‘Total Bollocks’ — No, Your Toothbrush isn’t DDoS’ing
2024-2-7 22:25:16 Author: securityboulevard.com(查看原文) 阅读量:7 收藏

An electric toothbrush (that’s not part of a DDoS botnet)Were 3 million toothbrushes hacked into a botnet? Or does a Fortinet spokeschild have egg on his face?

Bizarre stories are flying around, saying a botnet of toothbrushes attacked a website. Millions of IoThings suddenly cried out in terror, somehow squashing a super Swiss site—supposedly.

Or not. It turns out to be untrue. In today’s SB Blogwatch, we point and laugh.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: SkrillexMachina.

PR FAIL

What’s the craic? Ann Kathrin Amstutz is lost in translation—“The toothbrushes are attacking”:

Actually happened
The electric toothbrush is programmed with Java, and criminals have unnoticed installed malware on it – like on 3 million other toothbrushes. One command is enough and the remote-controlled toothbrushes simultaneously access the website of a Swiss company. The site collapses and is paralyzed for four hours. Millions of dollars in damage is caused.

This example, which seems like a Hollywood scenario, actually happened … says Stefan Zuger. He is responsible for systems technology at the Swiss branch of the cybersecurity specialist Fortinet.

All Webinars

Yeah, right. No, really, says Mark Tyson—“Three million malware-infected smart toothbrushes used in Swiss DDoS”:

We don’t have the finer details
This sizable army of connected dental cleansing tools was used in a DDoS attack on a Swiss company’s website, [which] collapsed under the strain. … The toothbrush was thought to have been vulnerable due to its Java-based OS.

After a malware infection, these toothbrushes were press-ganged into a botnet. … Though we don’t have the finer details of the DDoS story, it serves as yet another warning for device owners.

We most certainly do not. Or indeed any details at all. Kevin “@GossiTheDog” Beaumont spies shens:

The toothbrush thing has gone viral, despite it being total bollocks. … It’s simply a made up example. It doesn’t exist.

A botnet of 3 million toothbrushes would be twice the size of Mirai’s various botnets put together, and a major infosec event. [Stefan Zuger] has only worked there about a year.

Ruh-roh. smashed smashes the story further:

They talk about a “Java-based” OS that could have been the cause. I know Java ME was a thing and there are Micro JVM that can run on microcontrollers. But still, it does not add up.

I think a DDoS attack happened (happens all the time). And security “experts” mentioned that these things could come from anywhere, even toothbrushes, and the details got lost in translation / used for click bait.

Ridiculous, right? turp182 agrees:

That’s the moment that got me! The whole thing went from preposterous to magical.

So perhaps we should see it a a fictional cautionary tale? 082349872349872 misquotes Niemöller:

First they came for The Onion
And I did not speak out
For I was not an Onion writer

Then they came for Black Mirror
And I did not speak out
For I was not a Mirror writer

Then they came for Horselover Fat …

But a story we can learn from. Steven J. Vaughan-Nichols keeps a straight face—“Really”:

It sounds more like science fiction than reality. [But it] underlines the ever-expanding threat landscape as the IoT becomes increasingly embedded in our daily lives. … Devices that once seemed harmless and disconnected from the digital ecosystem are now potential entry points for cybercriminals. The implications are vast.

Anyone paying close attention to cybersecurity has known about this threat for years. … It’s no longer “could.” We’re now living in homes filled with insecure IoT devices.

I’m quite serious about this — don’t buy an IoT-enabled device unless you have a real need for it. A smart TV? Sure, how else are you going to stream the Super Bowl? But a washing machine, an iron, a toothbrush? No. … Let’s ensure that our digital hygiene is as robust as our dental hygiene.

I guess it worked—in the sense that we’re talking about it. @MichaelJoseph is hungry for BRAAAIIINS:

Who had “Zombie toothbrushes” on their 2024 bingo card?

Meanwhile, fahrbot-bot puns up a storm:

Despite the apparent use of FLOSS, this can’t simply be brushed off and the perpetrators won’t receive a plaque for their achievement.

And Finally:

What was the real test?

CW: Flashing images; violence; F-bombs

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: Jon Love (cc:by; leveled and cropped)

Recent Articles By Author

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 572 posts and counting.See all posts by richi


文章来源: https://securityboulevard.com/2024/02/toothbrush-ddos-botnet-bollocks-richixbw/
如有侵权请联系:admin#unsafe.sh