Aargauer Zeitung (Switzerland) has just reported that some hackers have hacked about 3 million smart toothbrushes and conducted a comprehensive DDoS attack.
A DDoS attack with a smart brush botnet paralyzed the operations of a Swiss company, causing millions of dollars in damage. The publication doesn’t provide many details, but the Java language, which is quite popular in the Internet of Things (IoT) device segment, was used to attack the smart brush. After carrying out the infection, the attackers launched an attack.
Smart toothbrushes with modified firmware became targets for the attack, flooding the Swiss company’s website with bogus traffic, disabling services, and causing outages.
The incident highlights that with the widespread deployment of IoT devices, threats are constantly expanding. Smart toothbrushes have been around for a decade seemingly harmless and outside the digital ecosystem but have now become a potential entry point for cybercriminals. This could have significant consequences for user privacy and security, as well as for national infrastructure and economic stability.
Many IoT devices are inherently insecure for two main reasons: a nonchalant attitude towards their safety and a lack of interfaces that enhance security measures, experts warn. For example, smart toothbrushes do not have security settings and users cannot install anti-virus software for refrigerators.
In some cases, basic digital safety standards will keep users protected. For example, people should not charge IoT devices via public USB ports when they can be used for hacking. Similarly, be wary of public Wi-Fi networks. Unless necessary, users can do without an internet-connected device. If a Smart TV needs a connection similar to a smartphone, then a washing machine, iron, or toothbrush with an internet connection is probably overkill.