Innocently, the smart toothbrush sits there on the bathroom sink. It was the latest thing and remarkably cheap, all things considered. The gadget came complete with a pressure sensor, two-minute timer, and an app that tracked its owner's dental hygiene progress.
All it needed was access to the house wifi.
Little did the owner know that at night, the toothbrush was surfing the net with his buddies shaking down random companies for crypto-ransoms.
Seem far-fetched?
Despite several reports to the contrary, it is.
Several outlets reported that a Swiss company was shut down for four hours due to a Distributed Denial of Service attack (DDOS) waged through three million smart toothbrushes around the world, causing millions of euros in damage.
They said that hackers used the toothbrushes to overwhelm the company's system with millions of visits.
However, much like the AI plane that attacked a communications tower to stop its controller from ending its mission, this scenario was a hypothetical released by cybersecurity company Fortinet.
To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred.
So while the toothbrush apocalypse did not actually happen, it makes sense that it could. Most of those smart appliances run on javascript (a popular internet of things program), and if a hacker can find an access point, there's no reason they can't upload a virus or malware. And how do you update the virus protection on a toothbrush?
James Clapper, the former head of U.S. National Intelligence, was all excited about this possibility of using these devices to spy on people back in 2016:
Devices, designed and fielded with minimal security requirements and testing, and an ever-increasing complexity of networks could lead to widespread vulnerabilities in civilian infrastructures and US Government systems. These developments will pose challenges to our cyber defenses and operational tradecraft but also create new opportunities for our own intelligence collectors.
"Smart" devices incorporated into the electric grid, vehicles โ including autonomous vehicles โ and household appliances are improving efficiency, energy conservation, and convenience. However, security industry analysts have demonstrated that many of these new systems can threaten data privacy, data integrity, or continuity of services. In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.
Stefan Zuger, director of system engineering in the Swiss office of the security company Fortinet, said,
Every device that is connected to the Internet is a potential target - or can be misused for an attack.
So, while having a bluetooth connected toaster might seem like a great idea; it's just another way a hacker, private or government, has to gain access to your life.
I'm not saying we should be total luddites, but I am saying I've never met an Amish person who got his business shut down by an army of toothbrushes.
P.S. Now check out our latest video ๐
