https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages Skip to main content (*) ( ) Open menu Close menu Tom's Hardware [ ] Search Search Tom's Hardware [ ] RSS US Edition flag of US flag of UK UK flag of US US flag of Australia Australia flag of Canada Canada * * Reviews * Best Picks * Raspberry Pi * CPUs * GPUs * Coupons * Newsletter * More + News + PC Components + SSDs + Motherboards + PC Building + Monitors + Laptops + Desktops + Cooling + Cases + RAM + Power Supplies + Peripherals + Overclocking + 3D Printers + About Us Forums Trending * AMD Ryzen 7 8700G * Nvidia RTX 4080 Super * Intel 14th-Gen Raptor Lake * PCIe 5.0 SSDs When you purchase through links on our site, we may earn an affiliate commission. Here's how it works. 1. Networking Three million malware-infected smart toothbrushes used in Swiss DDoS attacks -- botnet causes millions of euros in damages News By Mark Tyson published 6 February 2024 Dental IoT devices caused millions of Euros in damages for Swiss company, says report. * * * * * * * Comments (13) An example of a smart toothbrush system (Image credit: Philips) According to a recent report published by the Aargauer Zeitung (h/t Golem.de), around three million smart toothbrushes have been infected by hackers and enslaved into botnets. The source report says this sizable army of connected dental cleansing tools was used in a DDoS attack on a Swiss company's website. The firm's site collapsed under the strain of the attack, reportedly resulting in the loss of millions of Euros of business. In this particular case, the toothbrush botnet was thought to have been vulnerable due to its Java-based OS. No particular toothbrush brand was mentioned in the source report. Normally, the toothbrushes would have used their connectivity for tracking and improving user oral hygiene habits, but after a malware infection, these toothbrushes were press-ganged into a botnet. Stefan Zuger from the Swiss branch of the global cybersecurity firm Fortinet provided the publication with a few tips on what people could do to protect their own toothbrushes - or other connected gadgetry like routers, set-top boxes, surveillance cameras, doorbells, baby monitors, washing machines, and so on. "Every device that is connected to the Internet is a potential target - or can be misused for an attack," Zuger told the Swiss newspaper. The security expert also explained that every connected device was being continually probed for vulnerabilities by hackers, so there is a real arms race between device software/firmware makers and cyber criminals. Fortinet recently connected an 'unprotected' PC to the internet and found it took only 20 minutes before it became malware-ridden. We don't have the finer-grained details of the specific Swiss company targeted and suffered from the extremely costly DDoS attack. However, it is common for malicious actors to issue threats with monetary demands attached before weaponizing their DDoS zombie army. Perhaps the Swiss firm refused to pay up, or perhaps the malicious actors instigated this attack to show their muscle (teeth?) ahead of making any demands. Though we don't have the finer details of the DDoS story, it serves as yet another warning for device owners to do their best to keep their devices, firmware, and software updated; monitor their networks for suspicious activity; install and use security software; and follow network security best practices. Stay on the Cutting Edge Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news -- and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox. [ ][ ]Contact me with news and offers from other Future brands[ ]Receive email from us on behalf of our trusted partners or sponsors[Sign me up] By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. Mark Tyson Mark Tyson Social Links Navigation Freelance News Writer Mark Tyson is a Freelance News Writer at Tom's Hardware US. He enjoys covering the full breadth of PC tech; from business and semiconductor design to products approaching the edge of reason. More about networking AWS Amazon's new AWS charge for using IPv4 is expected to rake in up to $1B per year -- change should speed IPv6 adoption A shot of Morse Micro's 3 kilometer HaLow Wi-Fi implementation tested along a San Francisco beach. Super long-range Wi-Fi works at a range of 1.8 miles -- HaLow standard aces a real-world test despite high interference Latest AMD AMD confirms Ryzen 8000G APUs don't support ECC RAM, despite initial claims See more latest > TOPICS Internet Malware See all comments (13) [ ] 13 Comments Comment from the forums * PEnns Somebody remind please, again: Why does something like toothbrush need to be connected?? People are really asking for trouble with this kind of "let's connect everything...because it's so cool"! Reply * peachpuff PEnns said: Somebody remind please, again: Why does something like toothbrush need to be connected?? People are really asking for trouble with this kind of "let's connect everything...because it's so cool"! To get on the toothbrush leader board... duh. Reply * Phaaze88 'Smart' toothbrushes... holy crap, humanity. Insert that saying about, 'because we can, doesn't mean we should'. Replace the word smart with dumb. Reply * chaz_music In general if the product name has "smart" as part of its description, you should be very wary. The amount of engineering effort needed to make IoT devices truly secure on the Internet is substantial, and many times the engineering team is rather green and not knowing what they don't know. Add to this that many companies will outsource their product development to design groups only based upon cost of the project, you end up with catastrophes like this story. Even larger companies like HP have had problems with IoT printers and they had to go through growing pains to get the security right, with lots and lots of reuse of code, checks, etc. And most design teams are only cost focused, and don't want to add the cost of using more mature RF/networking products with the included code stacks such as by TI, Laird, Qualcomm, NXP, etc. So far, I have read about or myself found compromised devices in nearly all market areas: garage door openers, refrigerator, printers (why have Internet printing??!), smart doorbell cameras with off site recording, inexpensive network switches, smart LED lights (often color changing types), cars, RVs, phones (my goodness, that just makes you want to say damnit!), and now toothbrushes. And the hacked system vector is not always WiFi, as there are many other RF systems with another popular one to goof up being Bluetooth. The first automotive Bluetooth systems could be easily compromised, with one car type being used in a proof of concept in which the car was controlled by a passing car and the brakes were locked up while the car was traveling at highway speeds, triggering the anti lock brakes. And think about the Hyundai and Kia vehicles that can easily be stolen with a USB device. Same stuff. One of my biggest scare was not even with an RF based device but instead an Ethernet connected SCADA device from many years ago. It had a huge installed base, and it was sending data back on forth through the network using ... ASCII. Yep. And it was SCADA. Used in power plants, substations, transformers, generators, ... So the culprits are: 1. Businesses only counting R&D and BOM costs, with virtually no consequence for poor security quality. 2. Complacent and less knowledgeable engineers who are completely in charge of making serious decisions about cost vs. security. 3. Designing IoT tech into devices and leaving the update complexity up to the user. In my opinion, the user should never be required to be in the technology loop to make their devices safe. This is not the same as when it is used based upon common knowledge (driving a car, drinking hot coffee). The expected long term fix for industrialized nations is going to be more safety agency regulations, So think of UL in the US and CE/IEC in Europe. These protect the consumer from poorly designed products, but these always add cost (no free lunch). I hate going in that direction because it will cause many clever products to go away, and others to never come to market. Reply * Murissokah Not trying to pick on Java, but why do you need Java on a toothbrush? Reply * Giroro Murissokah said: Not trying to pick on Java, but why do you need Java on a toothbrush? That ones easy: Because it's cheaper to have first-year computer scientists ridiculously overbuild the system with off the shelf demo code than to hire electronics engineers who know how to write efficient firmware. The toothbrush probably has (and maybe needs) a multi-core ARM CPU as well, because you can just pass that extra $1 in hardware costs off to the customer in the $300+ asking price I know Philips/Oral-B charges for the smart version of a toothbrush with near identical brushing performance to the $30 non-smart version. Reply * newtechldtech PEnns said: Somebody remind please, again: Why does something like toothbrush need to be connected?? People are really asking for trouble with this kind of "let's connect everything...because it's so cool"! to sell them expensive 10 times the cost. it is all abut the $ and fooling the masses Reply * Giroro I sort-of understand how a marketing executive could want the company to sell a Bluetooth toothbrush. App tracking enabling access to a customer's sellable information, a branded billboard app icon on the users phone, etc etc. All the usual reasons to have an app. You can sell it to customers as having a fancy timer or whatever. I kinda get it. But why in the world would they pay engineers to enable wifi in the thing? It's probably built into their SoC, but like this has to be enabled by accident, right? This is some kind of backdoor thing? What's the selling point, revenue stream, or perceived value to the customer? You already have all you can get from Bluetooth, so why spend money on dev time to add in menus and get the wifi working? Reply * voodoochicken Watch out for those IoT Swiss Army Knives Reply * evdjj3j Smart toothbrushes for dumb people. Reply * View All 13 Comments Show more comments Most Popular [missing-im]Orange Pi enters handheld PC space with Orange Pi Neo, a Ryzen 7840U-powered handheld gaming device By Christopher HarperFebruary 06, 2024 [missing-im]Researchers design a processor from DNA -- microfluidic chip completes math calculations and also stores data in DNA By Christopher HarperFebruary 06, 2024 [missing-im]TSMC is now the world's largest semiconductor maker by revenue, beating Intel and Samsung: Analyst By Anton ShilovFebruary 06, 2024 [missing-im]$10,000 for a $3,500 Apple Vision Pro? Scalpers mark up Apple's headset, despite the fact that it's still in stock By Andrew E. FreedmanFebruary 05, 2024 [missing-im]Nvidia's flagship RTX 4090 gets a green and gold makeover By Zhiye LiuFebruary 05, 2024 [missing-im]Sharkoon unveils high-airflow ATX mid-tower wood case with 11 fan mounts By Aaron KlotzFebruary 05, 2024 [missing-im]PCIe 6.0 over optical cables demonstrated in custom data center solution By Anton ShilovFebruary 05, 2024 [missing-im]International Space Station gets Kioxia SSD upgrade for edge computing and AI workloads -- HPE Spaceborne Computer-2 now packs 310TB By Roshan Ashraf ShaikhFebruary 05, 2024 [missing-im]Raspberry Pi project lets you generate AI art for your TV using voice commands By Ash HillFebruary 05, 2024 [missing-im]Nvidia feature that converts SDR games to HDR uncovered by modder -- RTX TrueHDR settings found in latest Game Ready driver By Aaron KlotzFebruary 05, 2024 [missing-im]Intel's Lunar Lake reference laptops aim to improve power efficiency with Cirrus Logic hardware By Matthew ConnatserFebruary 05, 2024 TOPICS Internet Malware Tom's Hardware is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. * Terms and conditions * Contact Future's experts * Privacy policy * Cookies policy * Accessibility Statement * Advertise * About us * Coupons * Careers (c) Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.