Tag Archive for: Strange

The Strange Tale Of 3 Million Hacked Toothbrushes

/in


A news story about the hacking of three million smart toothbrushes to create a massive botnet used to launch a distributed denial of service cyberattack against a Swiss organization has gone viral. However, many in the information security industry, including myself, have trouble finding evidence to support the story.

02/08 updates below. This article was originally published on February 7.

What’s Behind The Viral Story Of 3 Million Hacked Smart Toothbrushes?

Searching Google reveals that everything from national newspapers to online technology publications have picked up the viral story of three million hacked smart toothbrushes attacking an unnamed Swiss business by way of a DDoS botnet.

However, the headlines certainly raised a few eyebrows within the information security community online, not least as there is very little by way of specifics in any of the reports and a distinct lack of technical explanations as to quite how such a massive botnet, one of the biggest on record, was created.

The story has arisen from comments provided to the Swiss publication by an engineer from the Swiss arm of security vendor Fortinet. I have contacted Fortinet for clarification regarding the root of this viral story and will provide an update if I hear back.

Update February 8: A Fortinet spokesperson has provided the following statement:

“To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred.”

Update February 8: The author of the orginal article refutes the Fortinet narrative and insists the ‘example’ was presented as a real case.

The author of the original article published by Aargauer Zeitung, Ann-Kathrin Amstutz, contacted Forbes following the publication today of an update to this story in the format of a statement from Fortinet which claimed there was no real attack. That statement suggested that…

Source…

The strange, unexplained journey of ToTok in Google Play fuels user suspicions

/in
Promotional image of smartphone app.

Enlarge (credit: ToTok.ai)

In late December, Google and Apple removed the ToTok social messaging app from their marketplaces after US intelligence officials told The New York Times it was a tool for surreptitious spying by the United Arab Emirates government. About a week later, Google reinstated the Android version of the app with no explanation, a move that confounded app users and security experts. Now Google has once again baffled industry watchers by once again banishing the app without saying why. (Apple, meanwhile, has continued to keep the iOS version of ToTok out of the App Store.)

(credit: @sooohaib)

Over the past few days, Play Protect, the Google service that scans Android devices for apps that violate the company’s terms of service, started displaying a warning that says: “This app tries to spy on your personal data, such as SMS messages, photos, audio recordings, or call history. Even if you have heard of this app or the app developer, this version of the app could harm your device.”

The message, displayed to the right, then gives the user the option to either “uninstall” or “keep app (unsafe).”

Read 12 remaining paragraphs | Comments

Biz & IT – Ars Technica

Two strange (and impractical) ways to hack an iPhone and a Mac

/in

For most people, the security that Apple has baked into an iPhone or Mac is more than enough. But determined criminals can find creative ways to bypass the locks to get at your data. Should you be …
mac hacker – read more

The Strange Journey of an NSA Zero-Day—Into Multiple Enemies’ Hands – WIRED

/in

The Strange Journey of an NSA Zero-Day—Into Multiple Enemies’ Hands  WIRED

The notion of a so-called zero-day vulnerability in software is supposed to mean, by definition, that it’s secret. The term refers to a hackable flaw in code that the …

“zero day exploit” – read more