Great article, the most interesting part of which is that you can lock your self out of your toothbrush head after three wrong password attempts. I didn't dig into the data sheet for the NFC chip very deeply, but I imagine that it's just the default that the chip ships with. Or maybe Philips really wants that $25 for a new toothbrush head. :-)
EDIT: nope, not the default. From the data sheet, last sentence:
"To prevent brute-force attacks on the password, the maximum allowed number of negative password verification attempts can be set using AUTHLIM. This mechanism is disabled by setting AUTHLIM to a value of 000b, which is also the initial state of NTAG21x."
So Philips went out of their way to secure that toothbrush head. That's reassuring.
I kind hoped the conclusion would be that you could unlock hidden features in the brush head, increase the torque and reset the head so that you don't have to replace it.
But alternatively, since the head has an NFC tag, could you use it for stuff like a partnership with Marriott (open your hotel door with your toothbrush, so much convenience) or with transit companies to charge your monthly transit pass?
Possibilities of an NFC-enabled toothbrush head are infinite. The future truly is fascinating.
Right!?! NSFW features like the Oral-B brush has, where you can order a special brush that helps you relieve certain stress in the bedroom. With the modified Sonicare firmware, the brush won't stop after 2 minutes but keeps "brushing" until, well, you're 'done'...
The tag is used to change the cleaning mode of the toothbrush automatically, to match the type of head you inserted. This makes very easy to change heads durring the same session.
It is also used to register how long you used that head. A warning is shown when the head should be replaced. After a few warnings you will no longer get them, just the led to replace the head remains on. You can continue to brush your teeth without any problems. What I've found is that the warning comes at the right time, you really feel a decrease in cleaning efficiency around that time.
You can use heads without the cip and they work. You just have to select the proper mode from the handle manually. Or not.
The early versions have a defect where when you push to insert the head, you also push to open the handle. With time, water will get in and the toothbrush will stop working. Not sure about the latest versions.
A few years ago I reverse engineered my Oral-B (Braun) toothbrush in order to change the color of the brush (handle) to one of my liking, without being constrained by the pre-set colors available in smartphone app. (Which I think now also requires you to log in)
I'd like to skip the whole "smart" toothbrush phase and go straight to the "smart ass" toothbrush, which razzes me about my sugar intake and gossips with the toaster behind my back.
As a bachelor who lives alone, it would actually be very motivating if I overheard my appliances making hushed comments about how I "look a little more plump than usual."
It's a toothbrush. Why does it need all this tech and an app?
It's better to think about sustainability.
I had an Oral B IO electric toothbrush. The retail price is nuts and the brushes are expensive and can't really be recycled. Imagine millions of these out there slowly rotting.
I gave up on the IO and bought this one instead. Simple design and battery lasts longer too.
Analogue/manual toothbrush is like 1-2 Euro. Product You are promoting is 85Euro. Assuming my normal toothbrush lasts 3 months for 85 Euro I have backup for 21 YEARS. Spare ones are for ~5.6 EUR piece.
I will stay with using my hand ;-)
This is a nice idea. The problem is longevity. I'd be willing to bet this product disappears after a few years (best case scenario) and you are left with no ability to buy new heads and end up binning the brush. So net net you probably waste more than buying a Philips/Oral-B brush that likely has 10+ years of support for brush heads, which have a far lower environmental impact than replacing the brush. In terms of cost, if you buy the well known brands when they are on sale, they're generally pretty cheap. I'll admit they do try to sting you if you buy at RRP.
Some electric toothbrushes really are better than a manual one. Very light pressure and let the super high cyclic rate do the job.
I love my sonicare. The only thing I would change is the 2 minute shutoff. I have all of my wisdom teeth and never had braces, so I need more time for a good job, but the actual cleaning performance is great. I literally had a hygenist say "Your home care is excellent".
I don't know if it needs this much tech, but if people will buy it, they're gonna make it.
I guess this is one of the downsides of ubiquitous cheap electronics --- DRM everywhere. A similar thing happened relatively recently with label printers: https://news.ycombinator.com/item?id=30420918
All my tries to guess to one-way function for generating the passwords failed.
In case anyone else wants to try having a go at this (without inspecting the firmware): ignoring the first and last two bytes of the UID, we see that 79 is farther from EC and D7 in a similar way that FF is far from 61 and 67, and EC and D7 look closer together too. I wonder if they used "real" crypto or just a simple XOR/shift/add/sub cipher.
(Unfortunately they've requested the schematics/block diagram/functional description to be kept "permanently"[1] confidential, and the inside photos are difficult for me to make out the part numbers on the MCU and other components.)
[1] I wish those who have been leaking secrets about our government would've gone after stuff like this instead of things like the NSA...
I’ll never forget when my damn sonicare toothbrush app warned me about my iPhone being jailbroken. Had to have been a troll by the creators of the app since not even some of my banking apps had that warning.
When I rooted my android phone a few years back, all of my banking apps worked (I had to use magisk hide for some I think) but the only app that would not work was the Macdonalds app... Not that I needed it, I never go there, but I thought it was funny that their app was more "secure" than some banking apps.
As a security professional, I often get asked whether adding a root check is advisable. My general recommendation is to go ahead and implement it, but with a focus on data collection rather than taking action. For instance, you can log if a user is using a jailbroken or rooted device, without interfering with their experience. The responsibility for running a secure operating system lies with the users themselves, not the application. Applications that attempt to restrict how users utilize the app can be likened to malware.
Now, there might be instances where a business executive argues in favor of DRM or ensuring that certain coupons are limited to specific regions. In such cases, its sometimes suggested as a requirement to verify if the app is running in a simulated environment or is rooted. However, I can assure you that if you lock some kind of value behind this check and then rely solely on the operating system to provide this level of security, there will eventually be clever hackers who find ways to bypass the protection. The same principle applies to business-to-business apps that demand extensive control. In such situations, you need to rely on other software solutions or provide dedicated hardware. It's important to refrain from attempting to take ownership of my device, considering it's already under the control of Apple or Google anyway... /sarc. If you require stronger guarantees, I suggest reaching out to them.
I wouldn't be surprised if the apps did notice, but didn't take any action because it might be a hairy legal problem if they get between you and your money.
> that the tag is configured to permanently disable all write access after three wrong password attempts
Why is this kind of thing legal? For how many politicians and activist groups claim to care about the environment, why hasn't anyone introduced a bill to ban intentionally turning useful equipment into waste? Any legitimate security needs would be fulfilled just as well by doing a full wipe and factory reset instead.
For starters, my experience says that, unlike an HP printer, your toothbrush still works just fine[0] if you ignore anything that tells you to replace the head.
[0] At least as fine as a toothbrush with a worn-out head is going to work.
Me, dumb: I change my Sonicare toothbrush head whenever it tells me to. I haven’t had a cavity in 8 years.
You, a clever toothbrush-hacking genius: haha, the head is new again!
This is neat, and I find the process of reverse engineering the Sonicare toothbrush fascinating, especially sniffing the NFC communication, but please change your toothbrush head every three months.
Yes, I realize I might be in the minority here, but isn't this actually great use of a smart device?
Not having to keep track of brush head changes, awesome! One less thing to worry about, as the device is smart enough to tell me when it's time for a new one.
Bit meta, wanted to say this is one of the interesting posts on HN in a while. Good work on the author's part, following their curiosity, writing it up in an understandable way for the rest of us. They weren't successful in the end but still got far.
Hacking the NFC comms is fun and all, but it turns out you can just rip out the orange flatflex PCB under that metal ring with a screwdriver and the brush doesn't care :)
Stops it from beeping at you when your allotted product lifetime is up though.
That's exactly why they did this. They can lock out 3rd party vendors and also force you to buy new heads at an interval of their choosing all in the name of "ensuring quality".
It has already happened. Philips has designated 3x months for a single toothbrush lifespan, which may or may not be the case (depending on one's toothbrush using habits) as the head clearly does not annihilate automagically after three months. For the sake of the conversation, let's say the recommendation is valid.
Where it gets more interesting, though, is actually not at Philips but at shops that sell replacement heads. Sale assistants do go out of their way to actually lie to their customers and tell them that a single toothbrush head will last, like, many-many-many months. And when asked at the next shop visit about why the toothbrush started yelling three months after replacing it, they will blink their eyes and literally inform the customer of «having never heard before about it from any other customers». The situation happens on a regular basis, and the only recourse that works with such people is brushing the pesky flies aside and politely ignoring them. Since not every customer can or does that, the ink business of electric toothbrush replacement heads prospers.
All I know is that I absolutely never, ever, ever want my toothbrush to be "smart."
We need to stop putting firmware in things that don't need firmware. Not everything needs a chip or intelligence. The rampant abuse of this kind of thing leads to shitty products and an uptick in electronic waste.
I bought one of these toothbrushes almost two years ago.
It really makes a difference:
- The connection to my phone helps coach me in making sure I'm brushing my teeth properly. Bad habits sink in easily, and my various dentists all point out that my teeth and gums are much, much healthier. Given that I am cursed with some bad oral genetics, it's "money well spent" for me.
- The counter helps remind me when to change my toothbrush head. I used to be much lazier about changing it; again; because bad habits easily sink in.
Could someone figure out how to do this without an NFC chip in the toothbrush? I hope so! The toothbrush heads cost much more than traditional "dumb" manual toothbrushes. I don't want to have to spend big bucks just to have good personal hygiene.
How about when the blue part goes away, as documented? :-) I've used a Sonicare for, what, ten years or more? And I don't think I've ever seen an indication that the NFC is communicating anything to me. That's not to say that it isn't, but if I'm going to ignore something[0] and replace the head when I damned well please, I just ignore the blue part of the bristles. I could probably adjust my behavior to ignore whatever flashing LED the NFC sets off, but after so many years I'm just going to continue ignoring what I always have.
[0] I'm either easy on toothbrush heads, or Philips is lying, because when the indicator says "buy a new head" it still has plenty of life IMO. Bristles straight and tall, just like a new one, but no blue left being the only difference between that and new. So I ignore it and get a new one when the bristles go a little wonky.
I swap toothbrush heads 4-5 times a day (a couple times per brushing session) and one of my major issues until now was that I didn't know how long I had used any individual toothbrush head and when to replace them (I didn't start using all of them at the same time). With per-head usage tracking this is much easier... I wasn't expecting it, but I'm glad Phlips is considering and supporting my use case.
I replace brush when I feel it's the time. Every time after I replaced it, the difference is bigger than expected. I should replace it earlier. Maybe I should buy this Philips.
Good article from an intellectual curiosity perspective. I use the Philips Sonicare brushes, although I've been using 3rd party heads for years due to the cost difference (3X cheaper). Philips obviously wants to deter people like me from this behaviour. I see they no longer sell non-RFID heads, even when the old brushes lack this feature. Yet more e-waste as they try to nudge customer upgrades.
I just want to point out that resetting the timer is a really, really, bad idea.
My toothbrush heads are usually very worn when my toothbrush tells me to change the head. (And I honestly suspect I should change them before the toothbrush tells me to.)
Anyone remember the old hole punches that would let you turn cheaper, low-density floppies into high-density floppies? A lot of those floppies ended up having data loss.
I've owned several of these toothbrushes - it's worth pointing out that they work just fine with 3rd party heads with no chips in them. At least, the 2 models I've owned do.
Something bizarre I noticed about these Philips toothbrushes is that they fail on a reliable schedule. I owned 3 of the "4100" model and they all failed after exactly 13 months! What's crazier, is that they all failed in the exact same place. There's a metal piece that protrudes outside of the case where the heads attach. Inside the case, this piece clamps to the part that creates the vibrations using a single screw through a cast zinc/nickel block. On _all_ of my brushes, this block cracked right through the screw hole.
What's cool is that the vibration motor uses a magnet of similar strength of hard drive magnets, so now I have some nice strong magnets on my refrigerator.
[+] [-] mikestew|2 years ago|reply
EDIT: nope, not the default. From the data sheet, last sentence:
"To prevent brute-force attacks on the password, the maximum allowed number of negative password verification attempts can be set using AUTHLIM. This mechanism is disabled by setting AUTHLIM to a value of 000b, which is also the initial state of NTAG21x."
So Philips went out of their way to secure that toothbrush head. That's reassuring.
[+] [-] charles_f|2 years ago|reply
But alternatively, since the head has an NFC tag, could you use it for stuff like a partnership with Marriott (open your hotel door with your toothbrush, so much convenience) or with transit companies to charge your monthly transit pass?
Possibilities of an NFC-enabled toothbrush head are infinite. The future truly is fascinating.
[+] [-] PietdeVries|2 years ago|reply
[+] [-] mrfumier|2 years ago|reply
[+] [-] teekert|2 years ago|reply
[+] [-] GoToRO|2 years ago|reply
The tag is used to change the cleaning mode of the toothbrush automatically, to match the type of head you inserted. This makes very easy to change heads durring the same session.
It is also used to register how long you used that head. A warning is shown when the head should be replaced. After a few warnings you will no longer get them, just the led to replace the head remains on. You can continue to brush your teeth without any problems. What I've found is that the warning comes at the right time, you really feel a decrease in cleaning efficiency around that time.
You can use heads without the cip and they work. You just have to select the proper mode from the handle manually. Or not.
The early versions have a defect where when you push to insert the head, you also push to open the handle. With time, water will get in and the toothbrush will stop working. Not sure about the latest versions.
[+] [-] Raqbit|2 years ago|reply
Turned it into a Go library: https://github.com/raqbit/goralb
[+] [-] herrherrmann|2 years ago|reply
[+] [-] hoosieree|2 years ago|reply
[+] [-] dumpsterdiver|2 years ago|reply
[+] [-] pajko|2 years ago|reply
[+] [-] uxcolumbo|2 years ago|reply
It's better to think about sustainability.
I had an Oral B IO electric toothbrush. The retail price is nuts and the brushes are expensive and can't really be recycled. Imagine millions of these out there slowly rotting.
I gave up on the IO and bought this one instead. Simple design and battery lasts longer too.
https://www.trysuri.com/
[+] [-] sp0ck|2 years ago|reply
[+] [-] chrisstu|2 years ago|reply
[+] [-] RoyGBivCap|2 years ago|reply
I love my sonicare. The only thing I would change is the 2 minute shutoff. I have all of my wisdom teeth and never had braces, so I need more time for a good job, but the actual cleaning performance is great. I literally had a hygenist say "Your home care is excellent".
I don't know if it needs this much tech, but if people will buy it, they're gonna make it.
[+] [-] marcod|2 years ago|reply
[+] [-] chillbill|2 years ago|reply
[+] [-] userbinator|2 years ago|reply
(...and people have come up with a "modchip" to bypass that restriction already: https://www.eevblog.com/forum/reviews/dymo-550-thermal-print... )
All my tries to guess to one-way function for generating the passwords failed.
In case anyone else wants to try having a go at this (without inspecting the firmware): ignoring the first and last two bytes of the UID, we see that 79 is farther from EC and D7 in a similar way that FF is far from 61 and 67, and EC and D7 look closer together too. I wonder if they used "real" crypto or just a simple XOR/shift/add/sub cipher.
There's more info about the device itself here: https://device.report/philips-oral-healthcare/hx68
(Unfortunately they've requested the schematics/block diagram/functional description to be kept "permanently"[1] confidential, and the inside photos are difficult for me to make out the part numbers on the MCU and other components.)
[1] I wish those who have been leaking secrets about our government would've gone after stuff like this instead of things like the NSA...
[+] [-] RobotToaster|2 years ago|reply
[+] [-] justsomehnguy|2 years ago|reply
[+] [-] TheCaptain4815|2 years ago|reply
[+] [-] Zeyka|2 years ago|reply
[+] [-] teaearlgraycold|2 years ago|reply
[+] [-] amlozano|2 years ago|reply
Now, there might be instances where a business executive argues in favor of DRM or ensuring that certain coupons are limited to specific regions. In such cases, its sometimes suggested as a requirement to verify if the app is running in a simulated environment or is rooted. However, I can assure you that if you lock some kind of value behind this check and then rely solely on the operating system to provide this level of security, there will eventually be clever hackers who find ways to bypass the protection. The same principle applies to business-to-business apps that demand extensive control. In such situations, you need to rely on other software solutions or provide dedicated hardware. It's important to refrain from attempting to take ownership of my device, considering it's already under the control of Apple or Google anyway... /sarc. If you require stronger guarantees, I suggest reaching out to them.
[+] [-] m463|2 years ago|reply
[+] [-] josephcsible|2 years ago|reply
Why is this kind of thing legal? For how many politicians and activist groups claim to care about the environment, why hasn't anyone introduced a bill to ban intentionally turning useful equipment into waste? Any legitimate security needs would be fulfilled just as well by doing a full wipe and factory reset instead.
[+] [-] mikestew|2 years ago|reply
For starters, my experience says that, unlike an HP printer, your toothbrush still works just fine[0] if you ignore anything that tells you to replace the head.
[0] At least as fine as a toothbrush with a worn-out head is going to work.
[+] [-] aaronbrethorst|2 years ago|reply
You, a clever toothbrush-hacking genius: haha, the head is new again!
This is neat, and I find the process of reverse engineering the Sonicare toothbrush fascinating, especially sniffing the NFC communication, but please change your toothbrush head every three months.
[+] [-] imp0cat|2 years ago|reply
Not having to keep track of brush head changes, awesome! One less thing to worry about, as the device is smart enough to tell me when it's time for a new one.
[+] [-] politelemon|2 years ago|reply
[+] [-] dxld|2 years ago|reply
Stops it from beeping at you when your allotted product lifetime is up though.
[+] [-] jamesdwilson|2 years ago|reply
[+] [-] wildzzz|2 years ago|reply
[+] [-] babo|2 years ago|reply
[+] [-] inkyoto|2 years ago|reply
Where it gets more interesting, though, is actually not at Philips but at shops that sell replacement heads. Sale assistants do go out of their way to actually lie to their customers and tell them that a single toothbrush head will last, like, many-many-many months. And when asked at the next shop visit about why the toothbrush started yelling three months after replacing it, they will blink their eyes and literally inform the customer of «having never heard before about it from any other customers». The situation happens on a regular basis, and the only recourse that works with such people is brushing the pesky flies aside and politely ignoring them. Since not every customer can or does that, the ink business of electric toothbrush replacement heads prospers.
[+] [-] ubermonkey|2 years ago|reply
We need to stop putting firmware in things that don't need firmware. Not everything needs a chip or intelligence. The rampant abuse of this kind of thing leads to shitty products and an uptick in electronic waste.
[+] [-] gwbas1c|2 years ago|reply
It really makes a difference:
- The connection to my phone helps coach me in making sure I'm brushing my teeth properly. Bad habits sink in easily, and my various dentists all point out that my teeth and gums are much, much healthier. Given that I am cursed with some bad oral genetics, it's "money well spent" for me.
- The counter helps remind me when to change my toothbrush head. I used to be much lazier about changing it; again; because bad habits easily sink in.
Could someone figure out how to do this without an NFC chip in the toothbrush? I hope so! The toothbrush heads cost much more than traditional "dumb" manual toothbrushes. I don't want to have to spend big bucks just to have good personal hygiene.
[+] [-] fsflover|2 years ago|reply
[+] [-] compiler-guy|2 years ago|reply
[+] [-] AlbertCory|2 years ago|reply
"But how do you know when it's time to change the brush?"
Well, how about when it starts getting soft?
[+] [-] mikestew|2 years ago|reply
[0] I'm either easy on toothbrush heads, or Philips is lying, because when the indicator says "buy a new head" it still has plenty of life IMO. Bristles straight and tall, just like a new one, but no blue left being the only difference between that and new. So I ignore it and get a new one when the bristles go a little wonky.
[+] [-] rendaw|2 years ago|reply
[+] [-] fomine3|2 years ago|reply
[+] [-] Aardwolf|2 years ago|reply
Is there any consumer to whom this would read as a positive sales pitch?
[+] [-] chrisstu|2 years ago|reply
[+] [-] gwbas1c|2 years ago|reply
My toothbrush heads are usually very worn when my toothbrush tells me to change the head. (And I honestly suspect I should change them before the toothbrush tells me to.)
Anyone remember the old hole punches that would let you turn cheaper, low-density floppies into high-density floppies? A lot of those floppies ended up having data loss.
[+] [-] dpedu|2 years ago|reply
Something bizarre I noticed about these Philips toothbrushes is that they fail on a reliable schedule. I owned 3 of the "4100" model and they all failed after exactly 13 months! What's crazier, is that they all failed in the exact same place. There's a metal piece that protrudes outside of the case where the heads attach. Inside the case, this piece clamps to the part that creates the vibrations using a single screw through a cast zinc/nickel block. On _all_ of my brushes, this block cracked right through the screw hole.
What's cool is that the vibration motor uses a magnet of similar strength of hard drive magnets, so now I have some nice strong magnets on my refrigerator.