 Internet of Things devices, or as I like to call them, the dumbest smart devices on the planet are some of the worst pains in the infosec industry, next to user error in null values. In fact, IoT uninformed users and the incorrect usage of null references are the hacker's dream trifecta because IoT, these little smart gizmos and gadgets that people like so much, especially people that don't have a lot of infosec knowledge to begin with, those devices are often times running software that is so buggy and insecure that a kid taking his first Java class in high school probably could have done a better job at writing it. So combine that with the fact that these devices are often hard to update and they often require a constant connection to your network and of course the average person that's buying these devices, they don't know how to secure their network, they don't know how to create any firewall rules to restrict what kind of communications these devices can make, and you've got a $20 smart piece of junk that doubles as a backdoor into your home network for any script kitty that's running Kali Linux to exploit. Rooting your IoT device will likely be a piece of cake, there's probably literally guides on the internet for how to do it and he'll be able to add that device and possibly even your whole network to his botnet that he rents out to other hackers for all kinds of nefarious activities. Now luckily for those of us that are living in the real world right now, this news report about three million smart toothbrushes being used in a massive DDoS attack that disrupted the operations of some Swiss company is not true or at the very least there was some kind of information that got lost in the translation from the original article and you know there's a lot of core details from the original articles that were missing like what company was attacked by the DDoS, what kind of smart toothbrushes were used in the attack, what hacker was claiming responsibility and so on. And I'm also a little bit skeptical about this from the very beginning because that many smart toothbrushes being used in a DDoS attack just sounds like too many right like three million devices for one would actually make this one of the bigger botnets to date. So yeah when I first heard about the supposed toothbrush botnet I was really skeptical about it but it also got me thinking about smart toothbrushes today right. How could they be used for some kind of nefarious activity because my first encounter with smart toothbrushes was while I was working at Best Buy. So my store had a couple of the I think it was a Philips Sonicare toothbrush that had Bluetooth functionality right like a pair to an app on your phone that was supposed to show if you're brushing too hard or too soft or for not long enough or whatever and log how often you brush your teeth and all this data is supposed to help you have better oral health or maybe you show it to your dentist and they interpret it for you if you can't read or understand the results. Now back in my Best Buy days a Bluetooth enabled toothbrush sounded really dumb right and to be honest it still sounds dumb to me but it sounded really dumb to a lot of our customers right. Now I'm not saying our store never ever sold one okay like obviously somebody's buying this stuff if Best Buy is putting it on their shelves but I had a few customers ask me about that toothbrush over the years that I worked there and the general consensus from just my small sample of Best Buy customers was I would never pay $300 for a smart toothbrush but then I started searching online today for smart toothbrushes right this is this is probably I don't know six or seven years since I've even thought about a smart toothbrush and what do you know the Bluetooth gimmick has been copied and it's made its way into toothbrushes that cost less than $30. Philips even makes a Bluetooth enabled toothbrush for kids electric toothbrushes they may soon go the same route that flat screen TVs went where these days it's not even possible to get a flat screen without so-called smart capabilities right without some kind of usually Android OS built into it right if you just want essentially a monitor right like a display panel flat screen it's not really possible to get that at least not in stores like Walmart and Best Buy. Now some of you are probably wondering still how a Bluetooth enabled smart toothbrush could be used for a DDoS attack because usually these are running some type of Bluetooth low energy right BLE and a BLE toothbrush shouldn't be able to connect to the internet but it depends on how you define connect to the internet so all of the BLE toothbrushes connect to some type of app that's the whole point of the Bluetooth gimmick and if the app has internet access which probably does if it's on your phone then in a way the toothbrush is connected to the internet with the app on your phone acting as a two way proxy that pushes firmware updates and maybe some other data to your toothbrush and then data about you brushing from the toothbrush to the app and then possibly out to some cloud for you know most likely some company to sell to other companies now here's where things get really interesting with this theoretical idea of a toothbrush botnet if a hacker is able to take over the app that is sending communications to and from the toothbrush either through a supply chain attack or tricking a user into just installing a malicious brushing app that's masquerading as the real one then the hacker could push a malicious firmware update to the toothbrush which might be able to enable direct internet connectivity from the toothbrush depending on what kind of chip is handling the BLE connectivity because you see a lot of devices they actually have their Wi-Fi their Bluetooth and like pretty much all their wireless functionality built into a single chip these days and this consolidation of different computer parts into a single chip is a really popular technology trend that's honestly been going on since the beginning and it's a big reason why computers keep getting smaller and smaller yet faster at the same time plus some smart toothbrushes like the oral be since they actually do have the ability to connect to Wi-Fi directly via the smart charger which just like any other smart device any other IOT device it's likely not going to be updated or it might just be running poorly coded vulnerable software from the very beginning and so my predictions about smart toothbrushes going the same route as smart TVs is correct and they become as common as regular electric toothbrushes and they end up having these BLE plus Wi-Fi chips installed in them or their smart charging bases then I think a story like this could not only become real but it could become a very common occurrence where common household items are made dumb by smart features and then hacked so don't be that person that contributes to device sprawl by buying a BLE toothbrush for yourself or loved one I really don't buy into this gimmick that these apps really help you clean your teeth better like one of the more common things I've heard that they help with is to just help you stop brushing so hard but I think a better solution to that is to just brush your damn teeth correctly like seriously how have you not perfected something that you've been doing every single day yourself since the age of three and look I'm no dental expert I don't know how many people are brushing their teeth too hard but I really doubt the proliferation of smart toothbrushes is going to have any noticeable positive impact on humanity's oral hygiene this is just another non solution to a non problem to trick you into spending money on something you don't need if you want to have better oral health then just brush your damn teeth and eat less sweets and maybe less like stuff that's going to be corrosive to your enamel if you want to keep track of your kids brushing their teeth just touch the damn toothbrush to see if it's wet or see if they have bad breath because bad breath is literally nature's built-in indication for people to tell if you're brushing your teeth correctly you don't need an app for that the devs included it in the vanilla build like and comment to heck the algorithm buy my merch on base.win to help support the channel and have a great day