The image displays the Fortinet logo with a playful twist where the letter "I" is replaced by a toothbrush and the letter "O" by a graphic of a tooth, subtly emphasizing cybersecurity. The background features a low-poly gray pattern.

Toothbrush DDoS attack

Tooth be told: Toothbrush DDoS attack claim was lost in translation says Fortinet

According to Fortinet, the Toothbrush DDoS attack claim was mistranslated

The cybersecurity company at the center of the story has now released a statement in response to hundreds of media outlets around the world repeating the untrue accusation that three million toothbrushes were used to attack an American company:

To be clear, the discussion of toothbrushes being used in DDoS attacks was not based on Fortinet or FortiGuard Labs research; rather, it was used as an example of a specific type of attack during an interview.

The narrative on this subject seems to have been stretched to the point where hypothetical and real-world scenarios are muddled as a result of translations.

Fortinet continued by stating that “not observed Mirai or other IoT botnets target toothbrushes or similar embedded devices,” according to its experts.

After all, this has happened, so I can only imagine how a researcher from Fortinet might have amused the journalist with tales of how IoT tools like webcams hijacked into botnets for DDoS attacks.

However, it would be risky to use the journalist as a juicy hypothetical example of how millions of intelligent toothbrushes could overthrow an American company.

As we’ve seen, other news outlets repeat the story without verifying its veracity, so I’m not surprised that journalists might take it.

The toothbrush DDoS attack example was hypothetical and had n’t actually occurred, according to a spokesperson with more experience.

If that does n’t work, Fortinet still has plenty of time ( the original article was released on January 30 ) to get in touch with the Swiss newspaper, retract the rumor, or post a clarification on social media.

Fortinet did n’t, however, until the cybersecurity community’s skeptics cast doubt on the narrative.

Subscribe to our newsletter for free.
News, suggestions, and security advice.

Ironically, the company’s researchers have previously published some genuinely fascinating proof-of-concept research on the toothbrush topic, albeit by hacking Bluetooth-enabled toothbrushes to interfere with brushing time rather than offline a company website.

How cybersecurity misinformation spreads: The toothbrush DDoS attack

(Opens in a new browser tab)

The toothbrush DDoS disaster, round three!

(Opens in a new browser tab)

According to CISA, a new Fortinet RCE bug is actively exploited.(Opens in a new browser tab)

Common Cybersecurity Threats (Opens in a new browser tab)

Week 6 of” The Good, the Bad, and the Ugly in Cybersecurity”

(Opens in a new browser tab)


Skip to content