[Article mis à jour le 7 février 2024 à 19h01] It’s a somewhat special adventure that has just taken place in German-speaking Switzerland. A company, whose precise name has not been communicated, suffered a DDOS attack carried out… by toothbrushes connected.
Article update
Contrary to what the article in Luzerner Zeitung, this DDoS attack carried out by an army of toothbrushes is in fact only a fictional scenario mentioned by Stefan Züger. Despite the precision of the original article which indicates that ” this example, despite its Hollywood character, really happened », it would actually be a misunderstanding between the journalist and the source interviewed. The information was taken as is by other sources, from which this article was inspired. Kevin Beaumont, cybersecurity specialist, highlighted on the social network Mastodon the technical difficulty that such an attack would have represented. We apologize for this awkwardness.
Connected objects are a risk for cybersecurity and the latest case, reported by the Aargauer Zeitung newspaper, proves it once again. In an article published at the end of January, the Swiss media revealed that a DDOS attack had been carried out by malicious hackers using a botnet army made up of three million connected toothbrushes.
A discreet and efficient army
If the name of the targeted company or the brand of toothbrush used are not known, we still know that the connected gadgets ran under an operating system based on Java (a popular programming language for connected objects ) and caused millions of euros in losses for the targeted company, which saw its IT systems collapse for nearly 4 hours under the weight of millions of requests.
It seems that bathroom accessories, normally supposed to track your toothbrushing habits for impeccable hygiene, have therefore been infected by malware and at the mercy of any command launched by a malicious hacker. As a result, an army of discreet computers scattered across the country was able to take sites offline without the owners of the accessories even realizing it.
The federal cybersecurity office (a sort of transalpine ANSSI) explains that more than 50,000 attacks took place in the country in 2023, an increase of 43% in two years. Switzerland is no different from other countries since, according to some figures, France experienced 385,000 cyberattacks in 2022 alone.
How to protect yourself?
“All internet-connected accessories are a potential target“, explained Stefan Züger, cybersecurity researcher at Fortinet, about the attack. To protect against such mishaps, the specialist obviously advises updating these devices as soon as a new version is offered, “you can never be up to date enough», he adds.
Also avoid charging your gadgets on any USB ports, some may transmit viruses or malware. The same goes for public Wi-Fi connections which sometimes serve as attack vectors to infect certain machines. Also remember that your network is only as secure as its weakest link. If your toothbrush is connected to your Wi-Fi and suffers a security breach, it becomes easy to use it as an access point to the rest of your network. So reduce the attack surface as much as possible and be sure to make your updates.
Source : Aargauer Zeitung via Tom’s Hardware
16