Research Centre

[TROOPERS 18] Is my toothbrush really smart?

This talk was given at Troopers, in Heidelberg (Germany) in March 2018.

It is a full teardown of a connected toothbrush. Besides the fun of it - such as having your toothbrush sing in tune remotely - we answer an important question: is it really important to secure such harmless IoT? Who cares about our teeth?

We show that even a toothbrush is an interesting device to attack for cybercriminals and explain the following attacks:

  • Insurance fraud by hacking brushing scores
  • Money laundering via virtual rewards
  • Massive privacy leak of customer database due to improper security
  • Physical tracking through BLE address identifiers
All connected devices should be secured - if we don't want to face unexpected security consequences.