Even the lowly toothbrush might not be safe from internet hackers.
A now-debunked report said that a sophisticated cyberattack, leveraging 3 million compromised smart toothbrushes, caused widespread disruption, resulting in financial damages amounting to millions of euros. The story claimed that internet-connected toothbrushes were linked together to attack a Swiss company's website; it quickly went down, losing the company millions of euros. The Independent, which initially reported the story as fact, received clarification that this was simply a hypothetical scenario.
While it's clear that toothbrushes haven't been used in a DDoS attack, could they be in the future?
"If we're talking about smart devices, it could happen and has happened before with consumer routers in homes being recruited to take part in a DDoS attack," cybersecurity expert James Bore told Tech Times in an interview.
In 2015, tens of thousands of home routers were infected with malware to launch several DDoS attacks. In this scenario, researchers didn't believe that hackers obtained access through a firmware vulnerability but instead, because the firmware was deployed in an insecure way. As a result, scripts could run on the compromised devices to find other routers to infect.
"This mostly happens by cyber criminals pushing an update that contains malicious code which makes the device have unintended behaviors." Ash Shatrieh, threat intelligence at cybersecurity firm F-Secure, said: "This is possible either by hacking into these connected devices through an unpatched vulnerability or hacking into the manufacturer's servers and being able to modify code that will later be pushed into these connected devices as an update."
For this reason, the creators of smart devices need to keep their security efforts up to scratch.
"Internet-connected devices are far too often packaged up with weak (if any) built-in security features," Jake Moore, Global Cybersecurity Advisor at ESET, said. "So the public is on the back foot from the get-go and often does not realize the potential weaknesses. Security updates also tend to be infrequent, which puts further risks on the owner."
But why would someone want to control so many smart devices? A DDoS attack (or a distributed denial-of-service attack) attempts to disturb the normal traffic flow to a server.
"A DDoS attack is when a lot of computers send so much traffic to a website all at once that the website can't handle it and stops working." Nazar Tymoshyk, CEO and Founder at UnderDefense Cyber Security explained, "It's like if too many people try to get through a door at the same time, and nobody can get in."
As a result, having control of thousands or even millions of devices makes a DDoS attack even more effective.
While an attack at the scale of the original story is unlikely, it does give us a moment to reflect on whether we should be putting so many internet-connected devices in our homes without fully understanding the effect it may have.
"The massive growth in internet-connected devices placed in the home is the perfect opportunity to create mayhem among users and businesses alike, and DDoS attacks work well with unprotected devices." Moore added, "This is also a timely reminder to question whether or not a device really needs to be smart."
Owners of internet-connected devices must understand the risks of putting such a device in their homes. The unfortunate truth is they may get hacked due to your negligence or a poor security system created by the device provider. So, why do you need that smart fridge?
"Companies need to produce devices with in-built security features but this costs money and often not in their financial modeling," Moore said. "Some devices simply don't need an internet connection. Dishwashers, fridges, and toothbrushes work just as well without being smart - in fact, they come with a peace of mind that they won't get hacked or need updating."
Ryan S. Gladwin is a Freelance Journalist whose work can be found at muckrack.com/ryan-s-gladwin