Of Fortinet, The Evil Toothbrush Botnet And Duplicate CVEs

Source: Bleeping Computer Of Fortinet, The Evil Toothbrush Botnet And Duplicate CVEs

Someone At Fortinet Is Having A Bad Week

You have probably heard tell of the three million toothbrush botnet by now, as the headline is too ridiculous to easily forget.  There’s just one small problem, the attack described by Fortinet never happened.  In the original story a representative of Fortinet blamed millions of electric toothbrushes programmed with Java for taking down a Swiss company with a DDoS attack.  That is perfectly possible, a variety of IoT devices from toasters to toilets have been used for this exact purpose.  To describe an IoT device as insecure is redundant at this point, even those that receive security updates for a few years before being abandoned by the manufacturer are more than likely to have hard coded vulnerabilities that can’t be patched.

It is good to remind people just how horrific IoT devices’ security is but a security company inventing an attack which never happened is a wee bit fishy and we can only hope it was a misunderstanding.  You can probably keep that electric toothbrush by the way, as they are almost exclusively Bluetooth and can only make local connections, they can’t talk to the internet.  That does mean they never receive security patches, but that’s the IoT for you

If that wasn’t bad enough, Forticlient also accidentally re-released two critical vulnerabilities with a rating of 10 out of 10 for their FortiSIEM product.  While that looks terrifying, both of these vulnerabilities were discovered and patched last year.  That is perhaps a good reminder to make sure you did patch them though.

It’s not a good week to be Fortinet at all.

Fortinet, who was attributed as the source of the article, has not published any information about this attack and has not responded to repeated requests for comment from BleepingComputer since the "toothbrush botnet" story went viral yesterday.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!