I changed the URL from <a href="https://cyberplace.social/@GossiTheDog/111886558855943676" rel="nofollow">https://cyberplace.social/@GossiTheDog/111886558855943676</a> to <a href="https://cyberplace.social/@GossiTheDog/111892646485958733" rel="nofollow">https://cyberplace.social/@GossiTheDog/111892646485958733</a>, as suggested here: <a href="https://news.ycombinator.com/item?id=39297612">https://news.ycombinator.com/item?id=39297612</a>. Readers should probably look at both.<p>I have no idea why <a href="https://cyberplace.social/@GossiTheDog/111886558855943676" rel="nofollow">https://cyberplace.social/@GossiTheDog/111886558855943676</a> doesn't lead to that later post in the thread. Is there a way to guarantee that readers get the entire thread in these things? If people can only see the start, that's not much better than what Twitter does.
Seems like Fortinet lied about the whole translation error thing:<p><a href="https://www.aargauerzeitung.ch/wirtschaft/cyberangriff-die-gehackten-zahnbuersten-gehen-medial-um-die-welt-und-loesen-fragen-aus-wie-es-dazu-kam-ld.2577182" rel="nofollow">https://www.aargauerzeitung.ch/wirtschaft/cyberangriff-die-g...</a><p>>Was nun von der Fortinet-Zentrale in Kalifornien als «Übersetzungsproblem» bezeichnet wird, hat sich bei den Recherchen noch ganz anders angehört: Schweizer Fortinet-Vertreter haben bei einem Gesprächstermin, bei dem es um aktuelle Bedrohungslagen ging, den Zahnbürsten-Fall als reale DDoS-Attacke geschildert.<p>Translation:<p>>What the Fortinet headquarters in California is now describing as a "translation problem" sounded very different during the research: Swiss Fortinet representatives described the toothbrush case as a real DDoS attack during a meeting to discuss current threat situations.<p>And<p>>Der Text wurde Fortinet vor der Publikation zur Verifizierung vorgelegt. Der Satz, wonach es sich um einen realen Fall handle, der sich wirklich so zugetragen hat, wurde nicht beanstandet.<p>>The text was submitted to Fortinet for verification before publication. The sentence stating that this was a real case that actually happened was not objected to.<p>Truth seems not to be part of their business model<p><a href="https://gpl-violations.org/news/20050414-fortinet/" rel="nofollow">https://gpl-violations.org/news/20050414-fortinet/</a>
The linked archived article says quite specifically that while the example sounds like a hollywood story it really did happen.<p>I don’t doubt that the article is wrong or they misunderstood their source though, since it’s just a random local news article about the dangers of ‘cybercrime’ which was apparently used as a source by these larger publications.
This fake story is propagated in anticipation of significant changes
coming into effect in Europe this year wrt the E.U. "Cybersecurity
Act" and "Cyber Resilience Act" which specifically targets IoT device
security. In the US you will have "Cybersecurity Improvement Act" with
serious consequences for non-compliant devices under EO 14028. Expect
more "March of the Killer Toothbrushes" stories soon.
The article says:<p>> Das Beispiel, das wie ein Hollywood-Szenario daherkommt, hat sich wirklich so zugetragen.<p>Google translate:<p>> This example, which seems like a Hollywood scenario, actually happened.<p>So this article states that this actually happened.<p>So OP's claim that this article states it's just an example which didn't happen, is incorrect.<p>I'm not saying it <i>did</i> happen, just that the article does not state what OP says.
Proof? This is just some random person claiming it's not true but they link to an article which explicitly states that it is in fact true. Am I missing something?
I was wondering because the toothbrushes I know use BT(LE) and aren't connected to the Internet.
However, some light bulbs do have WIFI and sure one day could be exploited. And there are definitely more light bulbs than toothbrushes around here.
Here's the link to the actual article instead of someone's social media post that contains a screenshot that contains an unclickable link to the article:<p><a href="https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages" rel="nofollow">https://www.tomshardware.com/networking/three-million-malwar...</a><p>Disclaimer:
Maybe the image is clickable or there's a clickable link in the social media post for most people, but because Mastodon doesn't show posts without javascript enabled I can only ever see whatever shows up in the RSS feed.
While part of me wishes the story were true, as it’s just hilarious thinking about _a toothbrush_ carrying out someone else’s ill will. I am glad it’s not.
Reminds me a little of Stuxnet, which certainly happened: <a href="https://www.quora.com/What-is-the-most-sophisticated-piece-of-software-ever-written-1/answer/John-Byrd-2" rel="nofollow">https://www.quora.com/What-is-the-most-sophisticated-piece-o...</a><p>Things like this combined with AI are the scariest version of the future, I think. If we ask a very capable AI to solve climate change, what if it decides to solve it by creating something like Stuxnet for human infrastructure?
Related: <a href="https://filestore.fortinet.com/fortiguard/research/toothbrush.pdf" rel="nofollow">https://filestore.fortinet.com/fortiguard/research/toothbrus...</a><p>A research presentation by fortinet covering a BLE-enabled toothbrush that communicates with the cloud over a mobile app.<p>Also mentioned by a comment on the original post.
3M (the Minnesota Mining and Manufacturing Company) makes many products but teethbrushes are not among them. However they are well equipped to satisfy all your PFOA and PFAS needs forever.
Fortinet confirmed it wasn't a real attack<p><a href="https://news.ycombinator.com/item?id=39300373">https://news.ycombinator.com/item?id=39300373</a>
I'm more surprised people took that seriously.<p>I really don't think even 1 million toothbrushes exist that have any IP connectivity at all, let alone three million all being pwned. I would assume that if anyone had sold that many Wi-fi models, one of the big manufacturers would have some, and as far as I'm aware, none do, they all use Bluetooth. Not sure I buy that a bluetooth toothbrush can DDOS a website.
Ugh, god. This link led me to read the mastodon front page for a while (popular posts across the mastodon fediverse).<p>Total ideological lockstep combined with intense self-righteousness, and not a single contrarian opinion in sight.
Too bad because it was quite a funny story.<p>I mean in retrospect, I can imagine it would be almost impossible to find all those toothbrushes and hack them remotely, unless they were all connected to a central server that would have been hijacked, so yeah.