Since we’ve been talking about smart things, Toms Hardware, another respected site came out with an article I’m seeing about smart tooth brushes being used to run a DDOS attack.
Here’s the boost that caught my attention. It says:
Haily Merry: Boosting Hacker News 50 (hn50): Three million malware-infected smart toothbrushes used in Swiss DDoS attacks
Link: https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages
Discussion: https://news.ycombinator.com/item?id=39277990
This is the first time I’ve heard tooth brushes being used to attack things, but I guess I shouldn’t be surprised by this.
The first paragraph of this article states: <blockquote> According to a recent report published by the Aargauer Zeitung (h/t Golem.de), around three million smart toothbrushes have been infected by hackers and enslaved into botnets. The source report says this sizable army of connected dental cleansing tools was used in a DDoS attack on a Swiss company’s website. The firm’s site collapsed under the strain of the attack, reportedly resulting in the loss of millions of Euros of business. </blockquote>
A website being knocked offline can be devistating, especially if it is a business web site. If a company can’t process payments that can’t be good.
In this particular case, the toothbrush botnet was thought to have been vulnerable due to its Java-based OS. No particular toothbrush brand was mentioned in the source report. Normally, the toothbrushes would have used their connectivity for tracking and improving user oral hygiene habits, but after a malware infection, these toothbrushes were press-ganged into a botnet.
A java based operating system is bad enough, as it can’t get updates unless you go to the java web site and get updates that way.
“Every device that is connected to the Internet is a potential target – or can be misused for an attack,” Züger told the Swiss newspaper. The security expert also explained that every connected device was being continually probed for vulnerabilities by hackers, so there is a real arms race between device software/firmware makers and cyber criminals. Fortinet recently connected an ‘unprotected’ PC to the internet and found it took only 20 minutes before it became malware-ridden.
Finally,
Though we don’t have the finer details of the DDoS story, it serves as yet another warning for device owners to do their best to keep their devices, firmware, and software updated; monitor their networks for suspicious activity; install and use security software; and follow network security best practices.
To read the entire story, please read Three million malware-infected smart toothbrushes used in Swiss DDoS attacks — botnet causes millions of euros in damages.