It sounds more like science fiction than reality, but Swiss newspaper Aargauer Zeitung reports that approximately three million smart toothbrushes were hijacked by hackers to launch a Distributed Denial of Service (DDoS) attack. These innocuous bathroom gadgets — transformed into soldiers in a botnet army — knocked out a Swiss company for several hours, costing millions of euros in damages.
No, we’re not kidding.
Also: Do you love or fear your smart home devices? For most Americans, it’s both
While the details are scarce, we know that the compromised toothbrushes were running Java, a popular language for Internet of Things (IoT) devices. Once infected, a global network of malicious toothbrushes launched their successful attack.
The repurposed toothbrushes accomplished this by flooding the Swiss website with bogus traffic, effectively knocking services offline and causing widespread disruption.
This episode underlines the ever-expanding threat landscape as the IoT becomes increasingly embedded in our daily lives. “Smart” toothbrushes are now 10 years old. Devices that once seemed harmless and disconnected from the digital ecosystem are now potential entry points for cybercriminals. The implications are vast, not only for individual privacy and security but also for national infrastructure and economic stability.
As Stefan Zuger, director of system engineering in the Swiss office of the security company Fortinet, said, “Every device that is connected to the Internet is a potential target – or can be misused for an attack.”
Anyone paying close attention to cybersecurity has known about this threat for years. As James Clapper, former US director of national intelligence, told us in 2016: “Devices, designed and fielded with minimal security requirements and testing, and an ever-increasing complexity of networks could lead to widespread vulnerabilities in civilian infrastructures and US government systems.”
It’s no longer “could.” We’re now living in homes filled with insecure IoT devices.
Also: This company says AI can help design sustainable smart home appliances
Why? As Mark Houpt, data center operator DataBank chief information security officer, explained, it’s because many IoT devices are inherently insecure for two key reasons: Neglect and the lack of an interface upon which to add security and hardening measures. I mean, exactly how do you control your toothbrush’s security setting? How do you add an antivirus program to your refrigerator?
You can’t.
So, what can you do?
Well, for starters, as Zuger said, you can automatically update all your devices whenever an update is available “You can’t update enough.”
Also: The best smart home devices, tested and reviewed
You should also never charge your device at a public USB port. That same port that charges your gadget can also infect it.
I also suggest paying attention if your device suddenly starts losing power faster than normal. Sure, it may just be an aging battery, but it also could be malware running in the background.
You should also be wary of public Wi-Fi connections. The same connection that lets you watch a TikTok may also be loading malware on your smartphone.
While at your home, I urge you to set up a firewall on your Internet connection. If an attacker can’t get to your smart toilet, it can’t infect it. And, boy, isn’t a malware-infected toilet an ugly thought?
Also: The best smart TVs you can buy
Finally –and I’m quite serious about this — don’t buy an IoT-enabled device unless you have a real need for it. A smart TV? Sure, how else are you going to stream the Super Bowl? But a washing machine, an iron, a toothbrush? No. Just say no.
As we forge ahead into an increasingly connected future, let’s ensure that our digital hygiene is as robust as our dental hygiene.