Warning: This blog post was composed under the influence of pain-killing drugs. Read at your own risk.
Have you heard about the computer malware attack on internet-equipped electric toothbrushes? Three million electric toothbrushes subverted by computer malware that attacks targets and victims with distributed denial-of-service (DDoS) exploits?1
Now before we examine the details of this terrifying digital disaster, WC wants to briefly rage again against the Internet of Things, appliances, tools and gadgets attached to the internet for no really good reason except it’s regarded as the cool, strategic marketing thing to do. Seriously, internet-equipped toothbrushes? The record of your dental hygiene out there for the hackers to see? Sheesh. End of screed.
This all started with a report in the Swiss-German language daily newspaper Aarguer Zeitung.
The Swiss-German article was translated by the blog Tom’s Hardware using Google Translate. As translated, the original piece reported around three million smart toothbrushes had been infected by hackers and enslaved into botnets. The newspaper report, again as translated, said this sizable army of connected lazy man’s dental cleansing tools was used in a DDoS attack on a Swiss company’s website. The firm’s site collapsed under the strain of the attack, reportedly resulting in the loss of millions of Euros of business.
In this particular case, the toothbrush botnet2 was thought to have been vulnerable due to its Java-based Operating System. No particular toothbrush brand was mentioned in the source report. Normally, the toothbrushes would have used their connectivity for tracking and improving user oral hygiene habits, but after this malware infection, the toothbrushes were press-ganged into a botnet. The widely read ZDNet then amplified the story, with the lead, 3 Million smart toothbrushes were just used in a DDoS attack.
Um. No.
Digitally connected electric toothbrushes are equipped with Bluetooth, the short-range networking protocol. Connected to your smart phones. Not directly to the internet. The toothbrushes are incapable of connecting to the internet, let alone having the memory capacity to generate a DDoS attack. The Bluetooth protocol is incapable of supporting a DDoS attack. The “smart” toothbrushes are innocent.
It turns out that the whole story started with a report by Fortinet Labs in which it offered the smart electric toothbrush scenario as a worst case example of an Internet of Things risk. The Swiss-German newspaper article correctly reported it as a hypothetical. But a key sentence, run through Google Translate, came out as “This example, which seems like a Hollywood scenario, really happened.”
So a combination of a really bad failure by Google Translate and an equally bad failure of due diligence by technology reporters and there you go.
Just the same, WC will stay with his old-fashioned, bamboo-handled, decidedly not smart or electric toothbrush.
1 A malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
2 A group of computers – or CPUs in the Internet of Things – which have been infected by malware and have come under the control of a malicious actor. The term botnet is a portmanteau from the words robot and network and each infected device is called a bot.
Wickersham's Conscience 
Fascinating how with just a few pieces of information being wrong/mis-intrepreted, the entire tale of off the mark by a mile. If there are any readers of Cory Doctorow’s musings, you are familiar with the phrase, “the enshittification of the internet”.
LikeLiked by 1 person
Doctorow’s thesis is that the value of the internet is being destroyed by non-sensical decisions like the ones WC has observed, along with a lot more.
LikeLike