Share this article on:
A new attack vector keeps your teeth sparkling white, and your enemies are denied service – all in one!
We all know that connected smart devices are a boon around the home – but they’re also a possible attack vector for malicious actors bent on using their distributed computing power for nefarious purposes.
But what we did not expect was for this to extend to a toothbrush-based distributed denial-of-service (DDoS) attack.
However, that is exactly what befell a Swiss company recently when a network of 3 million smart toothbrushes was used to launch a denial-of-service attack that took the company’s website offline.
The attack is no laughing matter, either – the website disruption reportedly cost the company millions of euros in lost revenue.
According to Swiss news outlet Aargauer Zeitung, the toothbrushes were running a form of Java-based operating system, which the enterprising threat actor behind the attack was able to compromise. Rather than using the toothbrush’s connectivity to share dental hygiene habits with their users, the hacker turned them into a botnet.
Stefan Zuger, director of system engineering at security firm Fortinet’s Swiss office, told the outlet that the attack was a warning to take IoT device security seriously.
“Every device that is connected to the internet is a potential target – or can be misused for an attack,” Zuger told Aargauer Zeitung.
The report does not name the impacted company nor who the threat actor might be. That said, Swiss organisations have been heavily targeted by DDoS attacks in recent months, with the Russian hacking collective NoName057(16) responsible for dozens of attacks against the country in January alone.
The attacks were likely linked to the recent meeting of the World Economic Forum in Davos in January.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.