A massive Zombie smart-toothbrush botnet is attacking? WTF?
I was amused this morning to read about the latest threat to the internet: Three million toothbrushes! No joke. The venerable tech-news website Tom’s Hardware reports:
… around three million smart toothbrushes have been infected by hackers and enslaved into botnets. The source report says this sizable army of connected dental cleansing tools was used in a DDoS attack on a Swiss company’s website. The firm’s site collapsed under the strain of the attack, reportedly resulting in the loss of millions of Euros of business.
Sadly, this cool story may be viral BS. Security Boulevard explains why:
A botnet of 3 million toothbrushes would be twice the size of Mirai’s various botnets put together, and a major infosec event. [Stefan Zuger] has only worked there about a year.
Of course, puns abound:
Despite the apparent use of FLOSS [free/libre open-source software], this can’t simply be brushed off and the perpetrators won’t receive a plaque for their achievement.
Darn. But it still is a great example: it only went viral because so many of these hacks really happen.
Why my amusement over this bogus story? Glad you asked! My new novel, Affairs of State: A Political Thriller, features Owen Richter, a computer hacker extraordinaire, who knows how to exploit vulnerabilities in just about any internet-connected device. He hacks into corporations, gets dirt on the company and executives, and then releases the salacious news while short-selling the company’s stock. He’s semi-ethical: he only breaks the law to take down evil corporations.
In his musings, Owen describes the myriad devices that are his potential targets:
I spent the next few days thinking about how to break into one of the most important computers in the world.
Caen’s computer would be much harder to crack than my usual victims. Most corporate computer networks are sprawling complexes of Windows PCs, Macintoshes, iPhones, Android phones, routers, gateways, firewalls, and all sorts of other “smart” devices like printers, scanners, FAX machines, and even light bulbs. These devices were manufactured by dozens or hundreds of companies spread around the world, many of which have minimal knowledge of security. A printer company has mechanical engineers, electrical engineers, and probably chemists designing the best and latest hardware and ink, and a few computer programmers writing the driver software. But network security isn’t a priority for a printer company, and there are well-known instance of these companies buying defective third-party “software libraries” to handle their networking. And the “smart lightbulb” company? Smart thermostats? Smart TVs? So many possibilities for a hacker!
Among all those devices, and all the configurations of those devices, it only takes one hackable software bug and I’m in. And once I have a foothold inside a network, I’m ninety percent of the way to “owning” it, as hackers say. The sad fact is that most network IT professionals do their best, yet it’s virtually impossible to completely secure a network.
from Affairs of State: A Political Thriller by C.A. James
Lots of my readers (my pre-release ARC team) made comments like, “Come on, hacking smart light bulbs? Printers? Is that for real?”
Why yes! I’d reply. It is for real. And today, just seven days before the book’s launch, the perfect viral fake-news story popped up on Slashdot.com, and it wouldn’t have gone viral but for all the real smart-device hacks that preceded it. It couldn’t have been better timed. Fun stuff!
Hack on!
Recent Comments