Swiss company.
A denial of service or DDoS attack, like the one carried out in 2022 against Overwatch, consists of sending mass requests to a website using bots, to saturate its resources, so that it can no longer accept requests. requests of the real ones. In this case, “the site collapsed and remained paralyzed for four hours. The damage amounts to millions of dollars“, we can read in the article.
The story was quickly picked up by many high-tech news sites, without verifying the story. Indeed, there is no trace of this attack. Since publication, Fortinet has not released any information about this attack and is not responding to requests for comment.
Electric toothbrushes cannot connect directly to the internet
According to Statista, around 17 billion IoT devices (like electric toothbrushes) are expected to be online by the end of 2024. That’s a huge potential for devices that could be employed as bots in denial of service attacks.
However, it is unlikely that these 3 million electric toothbrushes will be exposed directly to the internet to be infected with malware. In fact, they do not connect to servers, but use Bluetooth to connect to mobile applications which then download the data from the web.
Read > Electric or manual toothbrush: which is better according to science?
This means that a massive hack like this could only have been achieved through malware previously introduced via the apps. However, there is no trace of this intrusion either. If this were the case, the matter would be much bigger than a simple DDoS attack. The case is more likely a hypothetical scenario shared by Fortinet, which was misunderstood or taken out of context to create a viral story.
- There are no traces of a DDoS attack with connected toothbrushes.
- They themselves would have had to be previously infected with firmware, of which there is also no trace.
- This case is more likely a hypothetical case imagined by a cybersecurity company.