Feb 9, 2024 - Technology

Lessons from the viral toothbrush malware story

Image of a set of electric toothbrushes in cups on a table

Photo: Krisztian Bocsi/Bloomberg via Getty Images

Hackers didn't hack your smart toothbrush.

What's happening: Swiss outlet Aargauer Zeitung published a story last week claiming that hackers had launched a distributed denial-of-service (DDoS) attack against roughly 3 million internet-connected toothbrushes, causing damage to the tune of millions of euros.

  • Fortinet, which the outlet claimed had shared the details of the reported attack, later confirmed to several reporters that the attack written about was hypothetical.
  • "To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack," the company told 404 Media, noting the mistake had happened due to a translation error.

Why it matters: So little is publicly understood about cybersecurity and how experts discuss potential threats that even mainstream publications were duped into writing about the incident.

  • ZDNet ran a headline saying, "3 million smart toothbrushes were just used in a DDoS attack. Really."
  • Until Thursday, tech site Tom's Hardware had a headline that read, "Three million malware-infected smart toothbrushes used in Swiss DDoS attacks."
  • And The Sun stuck to the following headline: "Over 3 million toothbrushes could be 'hacked' and 'turned into secret army for criminals,' experts claim."

Between the lines: Sure, smart devices are vulnerable to hacks, but criminal hackers are more likely to pursue attacks that lead to financial gain.

  • Disrupting the internet service to a toothbrush — which is just logging data about someone's oral hygiene habits — doesn't really give a hacker much besides a good laugh.
  • Instead, hackers would likely turn to ransomware or online fraud where they could get an easy payout.

Be smart: Many news sites are eager to get clicks — and in cybersecurity, that often means reporters and editors lean into the scariest parts of a hypothetical hacking scenario.

  • When reading something that seems deeply terrifying, ask questions about why a criminal or nation-state would try to pursue such an attack: What do they have to gain? Is it worth carrying out?
  • And make sure you take your own precautions: If you install software updates and use multifactor authentication, you'll likely be safe from (most) cyberattacks.
Go deeper