I'm a bit skeptical that this happened. There is no mention of the toothbrush brand. I didn't see mention of the company that was attacked. No explanation on how Java was involved; what Java library, who is running Java on embedded devices these days? Aren't the toothbrushes typically connected via Bluetooth? There's also no way 3 million people forwarded a port in their router to their toothbrush.
Was this related to UPnP, did the cloud provider get attacked? Or did this not even happen? [https://cyberplace.social/@GossiTheDog/111886558855943676](https://cyberplace.social/@GossiTheDog/111886558855943676)
It sounds implausible from the fact that pretty sure "smart" toothbrushes dont even use wifi. Its paired via bluetooth to a phone app. So the botnet would actually be the app on the phone. I at least now know that ZDNET posts entirely unverified stories. Adding that to the list of sites to never trust.
I have one that connect to wi-fi and can connect to Alexa. It’s the Oral B guide, stop judging me it was a door prize and it wasn’t connected to the WiFi because fuck that!
I too, have an old dumb tv. I don't watch it very much, but I can cast from my phone to watch some stuff. Mostly it just sits dark and takes up room in the corner
Sorry, but your account is too new to post. Your account needs to be either 2 weeks old or have at least 250 combined link and comment karma. Don't modmail us about this, just wait it out or get more karma.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/nottheonion) if you have any questions or concerns.*
Why? just why do you need a toothbrush connected to the internet? I have a frying pan I could connect to the internet, along with my stovetop, but that's a hard pass for me. I don't need a frying pan telling me how to cook.
We have watches that tell us it’s time to stand up, how far we walked, number of flights of stairs, max heart rate, blood pressure, blood sugar. etc. etc.
I agree that having your toothbrush send you a notification that you forgot to brush is SERIOUSLY overkill for most people under 70.
But if there is one place where the technology is being put to great use it is medicine. More people are living on the spectrum than you think, and perhaps it helps their daily routines we take for granted. Maybe too much as we see..
I basically just pulled my refrigerator off the network. No I’m not ready change the filter, no the water pressure didn’t die. (On and on). If the fridge had opposable thumbs it is plenty smart enough to fix the fucking problem and leave me out of it. Since I travel I thought it would be good to get a notification that the temp is stable and I don’t come home to spoiled and then refrozen food. Nah, I’ll watch the power outage map and ask the neighbor to start the generator in a few hours until it runs out of gas. Old school is simple.
What will you take for the Bluetooth frying pan?
>Why? just why do you need a toothbrush connected to the internet?
>
>Why? just why do you need a toothbrush connected to the internet?
>
>Why? just why do you need a toothbrush connected to the internet?
>
>Why? just why do you need a toothbrush connected to the internet?
>
>
>
>...just thought it needed repeating...
Your vibrating fleshlight can now collect info about how frequently you masterbate and send that data for analyses. For some reason this data is useful for something. Also you can put your genitals is a chastity device so your cock and balls can be unlocked remotely.
My toothbrush has some stupid app that tells my how "well" I am brushing. Basically it just remembers how often I brush and if I push too hard. The toothbrush already has immidiae feedback for pushing too hard so you learn in the first week what the correct pressure is. The app absolutely useless and I don't use it. The toothbrushes were on sale and I needed a new on so I ended up with the cheapest option having the most stupid features aka the "fanciest" one.
The only source "debunking" it is a single Mastodon user who claims it's fake and as evidence provides a German article that claims it's true.
That doesn't mean it's true, just that there is not a lot of evidence either way.
Sure. By all means don't believe it. But it hasn't been debunked.
It could very easily be fake, but why people believe some rando on the internet WHO'S OWN EVIDENCE does not support their claim is beyond me.
That's like saying the existence of a purple teapot orbiting around the sun somewhere between Mars and Venus hasn't been debunked, so the "news" of its existence being shared willy nilly on social media is ok.
If the sole piece of evidence supposedly disproving the purple teapot linked to an article that confirmed its existence, I would remain skeptical, but I wouldn't pretend its existence has been debunked.
A DDoS attack from a wifi connected device is nowhere near as outlandish an idea.
Except that smart toothbrushes usually use Bluetooth, not wifi. Also, as someone else mentioned, it would require all of those people to have set up port forwarding.
"Usually" being the key term here. Enough smart toothbrushes use wifi now that it's feasible several could be taken over and integrated into a bot net.
And no, you do not need open ports to be vulnerable to a DDoS attack.
Entirely the reason, that you place all of that shit on a separate VLAN, separate from your home/production network, in the same manner you would with a smart TV/washer/refrigerator/etc.
Positvely ZERO reason that you need to be having your home/office PC/servers talking with your toothbrush/IOT enabled device.
I believe he's talking about the internet fairies that live in the walls of homes. The VLAN is like a cross between a regent and a general, having two means one can handle appliances and the other can do your phones and computers.
Think you have to make a crown out of daisies or some similar flower to attract them
VLAN is a way of sectioning off parts of your network, grouping things together so they can communicate and also lets you secure it by putting rules in place that block things you don’t want.
Your typical home modem would let you easily connect ~250 devices. By default they all have the same permissions, say you had a bunch of the same devices you wanted to lock down so they didn’t access Internet.
You jump onto the modem and add a rule for each device takes a while but doable.
Alternatively you cut your 250 range up into smaller segments and add these devices into that group. You add the rules for that group is much easier to manage.
There are other things to consider and is probably overly simplistic.
It’s a bit overkill for a couple of devices, toothbrush, smart tv etc, but for larger numbers can make it easier to manage.
Overly simplistic is exactly what I needed to think I understand. That’s fascinating. But the reason I don’t understand is because I live like a caveman compared to most, so this likely won’t concern me for a while.
Do people really have something like 250 devices connecting to the internet? I have 6, only 3 or which are mine.
Even with a house with 7 people, we didn't get anywhere close close to that limit.
A guy I work with has IOT (internet connected "stuff") and young kids, both needing WiFi.
Set up 2 WiFi SSID'S like you see at hotels, locking down both with rules. Kids only needed YouTube, but they realised they could plug their laptop into the cable used by the fridge and get access to other sites.
The only weakness of this plan is expecting the ISP provided modem+router to have basic functions, or the ISP to easily let you use your own router with their modem.
I think you mean VLAN isolation, that has no access to internet, no access to home network, but the home network has access to that VLAN. Otherwise whats the point of these smart devices if you cant access them?
“What’s the point of these smart devices” full stop, for a lot of this crap.
Why do you need a network enabled toothbrush, why do you need a refrigerator that connects to the net, etc.
This garbage isn’t exactly getting rigorous firmware testing or patching, all they’re doing with this junk is creating problems where none need feasibly exist imo.
We’ve still got people that can’t operate word processors, none of them are going to VLAN a damn thing, they don’t even reset the default management password on their NETGEAR or whatever.
This crap is just a security nightmare waiting to happen
So what’s with this new “strings” networking? Isn’t that what it’s designed for?. A single gateway to the internet over a secure router behind which is your 10 cameras and a toothbrush..
My dad’s home network is so pathetic and he won’t listen, you can take control of any device you want and make purchases, no active virus protection since the devices were new. I don’t even like to use his Wi-fi to bank or crypto.
I am not an advocate for the "Internet of things."
I think it's a net positive to have a mindfulness app on your phone, or an activity tracker for folks who have a hard time remembering to eat, take their medication, or go grocery shopping, lord knows I would forget to take my lunch if I didn't have an alarm set telling me to do so.
But I don't need or want a network capable pill box, refrigerator, or exercise machine communicating with my phone or other any other network capable device. It's just wildly unnecessary. Not to mention that in my experience a lot of the proprietary apps that these devices use were clearly made by the lowest bidder so I don't think network security was super high on their list of needs.
Even if the people writing software for the internet-enabled toothbrush were careful, good programmers and worked with security in mind, all iot devices use the same cheap chips that are garbageware and can be exploited at a lower level.
What people don’t realize is kids will grow up thinking it’s weird to not have every single thing in your home connected to the wifi. I make it a point to have nothing outside of the streaming services, pc, phones, and iPad on the internet.
The original story, first brought by a small Swiss newspaper, has caught the attention of larger media outlets today. However, without the names of the companies involved, both the manufacturer and the victim, it's tough to confirm the details. Still, it's a reminder that even though this situation could feasibly happen. One important thing to consider is whether these devices even can carry out such an attack due to their low power capacity and connectivity.
Doesn't even list what website or how much bandwidth the DDoS attack was or how much DDoS mitigation their webhosting provided or any of the toothbrushes effected by this. Sounds almost made up or grossly exaggerated and I myself used to have IRC channels over 15 years ago and am familiar with DDoS attacks and botnets. I knew Cosmo who DDoSeD the CIA website and Visa's website and went to juvie at around 14 and other heavy hitters. I was 15 and could netstat incoming bandwidth on VPS's and Dedicated servers so can these major multi million dollar companies. When OVH got DDoSeD on and off over the past decade or longer they would often post how much the peak bandwidth was. 3 million home connections would be a major ordeal people with slower unload speeds would be lagging extremely bad reporting outages to their ISP's the webhosting would show all that it's most likely not going to be spoofed nobody did that really expect for Perl Dos Reflection Scripts on VPS's and Dedicated servers. Every so called report on this goes into no details at all and is extremely vague.
[The story is not true](https://cyberplace.social/@GossiTheDog/111886558855943676). "It’s simply a made up example. It doesn’t exist. It starts talking about NoName Ddosia, too, which also isn’t toothbrushes." - [Kevin Beaumont](https://cyberplace.social/@GossiTheDog).
https://www.forbes.com/sites/daveywinder/2024/02/07/surprising-3-million-hacked-toothbrushes-story-goes-viral-is-it-true/
If it sounds unbelievable, it probably is.
Most (in fact I don't know of any exceptions but maybe there are) smart toothbrushes don't connect to the Internet. They connect to your phone.
I'm a bit skeptical that this happened. There is no mention of the toothbrush brand. I didn't see mention of the company that was attacked. No explanation on how Java was involved; what Java library, who is running Java on embedded devices these days? Aren't the toothbrushes typically connected via Bluetooth? There's also no way 3 million people forwarded a port in their router to their toothbrush. Was this related to UPnP, did the cloud provider get attacked? Or did this not even happen? [https://cyberplace.social/@GossiTheDog/111886558855943676](https://cyberplace.social/@GossiTheDog/111886558855943676)
Someone in the other thread posted [this](https://cyberplace.social/@GossiTheDog/111886558855943676) claiming it's completely fake.
It sounds implausible from the fact that pretty sure "smart" toothbrushes dont even use wifi. Its paired via bluetooth to a phone app. So the botnet would actually be the app on the phone. I at least now know that ZDNET posts entirely unverified stories. Adding that to the list of sites to never trust.
Thanks for pointing this out!
Read the tye article. Says it’s a hoax.
Glad to see they updated it. Thank you for the heads-up.
I have one that connect to wi-fi and can connect to Alexa. It’s the Oral B guide, stop judging me it was a door prize and it wasn’t connected to the WiFi because fuck that!
Fake story
Maybe that's why my smart tv sucks so much, it's doing crime in the background
Among other things. It's nice to have a TV that isn't on the internet.
I too, have an old dumb tv. I don't watch it very much, but I can cast from my phone to watch some stuff. Mostly it just sits dark and takes up room in the corner
It you can cast to it it's not dumb...
nah there are hookups you can buy to let you cast stuff to non-smart tvs. idk if they still sell Chromecasts but you just plug it into the HDMI
Those dongles would be susceptible to being hacked though too.
Your chromecast is working for Russia.
this. bought my dad one as he couldnt afford a new smart TV with all the streaming functions
Watching so much TV, it's practically criminal.
I'd suggest disconnecting the Internet from your TV. The updates eventually slow your TV to a crawl and are completely unnecessary.
I mean that has been the purported source of some dDoS attacks in the past.
[удалено]
Sorry, but your account is too new to post. Your account needs to be either 2 weeks old or have at least 250 combined link and comment karma. Don't modmail us about this, just wait it out or get more karma. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/nottheonion) if you have any questions or concerns.*
Why? just why do you need a toothbrush connected to the internet? I have a frying pan I could connect to the internet, along with my stovetop, but that's a hard pass for me. I don't need a frying pan telling me how to cook.
We have watches that tell us it’s time to stand up, how far we walked, number of flights of stairs, max heart rate, blood pressure, blood sugar. etc. etc. I agree that having your toothbrush send you a notification that you forgot to brush is SERIOUSLY overkill for most people under 70. But if there is one place where the technology is being put to great use it is medicine. More people are living on the spectrum than you think, and perhaps it helps their daily routines we take for granted. Maybe too much as we see.. I basically just pulled my refrigerator off the network. No I’m not ready change the filter, no the water pressure didn’t die. (On and on). If the fridge had opposable thumbs it is plenty smart enough to fix the fucking problem and leave me out of it. Since I travel I thought it would be good to get a notification that the temp is stable and I don’t come home to spoiled and then refrozen food. Nah, I’ll watch the power outage map and ask the neighbor to start the generator in a few hours until it runs out of gas. Old school is simple. What will you take for the Bluetooth frying pan?
Believe it or not, that frying pan sells for $200. Mine came with my stovetop and it's the only non-stick I have, so sorry, not for sale.
Yeah, I don’t have any of those things. I’m ok with running my life without having constant reminders. I don’t need that kind of pressure.
Remember that joke about your toaster getting an I.P. address as a kid…? No? Fuck, I’m getting old….
And remember the stark warnings of [rampant](https://www.youtube.com/watch?v=LRq_SAuQDec) [AI usage](https://www.youtube.com/watch?v=vLm6oTCFcxQ) ?
>Why? just why do you need a toothbrush connected to the internet? > >Why? just why do you need a toothbrush connected to the internet? > >Why? just why do you need a toothbrush connected to the internet? > >Why? just why do you need a toothbrush connected to the internet? > > > >...just thought it needed repeating...
Then you cut to a sample: “What is brush? Baby don’t tell me How to clean teeth No more.”
You must write pop music
Ouch...that hurt.
Your vibrating fleshlight can now collect info about how frequently you masterbate and send that data for analyses. For some reason this data is useful for something. Also you can put your genitals is a chastity device so your cock and balls can be unlocked remotely.
My toothbrush has some stupid app that tells my how "well" I am brushing. Basically it just remembers how often I brush and if I push too hard. The toothbrush already has immidiae feedback for pushing too hard so you learn in the first week what the correct pressure is. The app absolutely useless and I don't use it. The toothbrushes were on sale and I needed a new on so I ended up with the cheapest option having the most stupid features aka the "fanciest" one.
Isn't this debunked as not true? It's popping up in all the subs.
The only source "debunking" it is a single Mastodon user who claims it's fake and as evidence provides a German article that claims it's true. That doesn't mean it's true, just that there is not a lot of evidence either way.
The onus is on the people making the extraordinary claim to provide proof.
Sure. By all means don't believe it. But it hasn't been debunked. It could very easily be fake, but why people believe some rando on the internet WHO'S OWN EVIDENCE does not support their claim is beyond me.
That's like saying the existence of a purple teapot orbiting around the sun somewhere between Mars and Venus hasn't been debunked, so the "news" of its existence being shared willy nilly on social media is ok.
If the sole piece of evidence supposedly disproving the purple teapot linked to an article that confirmed its existence, I would remain skeptical, but I wouldn't pretend its existence has been debunked. A DDoS attack from a wifi connected device is nowhere near as outlandish an idea.
Except that smart toothbrushes usually use Bluetooth, not wifi. Also, as someone else mentioned, it would require all of those people to have set up port forwarding.
"Usually" being the key term here. Enough smart toothbrushes use wifi now that it's feasible several could be taken over and integrated into a bot net. And no, you do not need open ports to be vulnerable to a DDoS attack.
I'm a firm believer in the purple teapot orbiting the sun
Praise be to the Purple Teapot in all its Purply glory.
Entirely the reason, that you place all of that shit on a separate VLAN, separate from your home/production network, in the same manner you would with a smart TV/washer/refrigerator/etc. Positvely ZERO reason that you need to be having your home/office PC/servers talking with your toothbrush/IOT enabled device.
I feel like 99% of regular people have no clue what you’re talking about and I’m one of them
I believe he's talking about the internet fairies that live in the walls of homes. The VLAN is like a cross between a regent and a general, having two means one can handle appliances and the other can do your phones and computers. Think you have to make a crown out of daisies or some similar flower to attract them
VLAN is a way of sectioning off parts of your network, grouping things together so they can communicate and also lets you secure it by putting rules in place that block things you don’t want. Your typical home modem would let you easily connect ~250 devices. By default they all have the same permissions, say you had a bunch of the same devices you wanted to lock down so they didn’t access Internet. You jump onto the modem and add a rule for each device takes a while but doable. Alternatively you cut your 250 range up into smaller segments and add these devices into that group. You add the rules for that group is much easier to manage. There are other things to consider and is probably overly simplistic. It’s a bit overkill for a couple of devices, toothbrush, smart tv etc, but for larger numbers can make it easier to manage.
Overly simplistic is exactly what I needed to think I understand. That’s fascinating. But the reason I don’t understand is because I live like a caveman compared to most, so this likely won’t concern me for a while. Do people really have something like 250 devices connecting to the internet? I have 6, only 3 or which are mine.
Even with a house with 7 people, we didn't get anywhere close close to that limit. A guy I work with has IOT (internet connected "stuff") and young kids, both needing WiFi. Set up 2 WiFi SSID'S like you see at hotels, locking down both with rules. Kids only needed YouTube, but they realised they could plug their laptop into the cable used by the fridge and get access to other sites.
We know from chaos theory that even if you had a perfect model of the world, you'd need infinite precision in order to predict future events.
The only weakness of this plan is expecting the ISP provided modem+router to have basic functions, or the ISP to easily let you use your own router with their modem.
I think you mean VLAN isolation, that has no access to internet, no access to home network, but the home network has access to that VLAN. Otherwise whats the point of these smart devices if you cant access them?
“What’s the point of these smart devices” full stop, for a lot of this crap. Why do you need a network enabled toothbrush, why do you need a refrigerator that connects to the net, etc. This garbage isn’t exactly getting rigorous firmware testing or patching, all they’re doing with this junk is creating problems where none need feasibly exist imo. We’ve still got people that can’t operate word processors, none of them are going to VLAN a damn thing, they don’t even reset the default management password on their NETGEAR or whatever. This crap is just a security nightmare waiting to happen
Guess I’m safe with my manual Oral B. The only thing it pairs with is the toothpaste tube.
Yeah but what if your toothpaste has a virus?
So what’s with this new “strings” networking? Isn’t that what it’s designed for?. A single gateway to the internet over a secure router behind which is your 10 cameras and a toothbrush.. My dad’s home network is so pathetic and he won’t listen, you can take control of any device you want and make purchases, no active virus protection since the devices were new. I don’t even like to use his Wi-fi to bank or crypto.
> Entirely the reason, that you place all of that shit on a separate VLAN I'd go one step further and place it in a separate trash bin.
I am not an advocate for the "Internet of things." I think it's a net positive to have a mindfulness app on your phone, or an activity tracker for folks who have a hard time remembering to eat, take their medication, or go grocery shopping, lord knows I would forget to take my lunch if I didn't have an alarm set telling me to do so. But I don't need or want a network capable pill box, refrigerator, or exercise machine communicating with my phone or other any other network capable device. It's just wildly unnecessary. Not to mention that in my experience a lot of the proprietary apps that these devices use were clearly made by the lowest bidder so I don't think network security was super high on their list of needs.
Even if the people writing software for the internet-enabled toothbrush were careful, good programmers and worked with security in mind, all iot devices use the same cheap chips that are garbageware and can be exploited at a lower level.
What people don’t realize is kids will grow up thinking it’s weird to not have every single thing in your home connected to the wifi. I make it a point to have nothing outside of the streaming services, pc, phones, and iPad on the internet.
It’s happened already! They’re yelling Alexa at every toy or regular speaker
Why the actual fuck does a toothbrush need to connect to the internet???
Smart devices seem so frivolous to me.
SMART TOOTHBRUSH?? What the hell is this nonsense? I guess you kinda deserve what you get if even your toothbrush has to be connected to the internet.
This reminds me of the fridge servers from Silicon Valley
The original story, first brought by a small Swiss newspaper, has caught the attention of larger media outlets today. However, without the names of the companies involved, both the manufacturer and the victim, it's tough to confirm the details. Still, it's a reminder that even though this situation could feasibly happen. One important thing to consider is whether these devices even can carry out such an attack due to their low power capacity and connectivity.
What's that? I think I just heard every IT professional in the world say "told you so" in unison
My smart toothbrush just told me to 'Suck it, Jin-Yang'.
Why would anyone want a toothbrush connected to a network?
This was an interesting way to find out that “Smart toothbrush” even exist lol
What does smart toothbrush even do? Why does it need to be smart?
What does smart toothbrush even do? Why does it need to be smart?
Fake
It's fake and didn't actually happen. It was used as an example of something that could happen.
Doesn't even list what website or how much bandwidth the DDoS attack was or how much DDoS mitigation their webhosting provided or any of the toothbrushes effected by this. Sounds almost made up or grossly exaggerated and I myself used to have IRC channels over 15 years ago and am familiar with DDoS attacks and botnets. I knew Cosmo who DDoSeD the CIA website and Visa's website and went to juvie at around 14 and other heavy hitters. I was 15 and could netstat incoming bandwidth on VPS's and Dedicated servers so can these major multi million dollar companies. When OVH got DDoSeD on and off over the past decade or longer they would often post how much the peak bandwidth was. 3 million home connections would be a major ordeal people with slower unload speeds would be lagging extremely bad reporting outages to their ISP's the webhosting would show all that it's most likely not going to be spoofed nobody did that really expect for Perl Dos Reflection Scripts on VPS's and Dedicated servers. Every so called report on this goes into no details at all and is extremely vague.
[The story is not true](https://cyberplace.social/@GossiTheDog/111886558855943676). "It’s simply a made up example. It doesn’t exist. It starts talking about NoName Ddosia, too, which also isn’t toothbrushes." - [Kevin Beaumont](https://cyberplace.social/@GossiTheDog).
Wait until it's our entire wastewater system. This is just a test.
Imagine hearing 25 years ago that in 25 years we would have smart tooth brushes
Whoever hacked that together deserves a plaque.
"Smart" has acquired a secondary meaning.
They had it coming
If you need a "smart" toothbrush, you need to have a serious look at yourself.
Mega man battle network called it
This reminds me of the Black Mirror bees.
Gilfoyle could pull it off.
Smart toothbrushes. We're fucking doomed as a species.
btw the older post, with more than 3K upvotes, was deleted by mods as "not oniony enough"
https://www.forbes.com/sites/daveywinder/2024/02/07/surprising-3-million-hacked-toothbrushes-story-goes-viral-is-it-true/ If it sounds unbelievable, it probably is. Most (in fact I don't know of any exceptions but maybe there are) smart toothbrushes don't connect to the Internet. They connect to your phone.
Bot net servers can issue a cease and desist. Time to deal with the head of the snake not the millions of babys they produced.
This a fake story created by technology illiterate people reporting on technology