The three million toothbrush botnet story isn’t true.
Here’s the original source of the story: https://archive.is/2024.01.30-203406/https://www.luzernerzeitung.ch/wirtschaft/kriminalitaet-die-zahnbuersten-greifen-an-das-sind-die-aktuellen-cybergefahren-und-so-koennen-sie-sich-schuetzen-ld.2569480
It’s simply a made up example. It doesn’t exist. It starts talking about NoName Ddosia, too, which also isn’t toothbrushes.
Now NoName have picked up the fake toothbrush story as propaganda for their members.
Good job, Fortigate.
Kudos to @BleepingComputer for doing actual journalism.
Fortinet also declined to comment to me.
It's a completely made up story, which is now being circulated as Russian propaganda.
https://www.bleepingcomputer.com/news/security/the-unlikely-3-million-electric-toothbrush-ddos-attack/
The newspaper that had the first article about the Fortigate toothbrush botnet have updated the story and doubled down:
“The article originally said that the case "really happened like that."
This information came from the company Fortinet, which had described the case as real in the interview and proofread the article before publication. Fortinet is now correcting this statement and calling it a "hypothetical scenario". https://www.luzernerzeitung.ch/wirtschaft/kriminalitaet-die-zahnbuersten-greifen-an-das-sind-die-aktuellen-cybergefahren-und-so-koennen-sie-sich-schuetzen-ld.2569480
During the whole toothbrush botnet thing, people said ‘yes, the story is fake but it COULD happen’.
Almost every smart toothbrush uses Bluetooth so no, it could not.
Somebody pointed me towards one on Amazon which says it uses wi-fi, so I ordered it and investigated.
The toothbrush only has Bluetooth. The charger uses wi-fi - but has no open TCP or UDP ports. Traffic is outbound only, TLS 1.3.
So no, it was just total nonsense.
WIFI Toothbrush completely OTA under full control, no need of pressing buttons🥳 "Exploit" ESP32 Opens WIFI Network: evowera 12345678 (default set in Toothbrush🤪) and answers all the right requests to make the custom firmware update Demo video here🎬: https://t.co/2rPXHyO6ft
I wonder where the toothbrush gets the time and date from, to validate the TLS certificate chain.
...and how it alerts the user to an invalid server TLS 1.3 certificate.
BTW, how does TCP work with outbound traffic only? UDP maybe but TCP?
Without inbound traffic, it surely has to have an Ethernet cable connection or a WPS button.
Given that you can't tell it about the Wireless network to use.
Questions upon questions. Even without asking the obvious question of...why?
@GossiTheDog Still a reasonable chance it accepts any cert or is vulnerable to downgrade attacks or something.
Remember, the S in IOT stands for security.
Now, why does a toothbrush **charger** connect to anything?
@GossiTheDog The whole (bogus) story about a toothbrush botnet made me think. What exactly could "smart" enablement add to a toothbrush that would justify the development cost and the e-waste? What's next? Smart toilet paper? As you wipe your bum, it gives you directions and congratulates you at the end for doing a good job?
But hey. I probably got to that age where I just go "back in my day...", as younger folks roll their eyes
@GossiTheDog This one is nice, too:
Das globale Management von Fortinet hat nun zurückgerudert mit seinem Statement, das an verschiedene internationale Medien gesendet wurde. Dieses auch an CH Media zu schicken, hat die Firma unterlassen. Auch sonst liegt uns bisher kein weiteres Statement von Fortinet vor.
"Fortinet's global management has now backtracked with its statement that was sent to various international media outlets. The company neglected to also send this to CH Media. We have not yet received any further statements from Fortinet."
Security firm Malwarebytes has been one of the few companies or individuals that refused to swallow a bogus report about three million smart toothbrushes being used in a DDoS attack. A large number of so-called tech publications simply regurgitated the report which first appeared in the Swiss newspa...
I have been literally biting all my fingers *and* my tongue (for some reason) to stop myself from going into people's posts and replying
IT'S A FAKE STORY YOU MORON. IT'S CLICKBAIT AT BEST
So far I have been strong
Do you mean that FortiGate…brushed off any specific occurence of this?
@grimmware @GossiTheDog @BleepingComputer
You might think that Fortinet having had backdoors of their own (e.g. https://rhinosecuritylabs.com/enterprise-security/fortinet-backdoor-found-ssh-netscreen/), as well as critical RCE vulns, might affect the stock price too.
Possibly related: I've got a Fortigate 100D sitting here, unused in ages, if anyone wants to cover shipping etc.
Kevin Beaumont
Jernej Simončič �
jonathan
Guillaume Ross
Skand Hurkat
zh4ck
Suran
Alan Miller 
🇺🇦
Acalarch
Bart-Jan Vrielink
Site Reliability Enby🏳️⚧️🏁🔦📈🐺👗😷
Nik | Klampfradler 🎸🚲
CodeHead 
Philip Mallegol-Hansen
Gabriel Adrian Samfira
Marius Kießling
Mieszko Ślusarczyk
Fab 
Oriel Jutty 
THIS ACCOUNT HAS MOVED
Christian Kündig
Kilian Evang
ck 👨💻
Cali
Sam Varghese
wvu
tinydoctor
FinchHaven sfba
v̾i̾t̾r̾i̾o̾l̾i̾x̾
David Crooks 🏳️🌈
Clem H. Fandango
Nihl L'Amas
Edgar Whelp
Benjamin Parsons
Tanawts
derekheld
Kensan
Book
Gnorzaps
(((Jann Gobble)))🏳️🌈
LR
Steve
Bálint Szilakszi
grimmware
Tim Lavoie
loucovey