If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their possible security implications. Some of the risks discussed in this series may be over the top and even comical, while others may highlight realistic problems you may not have considered.

Over the years, I have seen quite a few seemingly absurd Bluetooth integrations into everyday products. Whether it is the “smart” hairbrush that listens to your hair or the toaster which gives a phone notification when the toast is ready, these inventions are a good reminder that not every household item needs to be connected. The toothbrush is definitely one of these devices that doesn’t need more computing power.

AppSec/API Security 2022

At least that’s what I thought until I accidentally bought some. After deciding it was time for the kids to have rechargeable electric toothbrushes, I ordered the Philips Sonicare for Kids on a whim and was rather surprised when they arrived sporting a Bluetooth logo.

Although I must admit I initially considered returning them unopened, my curiosity got the better of me, and I decided to have a closer look. The first and most obvious question, of course, is: what in the world does a toothbrush need with Bluetooth? It turns out that the brush is tied to a smartphone app that adds a game on top of brushing teeth. Within the game, the child is the adoptive parent of a cuddly creature who needs help brushing.

When the brush is activated, the app displays an animation to help the child learn how to (Read more...)