[HN Gopher] Hacking a Philips Sonicare Toothbrush ___________________________________________________________________ Hacking a Philips Sonicare Toothbrush Author : PikelEmi Score : 53 points Date : 2023-05-30 18:30 UTC (4 hours ago) (HTM) web link (kuenzi.dev) (TXT) w3m dump (kuenzi.dev) | jamesdwilson wrote: | Kind of concerning this could turn into another toner ink | situation | babo wrote: | It works happily with a brush head without NFC. That was the | first thing I tried with my new toothbrush. | brianleb wrote: | It works /right now/. Revisit this comment in 3-5 years and | see if the behavior of new brushes and brush heads has | changed for the worse... | wildzzz wrote: | That's exactly why they did this. They can lock out 3rd party | vendors and also force you to buy new heads at an interval of | their choosing all in the name of "ensuring quality". | jrockway wrote: | It runs normally without a head attached, so they must not be | doing this yet. The architecture authenticates the body to | the brush, which is the reverse of what you would do to lock | out brushes. (A third party brush can get the password from | the body and say "yup, that's definitely the password" and | then the body thinks it's genuine. Meanwhile, a third-party | body could use genuine brushes because a brush can't | mechanically make itself not work. So there just isn't any | lock-in here.) | | The main feature this seems to be used for is to put the body | into "whitening" mode if you use a whitening brush. | josephcsible wrote: | > that the tag is configured to permanently disable all write | access after three wrong password attempts | | Why is this kind of thing legal? For how many politicians and | activist groups claim to care about the environment, why hasn't | anyone introduced a bill to ban intentionally turning useful | equipment into waste? Any legitimate security needs would be | fulfilled just as well by doing a full wipe and factory reset | instead. | mikestew wrote: | _Why is this kind of thing legal?_ | | For starters, my experience says that, unlike an HP printer, | your toothbrush still works just fine[0] if you ignore anything | that tells you to replace the head. | | [0] At least as fine as a toothbrush with a worn-out head is | going to work. | roundandround wrote: | I'm curious to see, but I don't think the algorithm for | calculating the password from the identifier would be very | sophisticated. Assuming they didn't want to add costs to prevent | easy retrieval of any secret key from the device, a complex | algorithm would be kind of a waste. | AquinasCoder wrote: | This was an enjoyable read. My GE fridge uses RFID for keeping | track of when to change the water filter. This isn't really an | area I'm familiar with but I'm curious how much I would be able | to figure out with the right tools. | throwway120385 wrote: | In GE's defense, limiting the amount of time you can use a | water filter for is probably a good idea considering what the | filter media fills up with if you do nothing. | AlbertCory wrote: | I have one, but it never occurred to me to want to hack it. | | "But how do you know when it's time to change the brush?" | | Well, how about when it starts getting soft? | mikestew wrote: | How about when the blue part goes away, as documented? :-) I've | used a Sonicare for, what, ten years or more? And I don't think | I've ever seen an indication that the NFC is communicating | anything to me. That's not to say that it isn't, but if I'm | going to ignore something[0] and replace the head when I damned | well please, I just ignore the blue part of the bristles. I | could probably adjust my behavior to ignore whatever flashing | LED the NFC sets off, but after so many years I'm just going to | continue ignoring what I always have. | | [0] I'm either easy on toothbrush heads, or Philips is lying, | because when the indicator says "buy a new head" it still has | plenty of life IMO. Bristles straight and tall, just like a new | one, but no blue left being the only difference between that | and new. So I ignore it and get a new one when the bristles go | a little wonky. | jrockway wrote: | I just change the brush head on the 1st of every month. They | say it lasts for 3 months, I must press too hard. So it goes. | mikestew wrote: | _...I must press too hard_ | | Could be. My wife presses so hard, I hear the motor bog | down. "JFC, honey, let up a bit", to no avail. She's | constantly replacing her heads. I literally can't remember | the last time I popped a new one on mine. I could easily | believe it's been six months (and, yeah, it's about due). | AlbertCory wrote: | what is this "as documented" of which you speak? /s | | toothbrushes come with documentation??? | [deleted] | mikestew wrote: | Great article, the most interesting part of which is that you can | lock your self out of your toothbrush head after three wrong | password attempts. I didn't dig into the data sheet for the NFC | chip very deeply, but I imagine that it's just the default that | the chip ships with. Or maybe Philips _really_ wants that $25 for | a new toothbrush head. :-) | | EDIT: nope, _not_ the default. From the data sheet, last | sentence: | | _" To prevent brute-force attacks on the password, the maximum | allowed number of negative password verification attempts can be | set using AUTHLIM. This mechanism is disabled by setting AUTHLIM | to a value of 000b, which is also the initial state of NTAG21x._" | | So Philips went out of their way to secure that toothbrush head. | That's reassuring. ___________________________________________________________________ (page generated 2023-05-30 23:00 UTC)