3 million smart toothbrushes reportedly hacked in massive DDoS attack — how to protect yourself
Even your smart toothbrush isn’t safe from hackers
Editor's Note: As we look into this story further, it may or may not have actually occurred as there's no official record of this attack taking place. However, the smart toothbrush brand as well as the company that was attacked may be keeping all of the details close to the chest as they work to patch any vulnerabilities. Regardless of whether or not millions of smart toothbrushes were actually used in a large-scale DDoS attack, this story still highlights the dangers posed by smart home devices.
It seems like every day there’s a story about PCs falling victim to malware or malicious apps infecting smartphones. However, the best smart home devices are just as vulnerable to attacks and maybe even more so.
As many smart devices don’t have the same level of protection built into computers and phones, hackers can exploit any vulnerabilities they may have and then use them to launch cyberattacks. Just this week for instance, it was discovered that 3 million smart toothbrushes were compromised and then used to launch a distributed denial of service or DDoS attack against a company in Switzerland.
According to a report from the Swiss-German newspaper Aargauer Zeitung (h/t Tom’s Hardware), the smart toothbrushes used in this attack were first infected with malware which allowed them to be integrated into a botnet that was used to carry out DDoS attacks on a number of prominent websites.
With 3 million smart toothbrushes forming a botnet that could be controlled remotely, the hackers behind this campaign then had them all try to access the website of a Swiss company at the same time. This led the site to crash and it wasn’t able to be brought back online for several hours afterwards. During the time the site was down though, it led to millions in damages and lost business for the unnamed Swiss company. While larger organizations may be able to weather such a storm, an attack like this could ruin a small business which is why DDoS attacks carried out by botnets are so dangerous.
Besides stealing credit card information, passwords and other sensitive data, hackers often use malware to infect vulnerable PCs with the aim of adding them to a botnet. Once this is done, they can then launch large-scale attacks without having to provide their own resources to do so. In this case though, infecting these smart toothbrushes proved much easier than doing the same thing with computers or phones.
How to protect your smart devices from hackers
Unlike with your PC where you can install the best antivirus software to stay safe from malware infections and cyberattacks, unfortunately you can’t do the same thing with your smart home devices. Instead it’s up to the vendors that make them to release new firmware to patch vulnerabilities that can be exploited by hackers.
For this reason, you want to update your smart home devices immediately when an update becomes available. Some vendors update their devices more frequently than others while some don’t send out updates at all. This is why you want to carefully research any smart device you plan on purchasing before you bring it into your home.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
At the same time, you want to stick with more well-known and established brands when shopping for smart home gear. It may be tempting to purchase an inexpensive security camera or motion sensor on Amazon but if that device comes from a company that doesn’t routinely push out firmware updates, you may end up spending more in the long run, especially if it becomes infected with malware.
Likewise, if you have one of the best Wi-Fi routers, you may want to consider setting up a guest network and keeping all of your smart home devices separate from everything else on your network. By quarantining your smart home devices, you can keep your laptop, smartphone and other devices that contain a lot of sensitive data safe from any potential threats that may be incurred by your smart home.
As for smart toothbrushes, you should ask yourself whether or not a device you use really needs smart functionality. Every device that’s connected to your home network is a potential target for hackers, so by limiting the number of smart devices you own, you're making the attack surface much smaller for hackers.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.