Fortinet, a cyber security giant, had a rough week characterized by botched vulnerability disclosures and a public dispute over an electric toothbrush. The chaos began when a Swiss news outlet published an interview with a Fortinet employee discussing a hypothetical scenario in which IoT-enabled toothbrushes could be hacked and used as a botnet to launch a DDoS attack. The story gained traction, with cybersecurity outlets warning about the toothbrush botnet, but Fortinet claimed it was a translation error and the attack was hypothetical. This caused confusion and criticism for the company.
In addition to the toothbrush debacle, Fortinet also faced the disclosure of three critical vulnerabilities in its FortiSIEM system and FortiOS software. The disclosure of these vulnerabilities was confusing, as the company initially claimed they were duplicates of older vulnerabilities, but later acknowledged that they were real and addressed them in a subsequent release. One of the vulnerabilities in FortiOS is already being exploited in the wild, posing a real threat to exposed IT systems.
Overall, this series of blunders has damaged Fortinet’s reputation and raised questions about the company’s handling of vulnerability disclosures. The incident highlights the importance of clear and accurate communication in the cybersecurity industry.