Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 08-Feb-2024 02:25:36 JST Kevin Beaumont

   • BleepingComputer

   Kudos to @BleepingComputer for doing actual journalism.

   Fortinet also declined to comment to me.

   It's a completely made up story, which is now being circulated as Russian propaganda.
   https://www.bleepingcomputer.com/news/security/the-unlikely-3-million-electric-toothbrush-ddos-attack/

   • tinydoctor, Eugen Rochko and Annika Backstrom repeated this.
   • Embed this notice
     PhreakByte (nieldk@infosec.exchange)'s status on Thursday, 08-Feb-2024 03:18:17 JST PhreakByte

     in reply to

     • Jer

     @Jer @GossiTheDog yeah, well, there is this (re WiFi) https://www.amazon.com/Oral-B-Replenishment-Electric-Toothbrush-Brushing/dp/B0831JZBL4

   • Embed this notice
     Jer (jer@chirp.enworld.org)'s status on Thursday, 08-Feb-2024 03:18:18 JST Jer

     in reply to

     @GossiTheDog

     "completely made up" makes me wonder if this is some AI journalism that escaped into the wild without fact checking. But Stefan Züger does seem to be a real person so maybe not?

     (Thanks for being on top of this - honestly when I saw the story I wondered what toothbrush company was putting wifi into their toothbrushes instead of bluetooth. And why would they do that? Should have realized it was nonsense.)

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 08-Feb-2024 07:52:39 JST Kevin Beaumont

     in reply to

     Fortigate have issued me a statement. The toothbrush story is completely made up.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 08-Feb-2024 07:54:57 JST Kevin Beaumont

     in reply to

     I’d like to thank all the Mastodon reply guys in the thread who decided the story was real, btw, based on vibes.

   • Embed this notice
     tinydoctor (tinydoctor@mstdn.social)'s status on Thursday, 08-Feb-2024 07:56:55 JST tinydoctor

     in reply to

     @GossiTheDog You’re welcome.

   • Embed this notice
     Kensan (kensan@mastodon.social)'s status on Thursday, 08-Feb-2024 09:04:33 JST Kensan

     in reply to

     @GossiTheDog “due to translations”? The original reporting in German makes that claim already. ¯\_(ツ)_/¯ https://mastodon.social/@Kensan/111888828676462440

   • Embed this notice
     Kensan (kensan@mastodon.social)'s status on Thursday, 08-Feb-2024 09:09:17 JST Kensan

     @GossiTheDog The article(s) have been maming the rounds through Swiss media the past week where everyone copied everbody else. It looked like it was good engagement until its reach got too wide. ¯\_(ツ)_/¯

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 08-Feb-2024 09:32:06 JST Kevin Beaumont

     in reply to

     Probably the best reply on one of the stories so far.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 08-Feb-2024 09:57:22 JST Kevin Beaumont

     in reply to

     It’s now made it to YouTubers 🤣 who are doing better journalism and threat intel than.. journalists and threat intel. https://youtu.be/sVpe0ZEZ1Ho

   • Embed this notice
     Edgar Whelp (edgarwhelp@cyberplace.social)'s status on Thursday, 08-Feb-2024 15:56:06 JST Edgar Whelp

     in reply to

     @GossiTheDog can you comment on the “$25M transferred because of deepfake” story from earlier this week? Because that just screams out as being bullshit.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 08-Feb-2024 20:32:38 JST Kevin Beaumont

     in reply to

     The newspaper that had the first article have updated the story and doubled down:

     “The article originally said that the case "really happened like that."
     This information came from the company Fortinet, which had described the case as real in the interview and proofread the article before publication. Fortinet is now correcting this statement and calling it a "hypothetical scenario". https://www.luzernerzeitung.ch/wirtschaft/kriminalitaet-die-zahnbuersten-greifen-an-das-sind-die-aktuellen-cybergefahren-und-so-koennen-sie-sich-schuetzen-ld.2569480

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 08-Feb-2024 20:55:01 JST Kevin Beaumont

     in reply to

     It gets worse - the original publication has published more details about what happened, unpaywalled. https://www.luzernerzeitung.ch/wirtschaft/cyberangriff-die-gehackten-zahnbuersten-gehen-medial-um-die-welt-und-loesen-fragen-aus-wie-es-dazu-kam-ld.2577182

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 26-Feb-2024 04:17:32 JST Kevin Beaumont

     in reply to

     During the whole toothbrush botnet thing, people said ‘yes, the story is fake but it COULD happen’.

     Almost every smart toothbrush uses Bluetooth so no, it could not.

     Somebody pointed me towards one on Amazon which says it uses wi-fi, so I ordered it and investigated.

     The toothbrush only has Bluetooth. The charger uses wi-fi - but has no open TCP or UDP ports. Traffic is outbound only, TLS 1.3.

     So no, it was just total nonsense.

   • Embed this notice
     Ivo Damjanović (damjanovic@chaos.social)'s status on Monday, 26-Feb-2024 04:32:07 JST Ivo Damjanović

     in reply to

     @GossiTheDog Wait a minute…
     The charger uses Wi-Fi?
     Why? Do you need a subscription to be able to charge the damn thing?

   • Embed this notice
     Joe Uchill (joeuchill@mastodon.social)'s status on Monday, 26-Feb-2024 05:03:22 JST Joe Uchill

     in reply to

     @GossiTheDog this whole thing started with a reporter misunderstanding that toothbrushes was an ad absurdum example of anything internet connected. It’s sort of like being forced to test if, by giving Grandma wheels, she would become a cart.

     Even if there were WiFi toothbrushes, would there be so many of them using connectivity to create a massive botnet? Probably not.