The risks of internet-facing IoT devices have been highlighted after millions of smart toothbrushes were reportedly used in a distributed denial-of-service (DDoS) attack against a Switzerland-based company. The attack resulted in the company's website being taken down for several hours and caused losses of millions of Euros. The toothbrushes were converted into a botnet and used to carry out the attack. The specific details of the attack, including the smart toothbrush company involved, the connectivity method, and the malware used, remain unknown [be5962b8].
This incident raises questions about the security readiness of IoT devices. The toothbrushes were reportedly based on Java and connected to the internet, potentially serving as an entry point for malware. The attack highlights the disruptive, privacy, and systemic risks associated with IoT devices. With the number of connected IoT devices expected to reach 34.4 billion by 2032, it is crucial for organizations to implement appropriate cybersecurity measures. Regulatory measures, such as the European Cyber Resilience Act and the United States' National Cybersecurity Strategy, aim to address the privacy and security vulnerabilities in IoT devices [be5962b8].