Hackers DDoS Swiss Website after Hacking 3 Million Smart Toothbrushes

Hackers exploited compromised toothbrushes running Java, turning them into botnets to execute DDoS attacks on an undisclosed Swiss website.

A Swiss company’s website was disrupted by a Distributed Denial of Service (DDoS) attack on three million smart toothbrushes, which were infected with malware, reported Swiss newspaper Aargauer Zeitung. 

The toothbrushes, running on Java, were turned into an army of malicious botnets, flooding a Swiss company’s website with traffic and forcing it to go offline. This could potentially cost the company a significant amount of cash in financial losses.

The source report does not mention a specific toothbrush brand, but it suggests that these toothbrushes used the connectivity feature to track and improve the user’s oral hygiene habits.

The cybersecurity of Internet of Things (IoT) devices has been a concern for over a decade, with Fortinet’s system engineer director, Stefan Zuger stating that every device connected to the internet is a potential target.

The incident highlights the potential for internet-connected devices to be exploited for malicious purposes. Hackread.com has been reporting a constant rise and growing sophistication of attacks targeting IoT devices in homes/businesses.

Bitdefender Labs recently discovered vulnerabilities in the Bosch BCC100 thermostat, allowing remote attackers to manipulate settings and install malware. Such incidents highlight the wider trend of IoT devices, including electronic skateboards, coffee machines, treadmills, and security cameras, being vulnerable to cybersecurity attacks.

At DefCon 23, 2015, security conference, researchers Rico Healey and Mike Ryan discovered a vulnerability in Bluetooth-controlled electronic skateboards, allowing remote hacking and control.

Peloton treadmills have also been found to have security vulnerabilities, as reported by researchers at Check Point Technologies. The vulnerabilities were found in the operating system, applications, and malware.

Researchers have even uncovered life-threatening vulnerabilities in Industrial Internet of Things (IIoT) devices, including industrial robots. In June 2017, a chemical engineer, using the username C10H15N1 on Reddit, disclosed a hack of a coffee machine that resulted in a ransomware attack due to issues with a local control system in a European petrochemical factory. Despite remote analysis, the monitoring system crashed, even without internet connectivity, underscoring the potential for cyber threats in IoT devices.

Cybersecurity experts suggest that updating networked devices’ software with automatic security patches, using antivirus software, and monitoring unusual energy and data usage spikes are necessary to combat this threat. Moreover, regular password updates and two-step verification are crucial for maintaining the security of your IoT devices.

RELATED TOPICS

1. Google, Cloudflare, AWS Disclose Largest DDoS Attack in History
2. 10 Top DDoS Attack Protection and Mitigation Companies in 2023
3. IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia
4. Google Removes Swing VPN Android App Exposed as DDoS Botnet
5. Kaspersky Reveals Alarming IoT Threats and Dark Web DDoS Boom