is my toothbrush really smart
play

Is my toothbrush really smart? Axelle Apvrille Troopers, March - PowerPoint PPT Presentation

Oct 07, 2023 •402 likes •1.03k views

Is my toothbrush really smart? Axelle Apvrille Troopers, March 2018 Introduction How it works Virtual toothbrush Smart Toothbrush Cloud Conclusion Troopers March 2018 - A. Apvrille 2/34 Who am I? Anti-virus researcher with Fortinet smart

  1. Is my toothbrush really smart? Axelle Apvrille Troopers, March 2018

  2. Introduction How it works Virtual toothbrush Smart Toothbrush Cloud Conclusion Troopers March 2018 - A. Apvrille 2/34

  3. Who am I? Anti-virus researcher with Fortinet smart phone, smart things Troopers March 2018 - A. Apvrille 3/34

  4. Why hack a smart toothbrush? 1 Because it’s fun . You’re going to brush your teeth with a Bluetooth dongle , you’re warned :) Troopers March 2018 - A. Apvrille 4/34

  5. Why hack a smart toothbrush? 1 Because it’s fun . You’re going to brush your teeth with a Bluetooth dongle , you’re warned :) 2 Because it’s difficult . Yes, it’s harder than hacking an IP camera . Everybody knows how to telnet on a Linux, huh ;P Troopers March 2018 - A. Apvrille 4/34

  6. Why hack a smart toothbrush? 1 Because it’s fun . You’re going to brush your teeth with a Bluetooth dongle , you’re warned :) 2 Because it’s difficult . Yes, it’s harder than hacking an IP camera . Everybody knows how to telnet on a Linux, huh ;P 3 I want to turn down the myth “nobody cares, there’s nothing to secure in a toothbrush” . All connected devices need some level of security . Troopers March 2018 - A. Apvrille 4/34

  7. Smart toothbrushes? Braun Oral B, Grush Smart toothbrush, Shenzhen Tita, Ningbo Seago SG 976, Kolibree Magik, Ara... Oral B Pro 5000 Kolibree Magik Photo credits: Oral B Photo credits: Kolibree Troopers March 2018 - A. Apvrille 5/34

  8. Smart toothbrushes? Braun Oral B, Grush Smart toothbrush, Shenzhen Tita, Ningbo Seago SG 976, Kolibree Magik, Ara... Oral B Pro 5000 Kolibree Magik For this talk Photo credits: Oral B Photo credits: Kolibree Troopers March 2018 - A. Apvrille 5/34

  9. What for? 1 Motivate and educate kids Troopers March 2018 - A. Apvrille 6/34

  10. What for? 1 Motivate and educate kids 2 And adults Health improvements? Average for brushing teeth is once for 45 to 70 seconds Vendor say their users’ average is twice for 110 seconds Troopers March 2018 - A. Apvrille 6/34

  11. What for? 1 Motivate and educate kids 2 And adults 3 Do business, make money ;P Health improvements? Average for brushing teeth is once for 45 to 70 seconds Vendor say their users’ average is twice for 110 seconds Troopers March 2018 - A. Apvrille 6/34

  12. Dental insurance Commercialized in the USA Employer-based dental insurance You subscribe to a dental plan and receive a smart toothbrush, replacement heads, toothpaste & floss. Impossible to purchase the toothbrush alone . Troopers March 2018 - A. Apvrille 7/34

  13. Introduction How it works Virtual toothbrush Smart Toothbrush Cloud Conclusion Troopers March 2018 - A. Apvrille 8/34

  14. Connecting the toothbrush Smart Mobile app Dental insurance toothbrush Bob Alice BLE HTTP @ Brushing duration, frequency Name, email, dentist, Plan, photo... In-game score Troopers March 2018 - A. Apvrille 9/34

  15. A B luetooth L ow E nergy device An attribute consists of: Toothbrush Service UUID: it is a type e.g. 04234f8e-75b0-4525-9a32- 193d9c899d30 Device Name type Motor Speed . UUID: Value e.g “My smart 833da694-51c5-4418-..., Value: toothbrush” 0xd0, Read, Write Battery Level . UUID: Permissions to access the 6dac0185-e4b7-4a..., Value: attribute 584c, Read. ... Accessed by a handle We can search for attributes, read, 3D Service write, get notifications. ... Troopers March 2018 - A. Apvrille 10/34

  16. How to Speak BLE Read Motor Speed UUID = 833da694-51c... pygattlib read_by_handle( 0x002b ) gatt_read_char( ..., 0x002b, ...) 0x0a 0x002b ATT bluez bluez Handle Read Opcode 0x05 0x04 0a 00 2b L2CAP Length Channel Id Access Data LL CRC 05 04 0a 00 2b Address Header Troopers March 2018 - A. Apvrille 11/34

  17. How to capture BLE Troopers March 2018 - A. Apvrille 12/34

  18. BLE Tools Adafruit Bluefruit sniffer https://www.adafruit.com/product/2269 (25$), Ubertooth https://github.com/greatscottgadgets/ubertooth Adafruit Python BLE Sniffer https: //github.com/adafruit/Adafruit_BLESniffer_Python Bluez http://www.bluez.org/ : Linux Bluetooth protocol stack (see hcitool, gatttool) Python interface to BLE: Bluepy https://github.com/IanHarvey/bluepy , Python interface to GATT: pygattlib https://bitbucket.org/OscarAcena/pygattlib Bleah https://github.com/evilsocket/bleah : BLE scan/read/write Mobile apps: BLE Scanner (BluePixel), nRF Connect (Nordic Semi.) ... Troopers March 2018 - A. Apvrille 13/34

  19. Controlling the toothbrush remotely Demo 1 For Fun 2 To gain independance - DIY Troopers March 2018 - A. Apvrille 14/34

  20. Quadrant buzz is ... a timer 3D service 89bae1fa-2b59-4b06 -919a-8a775081771d Enable notifications: Write Command 0100 Accelerometer No Handle Value Notification (ever) Enable notifications: Write Command 0100 Gyroscope No Handle Value Notification (ever) Toothbrush service Gyroscope and accelerometer are not used in this version The toothbrush cannot know which teeth we brush Troopers March 2018 - A. Apvrille 15/34

  21. Hardware events Toothbrush service Event index Enable notifications N R W Write Command 0100 ... Event index Event 3a N 3b Event 3D service Troopers March 2018 - A. Apvrille 16/34

  22. Hardware events Toothbrush service Event index Use it! Enable notifications N R W Write Command 0100 ... Event index Event 3a Duration: 5s 26-01-2018 N @ 09:52:00 3b Event 3D service Troopers March 2018 - A. Apvrille 16/34

  23. Hardware events Toothbrush service Event index Use it! Handle Notification Value Event index is 0x3a N R W Encrypt packet ... Event index Event 3a Duration: 5s 26-01-2018 N @ 09:52:00 3b Event 3D service Troopers March 2018 - A. Apvrille 16/34

  24. Hardware events Toothbrush service Event index Use it! N R W ... Event index Enable notifications Event 3a Duration: 5s 26-01-2018 N @ 09:52:00 3b Event 3D service Troopers March 2018 - A. Apvrille 16/34

  25. Hardware events Toothbrush service Event index Use it! Write Command N R W Give me index 0x3a! ... Event index Event 3a Duration: 5s 26-01-2018 N @ 09:52:00 3b Event 3D service Troopers March 2018 - A. Apvrille 16/34

  26. Hardware events Toothbrush service Event index Use it! N R W ... Handle Value Notification Event index Event Encrypted event 0x3a 3a Duration: 5s 26-01-2018 N @ 09:52:00 Duration: 5s 3b 26-01-2018 Event @ 09:52:00 3D service Troopers March 2018 - A. Apvrille 16/34

  27. Events demo DEMO 1 Enable event index notification 2 Move toothbrush 3 Decrypt event index notification 4 Enable event notification 5 Query event index 6 Decrypt event notification Troopers March 2018 - A. Apvrille 17/34

  28. Interesting attacks for cyber-criminals? Not many at this point. (But lots of fun). Troopers March 2018 - A. Apvrille 18/34

  29. Interesting attacks for cyber-criminals? Not many at this point. (But lots of fun). Damage victim’s teeth and gums with high motor speed ? Hmmm. Troopers March 2018 - A. Apvrille 18/34

  30. Interesting attacks for cyber-criminals? Not many at this point. (But lots of fun). Damage victim’s teeth and gums with high motor speed ? Hmmm. Remote kill of toothbrush. Okaaaay. Troopers March 2018 - A. Apvrille 18/34

  31. Interesting attacks for cyber-criminals? Not many at this point. (But lots of fun). Damage victim’s teeth and gums with high motor speed ? Hmmm. Remote kill of toothbrush. Okaaaay. Do you mind if we track you? Toothbrush MAC address is fixed (despite specs say how to do it) Troopers March 2018 - A. Apvrille 18/34

  32. Interesting attacks for cyber-criminals? Not many at this point. (But lots of fun). Damage victim’s teeth and gums with high motor speed ? Hmmm. Remote kill of toothbrush. Okaaaay. Do you mind if we track you? Toothbrush MAC address is fixed (despite specs say how to do it) But we’ll see bad design leads to worse later. (Suspens). Troopers March 2018 - A. Apvrille 18/34

  33. Introduction How it works Virtual toothbrush Smart Toothbrush Cloud Conclusion Troopers March 2018 - A. Apvrille 19/34

  34. Summary / Achievements Service : Beam Mobile application Vtesse moteur Bluetooth Low Energy Service : 3D talk2brush Troopers March 2018 - A. Apvrille 20/34

  35. Can we create a fake toothbrush? Bluetooth Low Energy Service : 3D Mobile app Fake toothbrush Troopers March 2018 - A. Apvrille 21/34

  36. Yes, we can! This is a pink smart toothbrush K¨ onig Micro Bluetooth Dongle v4.0 (13 euros) Official mobile app says it is pink :) Troopers March 2018 - A. Apvrille 22/34

  37. How do we do that? var bleno = require(’bleno’); var BlenoPrimaryService = bleno.PrimaryService; JavaScript function ToothbrushService() { ToothbrushService.super_.call(this, { Bleno uuid: ’04234f8e75b045259a32193d9c899d30’, characteristics: [ new bleno.Characteristic({ uuid: ’0971ed14e92949f9925f81f638952193’, Node JS properties: [’read’], value : colorRead, }), function colorRead(offset, callback) { // 02 = pink console.log(’reading toothbrush color’); callback(this.RESULT_SUCCESS, new Buffer(’02’,’hex’ } Troopers March 2018 - A. Apvrille 23/34

  38. A Fake Toothbrush: Is that useful? To brush your teeth? No ;-) Troopers March 2018 - A. Apvrille 24/34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

WHAT The Worlds Fastest Electric Toothbrush Oclean designs and manufactures preventive oral

WHAT The Worlds Fastest Electric Toothbrush Oclean designs and manufactures preventive oral

WHAT The Worlds Fastest Electric Toothbrush Oclean designs and manufactures preventive oral healthcare devices . Our first product the Oclean One is a next generation sonic smart toothbrush that can connect through a mobile

941 views • 31 slides
SMART ENERGY SMART ASSET SMART SMART SMART & CUSTOMER ASSET PURPOSE PEOPLE

SMART ENERGY SMART ASSET SMART SMART SMART & CUSTOMER ASSET PURPOSE PEOPLE

Smart Energy Foundations SMART ENERGY SMART ASSET SMART SMART SMART & CUSTOMER ASSET PURPOSE PEOPLE INTERACTION MANAGEMENT SMART STAKEHOLDER & GOVERNMENT ENGAGEMENT 1 CLPs Sustainability Principles Sustainability has

389 views • 5 slides
Smart Metering Smart Metering The Power of Smart Metering The Power of Smart Metering MOST

Smart Metering Smart Metering The Power of Smart Metering The Power of Smart Metering MOST

an energy technology company Smart Metering Smart Metering The Power of Smart Metering The Power of Smart Metering MOST EFFICIENT USE OF ENERGY 41 Watchung Plaza #175 Montclair, NJ 07042-4117 Tel 1.800.781.1232 Fax 973.783.3047 8001

846 views • 12 slides
Quality of Life - Smart Mobility - Smart Infrastructure - Smart People, Smart Living ARC 590

Quality of Life - Smart Mobility - Smart Infrastructure - Smart People, Smart Living ARC 590

Quality of Life - Smart Mobility - Smart Infrastructure - Smart People, Smart Living ARC 590 Swapnil Patil - Smart Mobility Sustainable Transformation One may expect major changes regarding mobility in the near future. As mobility has

289 views • 24 slides
Smart Grid Increasing the IQ of the Smart Grid Unclear exactly what the smart grid is, but

Smart Grid Increasing the IQ of the Smart Grid Unclear exactly what the smart grid is, but

Smart Grid Increasing the IQ of the Smart Grid Unclear exactly what the smart grid is, but Through Active Customer it does include Participation in Wholesale Electricity Interval meters Markets Storage and load flexibility

465 views • 15 slides
ARE YOU SMART ENOUGH FOR SMART? Presentation by SMART Presentation 1 February 27, 2018 Chad

ARE YOU SMART ENOUGH FOR SMART? Presentation by SMART Presentation 1 February 27, 2018 Chad

ARE YOU SMART ENOUGH FOR SMART? Presentation by SMART Presentation 1 February 27, 2018 Chad Laurent, Principal Meister Consultants Group, A Cadmus Company Using global best practices to inform local decisions International sustainability

621 views • 35 slides
SMART STAFFORDSHIRE Enabling citizens and businesses to flourish in the digital age SMART SMART

SMART STAFFORDSHIRE Enabling citizens and businesses to flourish in the digital age SMART SMART

SMART STAFFORDSHIRE Enabling citizens and businesses to flourish in the digital age SMART SMART PEOPLE LIVING SMART WORKING WHAT IS SMART STAFFORDHSIRE? Umbrella that will help position Staffordshire at forefront of digital / digital

339 views • 13 slides
Smart Devices Need Smart People: Learn How to Be Smart! ELIZABETH A EVANS, DUKE DIGITAL

Smart Devices Need Smart People: Learn How to Be Smart! ELIZABETH A EVANS, DUKE DIGITAL

Smart Devices Need Smart People: Learn How to Be Smart! ELIZABETH A EVANS, DUKE DIGITAL INITIATIVE ALYSE ZAVALA, DUKE IT SECURITY OFFICE INTERNET OF THINGS (IoT) u The network of physical devices, smart appliances, vehicles, and other items

88 views • 8 slides
Sustainability and Smart Grid Implementing a Non residential Smart Metering System PaperCon

Sustainability and Smart Grid Implementing a Non residential Smart Metering System PaperCon

Sustainability and Smart Grid Implementing a Non residential Smart Metering System PaperCon 2011 Page 195 Smart Grid Popular Topics in the News Smart Grid Smart Meter Smart Meter Micro Grid Distributive Generation Most talk is

427 views • 39 slides
Smart Grid As Smart as the Quality of its Measurements by Linoh Magagula, PhD, MIEEE,

Smart Grid As Smart as the Quality of its Measurements by Linoh Magagula, PhD, MIEEE,

Smart Grid As Smart as the Quality of its Measurements by Linoh Magagula, PhD, MIEEE, National Metrology Institute of South Africa (NMISA) Smart: communication; sensing; control Smart grid intelligently integrated electricity

397 views • 18 slides
Welcome! Setting Up SMART Response Objectives: Integrating SMART Response & Web 2.0 for

Welcome! Setting Up SMART Response Objectives: Integrating SMART Response & Web 2.0 for

November 10, 2014 Welcome! Setting Up SMART Response Objectives: Integrating SMART Response & Web 2.0 for Formative Define SMART Response & its uses in the classroom Assessments Understand how the SMART Response system works Be able

489 views • 17 slides
San Antonios Smart City Program Smart City Initiative A Smart City is one that uses data and

San Antonios Smart City Program Smart City Initiative A Smart City is one that uses data and

San Antonios Smart City Program Smart City Initiative A Smart City is one that uses data and technology to improve the quality of life for its residents. Sustainability Transportation Digital Connected Living Key Projects SATRIP

611 views • 14 slides
Smart and Adaptive Cyber-Physical Systems Chapters 1,2 Cyber-Physical Systems Smart mobility

Smart and Adaptive Cyber-Physical Systems Chapters 1,2 Cyber-Physical Systems Smart mobility

Smart and Adaptive Cyber-Physical Systems Chapters 1,2 Cyber-Physical Systems Smart mobility Smart factory Smart grid Smart XX Smart health care Smart city But what does it mean to be smart ?

1.79k views • 102 slides
UPM DAY 1: SMART GRIDS TABLE 1: TECHNOLOGICAL CHALLENGES RELATED WITH SMART GRIDS DEVELOPMENT

UPM DAY 1: SMART GRIDS TABLE 1: TECHNOLOGICAL CHALLENGES RELATED WITH SMART GRIDS DEVELOPMENT

Guillermo del Campo UPM DAY 1: SMART GRIDS TABLE 1: TECHNOLOGICAL CHALLENGES RELATED WITH SMART GRIDS DEVELOPMENT INTERNATIONAL SUMMER SCHOOL SMART GRIDS AND SMART CITIES Barcelona, 6-8 June 2017 Context Dramatic growth of energy

618 views • 16 slides
The Smart Pretrial Demonstration Initiative: Using A Smart Approach To Implement A Smart Change

The Smart Pretrial Demonstration Initiative: Using A Smart Approach To Implement A Smart Change

The Smart Pretrial Demonstration Initiative: Using A Smart Approach To Implement A Smart Change Garry Herceg Consultant Pretrial Justice Institute Our Pretrial Challenge U.S. jail admissions doubled since 83 Largest growth is in

382 views • 15 slides
The Role of Smart Lighting in the Smart Grid St Stewart Findlater t Fi dl t VP, Engineering

The Role of Smart Lighting in the Smart Grid St Stewart Findlater t Fi dl t VP, Engineering

The Role of Smart Lighting in the Smart Grid St Stewart Findlater t Fi dl t VP, Engineering Discussing Today The smart grid needs a smart load The smart grid needs a smart load Lighting in commercial buildings LEDs a flexible

479 views • 10 slides
August 2018 Comprehensive Review of Regulations & Interpretive Guidance for Top F-Tags

August 2018 Comprehensive Review of Regulations & Interpretive Guidance for Top F-Tags

August 2018 Comprehensive Review of Regulations & Interpretive Guidance for Top F-Tags Activities of Daily Living F676-F677 Objectives 1. Identify the regulatory requirements 3. Identify examples of how F-Tags related to Activities of

418 views • 16 slides
The profile or vapers and how e-cigarettes should be regulated Jean-Franois ETTER,

The profile or vapers and how e-cigarettes should be regulated Jean-Franois ETTER,

The profile or vapers and how e-cigarettes should be regulated Jean-Franois ETTER, PhD Associate Professor Faculty of Medicine University of Geneva Switzerland University of California Webcast October 3, 2013

507 views • 35 slides
Egg: An Extensible and Economics-Inspired Open Grid Computing Platform David C. Parkes Division

Egg: An Extensible and Economics-Inspired Open Grid Computing Platform David C. Parkes Division

Egg: An Extensible and Economics-Inspired Open Grid Computing Platform David C. Parkes Division of Engineering and Applied Sciences Harvard University GECON 2006 Grids internal realm: Java, python, C++, applications Science,

623 views • 38 slides
Miss Buss sent for me and announced that I was destined to be a teacher of the deaf and

Miss Buss sent for me and announced that I was destined to be a teacher of the deaf and

Miss Buss sent for me and announced that I was destined to be a teacher of the deaf and dumb. Whether the sudden attack roused my rebellious spirit or I may have had an allergy to teaching I do not know, but I refused to teach. This

189 views • 4 slides
US CMS Tier 1 dCache Timur Perelmutov, Fermilab dCache Workshop, DESY, January 19, 2007 1

US CMS Tier 1 dCache Timur Perelmutov, Fermilab dCache Workshop, DESY, January 19, 2007 1

US CMS Tier 1 dCache Timur Perelmutov, Fermilab dCache Workshop, DESY, January 19, 2007 1 Stage Area Stage Area -11 nodes-10TB Pools for staging files from tapes managed by dCache File Hopping Pool-to-Pool copy to read pools

407 views • 13 slides
Packaging (Large pack) Kevin Mutch Peripatetic Brewer 25 April 2018 Topics Beer

Packaging (Large pack) Kevin Mutch Peripatetic Brewer 25 April 2018 Topics Beer

Packaging (Large pack) Kevin Mutch Peripatetic Brewer 25 April 2018 Topics Beer preparation and mechanics of fill Cask Keg Bulk Beer Preparation Prior to packaging beer must be in the correct condition Sterility

908 views • 35 slides
Fostering neonatal kittens neonatal n ndl/ adjective 1. relating to newborn

Fostering neonatal kittens neonatal n ndl/ adjective 1. relating to newborn

Fostering neonatal kittens neonatal n ndl/ adjective 1. relating to newborn children (or mammals). Introduction to being a Foster ! Before getting started you have to ask yourself if you are prepared : Do you have the time

436 views • 10 slides
WEATHER Wild Weather and Natural Disasters Module 3.3 Proudly developed by SMART with funding

WEATHER Wild Weather and Natural Disasters Module 3.3 Proudly developed by SMART with funding

WEATHER Wild Weather and Natural Disasters Module 3.3 Proudly developed by SMART with funding from Inspiring Australia Image sources: http://www.bom.gov.au/cyclone/history/yasi-satellite.shtml

599 views • 20 slides

More recommend