[TROOPERS 18] Is my toothbrush really smart?
This talk was given at Troopers, in Heidelberg (Germany) in March 2018.
It is a full teardown of a connected toothbrush. Besides the fun of it - such as having your toothbrush sing in tune remotely - we answer an important question: is it really important to secure such harmless IoT? Who cares about our teeth?
We show that even a toothbrush is an interesting device to attack for cybercriminals and explain the following attacks:
- Insurance fraud by hacking brushing scores
- Money laundering via virtual rewards
- Massive privacy leak of customer database due to improper security
- Physical tracking through BLE address identifiers
All connected devices should be secured - if we don't want to face unexpected security consequences.