Hacking An Actual WiFi Toothbrush With An ESP32-C3

Following on the heels of a fortunately not real DDoS botnet composed of electric toothbrushes, [Aaron Christophel] got his hands on a sort-of-electric toothbrush which could totally be exploited for this purpose.

Evowera Planck Mini will never gonna give you up, never let you down. (Credit: Aaron Christophel)
Evowera Planck Mini will never gonna give you up, never let you down. (Credit: Aaron Christophel)

The Evowera Planck Mini which he got is the smaller, children-oriented version of the Planck O1 (a more regular electric toothbrush). Both have a 0.96″ color LC display, but the O1 only has Bluetooth and requires a smartphone app. Meanwhile the Mini uses a pressure sensor for the brush along with motion sensors to keep track of the child’s teeth brushing efforts and to provide incentives.

The WiFi feature of the Mini appears to be for both firmware updates as well as to allow parents to monitor the brushing reports of their offspring in the associated smartphone app. With this feature provided by the ESP32-C3 SoC inside the device, the question was how secure it is.

As it turns out not very secure, with [Aaron] covering the exploit in a Twitter thread. As exploits go, it’s pretty straightforward: the toothbrush tries to connect to a default WiFi network (SSID evowera, pass 12345678), tries to acquire new firmware, and flashes this when found without any fuss. [Aaron] made sure to figure out the pin-out on the PCB inside the device as well, opening up new avenues for future  hacking.

We’re great fans of [Aaron] and his efforts to breathe new life into gadgets through firmware hacking. His replacement firmware for the Xiaomi LYWSD03MMC Bluetooth thermometer is one of the best we’ve seen.

15 thoughts on “Hacking An Actual WiFi Toothbrush With An ESP32-C3

  1. Wow toothbrushes now have bluetooth, wifi and color displays !
    As much as the though of a botnet attack made of a swarm of toothbrushes make me smile and reminiscent of rpg sessions with friends, this also males me kind of worry about e-waste piling up and our ressources usage.

    1. There already was waste. Arguably, by replacing just the head of an electric toothbrush, we have created a smaller volume of waste than the whole conventional toothbrush you’d replace every 3 months. You do replace your toothbrush regularly, right?

      1. I have a bias leading me Toward thinking that just the production of the screen and battery are already as wastefull as producing a whole brunch of Dumb toothbrushes even full plastic ones (models with wooden bodies exits) … and i doubt the permanent part is ment to last forever.
        However I’d be genuinely interested to see it properly fact check and if proven wrong from ecological perspective, change toothbrushe model.

      1. The parents MUST monitor the dental hygiene of the children for themselves. A connected toothbrush to do this job is almost like leting the smartphone act as an electronic babysitter.

  2. Apart from a drive motor, switch and battery, I’m somewhat puzzled why there would be a need for any other circuitry inside of an electric toothbrush. Apart from deliberately making it fragile and prone to need of replacement, that is.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.