Following on the heels of a fortunately not real DDoS botnet composed of electric toothbrushes, [Aaron Christophel] got his hands on a sort-of-electric toothbrush which could totally be exploited for this purpose.
The Evowera Planck Mini which he got is the smaller, children-oriented version of the Planck O1 (a more regular electric toothbrush). Both have a 0.96″ color LC display, but the O1 only has Bluetooth and requires a smartphone app. Meanwhile the Mini uses a pressure sensor for the brush along with motion sensors to keep track of the child’s teeth brushing efforts and to provide incentives.
The WiFi feature of the Mini appears to be for both firmware updates as well as to allow parents to monitor the brushing reports of their offspring in the associated smartphone app. With this feature provided by the ESP32-C3 SoC inside the device, the question was how secure it is.
As it turns out not very secure, with [Aaron] covering the exploit in a Twitter thread. As exploits go, it’s pretty straightforward: the toothbrush tries to connect to a default WiFi network (SSID evowera, pass 12345678), tries to acquire new firmware, and flashes this when found without any fuss. [Aaron] made sure to figure out the pin-out on the PCB inside the device as well, opening up new avenues for future hacking.
We’re great fans of [Aaron] and his efforts to breathe new life into gadgets through firmware hacking. His replacement firmware for the Xiaomi LYWSD03MMC Bluetooth thermometer is one of the best we’ve seen.
Wow toothbrushes now have bluetooth, wifi and color displays !
As much as the though of a botnet attack made of a swarm of toothbrushes make me smile and reminiscent of rpg sessions with friends, this also males me kind of worry about e-waste piling up and our ressources usage.
There already was waste. Arguably, by replacing just the head of an electric toothbrush, we have created a smaller volume of waste than the whole conventional toothbrush you’d replace every 3 months. You do replace your toothbrush regularly, right?
I have a bias leading me Toward thinking that just the production of the screen and battery are already as wastefull as producing a whole brunch of Dumb toothbrushes even full plastic ones (models with wooden bodies exits) … and i doubt the permanent part is ment to last forever.
However I’d be genuinely interested to see it properly fact check and if proven wrong from ecological perspective, change toothbrushe model.
I’m probably too old but I can guess absolutely no reason for a toothbrush to be connected.
I mean they told you the reason right in the article.
The parents MUST monitor the dental hygiene of the children for themselves. A connected toothbrush to do this job is almost like leting the smartphone act as an electronic babysitter.
True. Does Google start sending me ads for the local dentist when it detects that the toothbrush hasn’t moved for too long?
Indeed. Why?
So there is no reason to connect a toilet seat cover with anything -> https://expo.tuya.com/product/1074126
I should get one of these to go with my connected towel and washcloth.
Towelie FTW!!
Seeing a picture of Rick on a toothbrush made me laugh first thing this morning! Thank you, Hackaday.
Now … let me get back to my connected boxer shorts project.
The caption with its weird “all your base are belong to us” vibes was a bonus as well.
But was he able to run Doom on the toothbrush? That is the question, my dear Watson.
Apart from a drive motor, switch and battery, I’m somewhat puzzled why there would be a need for any other circuitry inside of an electric toothbrush. Apart from deliberately making it fragile and prone to need of replacement, that is.