How 3 million toothbrushes caused millions of euros in damages

According to a recent report published by the Aargauer Zeitung (h/t, around three million smart toothbrushes have been infected by hackers and enslaved into botnets. The source report says this sizable army of connected dental cleansing tools was used in a DDoS attack on a Swiss company’s website. The firm’s site collapsed under the strain of the attack, reportedly resulting in the loss of millions of Euros of business.

In this particular case, the toothbrush botnet was thought to have been vulnerable due to its Java-based OS. No particular toothbrush brand was mentioned in the source report. Normally, the toothbrushes would have used their connectivity for tracking and improving user oral hygiene habits, but after a malware infection, these toothbrushes were press-ganged into a botnet.

Stefan Züger from the Swiss branch of the global cybersecurity firm Fortinet provided the publication with a few tips on what people could do to protect their own toothbrushes – or other connected gadgetry like routers, set-top boxes, surveillance cameras, doorbells, baby monitors, washing machines, and so on.

“Every device that is connected to the Internet is a potential target – or can be misused for an attack,” Züger told the Swiss newspaper. The security expert also explained that every connected device was being continually probed for vulnerabilities by hackers, so there is a real arms race between device software/firmware makers and cyber criminals. Fortinet recently connected an ‘unprotected’ PC to the internet and found it took only 20 minutes before it became malware-ridden.

We don’t have the finer-grained details of the specific Swiss company targeted and suffered from the extremely costly DDoS attack. However, it is common for malicious actors to issue threats with monetary demands attached before weaponizing their DDoS zombie army. Perhaps the Swiss firm refused to pay up, or perhaps the malicious actors instigated this attack to show their muscle (teeth?) ahead of making any demands.

Though we don’t have the finer details of the DDoS story, it serves as yet another warning for device owners to do their best to keep their devices, firmware, and software updated; monitor their networks for suspicious activity; install and use security software; and follow network security best practices.