Are Hackers Really Hacking Electric Toothbrushes? Understand the case

A story about Alleged invasion of a company using a botnet of hacked toothbrushes It got a lot of circulation last week. But days later, evidence began to emerge. that is not true.

It all started when Swiss newspaper Aargauer Zeitung published an article about a possible denial-of-service (DDoS) attack of massive proportions against a local company.

The most surprising fact is that a botnet was used for this. It consists of 3 million “hijacked” smart toothbrushes and ordered to access the victim’s server.

The case had many repercussions in the cybersecurity world, with comments coming from people surprised at the audacity of the attackers and how vulnerable we are today when using so many connected devices.

But new evidence obtained by the website beeping computer Implying that the story is false and not even presented as accurate by FortinetA security company that served as the source of the original report.

Why is this story probably false?

Clues to the lack of reality of the case begin with reading the original text. Report Doesn’t offer much concrete detailIt is referred to as “electric” rather than “smart”, like the name of the hacked company or the brand of the toothbrush.

Moreover There are no details about how the invasion actually took place. In order to use such a large number of identical objects as a botnet, it would first be necessary to send a malicious firmware update to all these devices, thereby controlling the entire legion of brushes.

In the statement sent beeping computerFortinet’s comment is as follows: During an interview he used the case only as “an example of some type of assault” and not a true “research-based” attack. The company also said: did not detect known botnet activity covers these devices.

Therefore the most likely hypothesis is: Any errors in translation, interpretation or communication between the newspaper and Fortineteventually became the “cordless phone” and turned an instance into a hoax incident.

On the other hand, the journalist responsible for the article also spoke. The tool insists that the story is presented as a real-life example and was personally reviewed by the cybersecurity company.