[HN Gopher] Hacking a Philips Sonicare Toothbrush
___________________________________________________________________
Hacking a Philips Sonicare Toothbrush
Author : PikelEmi
Score : 53 points
Date : 2023-05-30 18:30 UTC (4 hours ago)
(HTM) web link (kuenzi.dev)
(TXT) w3m dump (kuenzi.dev)
| jamesdwilson wrote:
| Kind of concerning this could turn into another toner ink
| situation
| babo wrote:
| It works happily with a brush head without NFC. That was the
| first thing I tried with my new toothbrush.
| brianleb wrote:
| It works /right now/. Revisit this comment in 3-5 years and
| see if the behavior of new brushes and brush heads has
| changed for the worse...
| wildzzz wrote:
| That's exactly why they did this. They can lock out 3rd party
| vendors and also force you to buy new heads at an interval of
| their choosing all in the name of "ensuring quality".
| jrockway wrote:
| It runs normally without a head attached, so they must not be
| doing this yet. The architecture authenticates the body to
| the brush, which is the reverse of what you would do to lock
| out brushes. (A third party brush can get the password from
| the body and say "yup, that's definitely the password" and
| then the body thinks it's genuine. Meanwhile, a third-party
| body could use genuine brushes because a brush can't
| mechanically make itself not work. So there just isn't any
| lock-in here.)
|
| The main feature this seems to be used for is to put the body
| into "whitening" mode if you use a whitening brush.
| josephcsible wrote:
| > that the tag is configured to permanently disable all write
| access after three wrong password attempts
|
| Why is this kind of thing legal? For how many politicians and
| activist groups claim to care about the environment, why hasn't
| anyone introduced a bill to ban intentionally turning useful
| equipment into waste? Any legitimate security needs would be
| fulfilled just as well by doing a full wipe and factory reset
| instead.
| mikestew wrote:
| _Why is this kind of thing legal?_
|
| For starters, my experience says that, unlike an HP printer,
| your toothbrush still works just fine[0] if you ignore anything
| that tells you to replace the head.
|
| [0] At least as fine as a toothbrush with a worn-out head is
| going to work.
| roundandround wrote:
| I'm curious to see, but I don't think the algorithm for
| calculating the password from the identifier would be very
| sophisticated. Assuming they didn't want to add costs to prevent
| easy retrieval of any secret key from the device, a complex
| algorithm would be kind of a waste.
| AquinasCoder wrote:
| This was an enjoyable read. My GE fridge uses RFID for keeping
| track of when to change the water filter. This isn't really an
| area I'm familiar with but I'm curious how much I would be able
| to figure out with the right tools.
| throwway120385 wrote:
| In GE's defense, limiting the amount of time you can use a
| water filter for is probably a good idea considering what the
| filter media fills up with if you do nothing.
| AlbertCory wrote:
| I have one, but it never occurred to me to want to hack it.
|
| "But how do you know when it's time to change the brush?"
|
| Well, how about when it starts getting soft?
| mikestew wrote:
| How about when the blue part goes away, as documented? :-) I've
| used a Sonicare for, what, ten years or more? And I don't think
| I've ever seen an indication that the NFC is communicating
| anything to me. That's not to say that it isn't, but if I'm
| going to ignore something[0] and replace the head when I damned
| well please, I just ignore the blue part of the bristles. I
| could probably adjust my behavior to ignore whatever flashing
| LED the NFC sets off, but after so many years I'm just going to
| continue ignoring what I always have.
|
| [0] I'm either easy on toothbrush heads, or Philips is lying,
| because when the indicator says "buy a new head" it still has
| plenty of life IMO. Bristles straight and tall, just like a new
| one, but no blue left being the only difference between that
| and new. So I ignore it and get a new one when the bristles go
| a little wonky.
| jrockway wrote:
| I just change the brush head on the 1st of every month. They
| say it lasts for 3 months, I must press too hard. So it goes.
| mikestew wrote:
| _...I must press too hard_
|
| Could be. My wife presses so hard, I hear the motor bog
| down. "JFC, honey, let up a bit", to no avail. She's
| constantly replacing her heads. I literally can't remember
| the last time I popped a new one on mine. I could easily
| believe it's been six months (and, yeah, it's about due).
| AlbertCory wrote:
| what is this "as documented" of which you speak? /s
|
| toothbrushes come with documentation???
| [deleted]
| mikestew wrote:
| Great article, the most interesting part of which is that you can
| lock your self out of your toothbrush head after three wrong
| password attempts. I didn't dig into the data sheet for the NFC
| chip very deeply, but I imagine that it's just the default that
| the chip ships with. Or maybe Philips _really_ wants that $25 for
| a new toothbrush head. :-)
|
| EDIT: nope, _not_ the default. From the data sheet, last
| sentence:
|
| _" To prevent brute-force attacks on the password, the maximum
| allowed number of negative password verification attempts can be
| set using AUTHLIM. This mechanism is disabled by setting AUTHLIM
| to a value of 000b, which is also the initial state of NTAG21x._"
|
| So Philips went out of their way to secure that toothbrush head.
| That's reassuring.
___________________________________________________________________
(page generated 2023-05-30 23:00 UTC)