Last week, a Swiss news agency Aargauer Zeitung reported that hackers took control of more than three million electric smart toothbrushes to wage a Distributed Denial of Service (DDoS) attack on an unnamed Switzerland-based company.
Several major Western media outlets picked it up and made it viral worldwide. However, many failed to cross-verify technology aspects of how can cyber criminals take control of an electric brush that cannot even independently connect to the internet.
The truth is that Aargauer Zeitung’s reporter misunderstood the Fortinet researcher’s statement on the hypothetical possibility of bad actors taking control of smart brushes with Javascript-based malware code to make them bots and be used for DDoS.
It missed the part about how they turned electric brushes into rogue bots. For that to happen, the threat actors have to even hack the companion smartphone linked to an electric brush to initiate DDoS. This missing link was not reported and yet other other reputed publishers went ahead sharing the story on the web.
——————————————————–