UPDATE: Turns out the following story was just a hypothetical situation and not real, an error in translation. "To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs," Fortinet confirmed in a statement. "It appears that due to translations, the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred." The original story follows.
In the age of every household object doubling as a smart device, this headline might not be as strange as it sounds - and could soon become the norm. It seems that recent Swiss DDoS attacks that caused millions in damage resulted from - get this - three million smart toothbrushes infected by hackers with malware forming a botnet. Yeah, it is not exactly something you can (apologies in advance) brush off - as it highlights some of the dangers of smart devices like toothbrushes connecting to a network for seemingly simple tasks like tracking oral hygiene habits.
Apparently, there was a vulnerability in the Java-based OS, but the report doesn't indicate which online toothbrush brands were involved in the attacks. Probably all of them when you consider that next to no one is sitting there updating the firmware and monitoring the network traffic on their toothbrush.
"Every device that is connected to the Internet is a potential target - or can be misused for an attack," security expert Stefan Züger said in an interview with the Swiss newspaper that broke the story-adding that hackers are continuously probing every connected device (including toothbrushes) for vulnerabilities.
Noting that no matter what device it is, software, firmware, and hardware all play an important role in keeping devices free from malware. A lot of this story remains unknown, from the toothbrush brands to the specific Swiss company that was attacked and lost millions. Still, it serves as a friendly reminder that all smart devices must be continuously monitored and updated - and that having an additional layer of network security at the router level is always a good idea.
Also, it's probably best to use an old-fashioned toothbrush that doesn't require an internet connection.