on tuesday, Independent, Tom's Hardware, A number of technology news outlets, including , published stories about how 3 million smart toothbrushes were used in a DDoS attack. The only problem? That “didn't actually happen,” Jason Kabler wrote via 404 Media. “There were no additional details about this apparent attack, and most of the article cited general research by a publicly traded cybersecurity company called Fortinet, which has been detecting maliciously hijacked Internet of Things devices for years. A search on Fortinet's website did not find any recently published studies on hacked smart toothbrushes.'' From the report: The original article, titled “Toothbrushes are under attack,” begins with the following sentence: “While she is in the bathroom of her home, she is complicit in a massive cyberattack. The electric toothbrush is programmed in Java and installed without the criminals' knowledge.” Like 3 million toothbrushes, it has malware embedded in it. One command is enough and the remotely controlled toothbrush simultaneously accesses the Swiss company's website. The site will collapse and be paralyzed for 4 hours. Millions of dollars in damages occur. This example looks like a Hollywood scenario, but it actually happened. It shows how versatile digital attacks have become. ” […]
The story of “3 million smart toothbrushes hacked'' has been circulating online for over 24 hours now, and despite widespread skepticism from those in the security industry and its viral nature, literally No new information has come out regarding it. Two Fortinet executives mentioned in the original report did not respond to emails and messages on his LinkedIn seeking clarification, as did his Fortinet PR team. The author of the Aargauer Zeitung article also did not respond to requests for further information. I called Fortinet's corporate office and asked to speak about the earnings with a spokesperson listed in a press release issued after news of the toothbrush started spreading, but I was immediately hung up. The company continues to tweet about other unrelated things. They have not responded to BleepingComputer or to the many security researchers looking for further evidence that this actually happened. We don't know how this happened, but Fortinet has been talking specifically about the dangers of internet-connected toothbrushes for years, and they brought it up in a researcher's talk. I've used it as an example. In a statement to 404 Media, Fortinet said: “To be clear, the topic of toothbrushes used in DDoS attacks was brought up during the interview as an illustration of a specific type of attack, and is not intended to be used by Fortinet or FortiGuard. It is not based on Labs research.” Due to translation, the story on this topic seems to have been stretched to the point where the hypothetical and real scenarios become blurred. ”
