3 million smart toothbrushes became the target of a DDoS attack, causing millions of euros in losses
The Swiss newspaper Aargauer Zeitung reports that hackers have hacked about 3 million smart toothbrushes to use them for a DDoS attack. The attack was quite effective. It blocked the work of the Swiss company for several hours, causing millions of euros in losses.
There are not many details. All we know is that the hacked toothbrushes used Java, a popular language for IoT devices. After infection, a global network of malicious toothbrushes launched an attack. The repurposed toothbrushes sent fake traffic to the company’s website, effectively blocking the services and causing massive failures.
This curious case emphasizes how the threat landscape is expanding as the Internet of Things spreads. Nowadays, almost any device can threaten security, privacy and economic stability, being a potential entry point for cybercriminals.
“Every device connected to the Internet is a potential target or can be used for an attack,” said Stefan Zuger, director of system engineering at the Swiss office of security company Fortinet.
As Mark Houpt, Chief Information Security Officer at DataBank, explained, many IoT devices are inherently insecure for two key reasons: neglect and the lack of an interface to which security measures and hardening can be added. The user has no control over the safety settings of the toothbrush. And he can’t install an antivirus program on the refrigerator. So, if the developer neglected security measures at the design stage, the user is left face to face with a potentially dangerous device.
Given the new realities, owners of IoT devices need to follow some guidelines to try to ensure the safety of their gadgets. You need to install updates for your devices if they are released by the manufacturer. Do not charge the device via a public USB port and avoid public Wi-Fi connections, as they can be used to infect malware. You should set up a firewall on your home network.
