News Three million malware-infected smart toothbrushes used in Swiss DDoS attacks — botnet causes millions of euros in damages

[USAFRet]

To be fair it doesn't really show Tom's isn't doing their due diligence, but rather the whole tech journalism industry. Too much focus on clicks and money and not enough on the truth causes knee jerk post first reactions. Would love to see a bit of a slow down and a shift to accuracy over clicks but as long as for profit journalism rules we are not gonna get that.

edit: oh and uhm WWWWWAAAAHHHHHHHHHooooooooOOOOOOO! Ninja's don't make noise so I went with Bruce

The other part of this is that we know, and have actual examples, of the security of IoT devices being really really bad.
So this was sort of believable.

 

[CelicaGT]

The other part of this is that we know, and have actual examples, of the security of IoT devices being really really bad.
So this was sort of believable.

True enough. That old saying: There's two kinds of corporations, those that have been hacked and those that don't know it yet. I feel it could also apply to IoT devices as well.

 

[JTWrenn]

The other part of this is that we know, and have actual examples, of the security of IoT devices being really really bad.
So this was sort of believable.

Yeah but writing articles based on other articles at some point gets you into trouble because the source is wrong. In this case it seems like the majority of tech blogs didn't go the whole way down the line to read the source to verify if there even was a report, or they would have seen that it was not a real report. That seems shoddy to me. I get that it happens, and I get why, but none of those are good things.

 

[USAFRet]

Yeah but writing articles based on other articles at some point gets you into trouble because the source is wrong. In this case it seems like the majority of tech blogs didn't go the whole way down the line to read the source to verify if there even was a report, or they would have seen that it was not a real report. That seems shoddy to me. I get that it happens, and I get why, but none of those are good things.

Absolutely. Crap reporting.
But potentially believable.


However, the majority of articles today are simply based on others. Not just in the tech world, but everywhere.

 

[Sch0field9]

Aargauer Zeitung released an update. It states that the contact person from the local Fortinet branch stated it as true. The Journalist even gave Fortinet the article to prove read, before publication and it was not corrected by Fortinet.

https://www.aargauerzeitung.ch/wirt...-loesen-fragen-aus-wie-es-dazu-kam-ld.2577182

 

[Colif]

It states that the contact person from the local Fortinet branch stated it as true. The Journalist even gave Fortinet the article to prove read, before publication and it was not corrected by Fortinet.

Sounds like Fortinet need to clear up if its true or not.

Tom's article does have a correction on top calling story into doubt but it seems its a moving target still.

 

[Paul Dodd]

Seems unlikely for several reasons.
1. Toothbrushes will mainly off, thus not really efficient for a DDOS attack, unlike say routers, office printers, smart home controllers or phones.
2. Toothbrushes will not have wifi, thus needing to connect to an app. If you can hack the app, why not use the mobile phone for the attack, as the processor is more powerful, you should be able to run in background.

In summery, an unlikely scenario.

 

[PaulAlcorn]

Hi all, I myself found that Ars Technica story interesting, as they left out of their article that the German publication issued a statement saying Foritnet is not telling the truth about a mistranslation. In fact, Ars Technica left that context out of their article even though they linked to the story.


Seems to be a pretty glaring oversight, no? Such a pivotal piece of information to this story, which they literally link to, isn't mentioned in the text of the Ars story.

I'll paste the content from the German pub that Ars linked to below, and you can decide for yourself if you think they should've mentioned that in their article where they linked to it.

I emailed Ars today, and they admitted the oversight and have now added that the German media outlet says Fortinet isn't being honest.

Here is the text from the source publication claiming that Fortinet has not acted in good faith:

The example was presented as real​

What the Fortinet headquarters in California is now calling a “translation problem” sounded completely different during the research: Swiss Fortinet representatives described the toothbrush case as a real DDoS at a meeting that discussed current threats -Attack described.

Fortinet provided specific details: information about how long the attack took down a Swiss company's website; an order of magnitude of how great the damage was. Fortinet did not want to reveal which company it was out of consideration for its customers.

The text was submitted to Fortinet for verification before publication. The statement that this was a real case that really happened was not objected to. [emphasis added]

Fortinet's global management has now backtracked on its statement, which was sent to various international media outlets. The company also failed to send this to CH Media. We have not yet received any further statements from Fortinet."

 

[kaalus]

What kind of IQ deficiency must one have to buy an internet-connected toothbrush? I think you need to be under 75 for Amazon Alexa, but the toothbrush will be way below that.

 

[purpleduggy]

this seems as if the toothbrush company in question threatened what would be a fun internet security project with a lawsuit if they don't retract it, as everyone with smart toothbrushes are now wary of them.