[dessant]

A warning about Philips electric toothbrushes: you cannot turn off Bluetooth on them, even if you are not using the smart features.

Also be careful with all Philips air purifiers that support Wi-Fi, because the remote control feature cannot be disabled. They create a Wi-Fi hotspot that you need to connect to with a smartphone to finish setting up the device, but if you don't use these features, the air purifier will create a permanent Wi-Fi hotspot, waiting to be exploited.

[UberFly]

I'm reminded of this that I read a few days ago:

Home assistant picked up my neighbours Bluetooth toothbrush and now I can see when they brush their teeth.

https://old.reddit.com/r/homeassistant/comments/1306pcw/home...

[Animats]

Send them a message if they miss a brushing.

[somedude895]

"You shouldn't stay up that late you know"

[radicality]

The exact same thing happened to me! Randomly one day a new toothbrush entity appeared in HA, even though I’m still using a “dumb” electric toothbrush.

[burningChrome]

I finally got rid of one of my fitness watches that had dreadful battery life and I couldn't figure out why. After a few months of this, I finally realized the same thing, you can't turn off the bluetooth on it. The app on your phone and the watch are constantly searching for each other to always sync and the alternative is to unpair the watch, use it, re-pair, sync and go which became a total headache, but did in fact give me better battery life.

The weird thing is I complained to the company's CSR people online and they had no idea why the battery was so bad and just told me to try and factory hard reset the phone as there must be something I changed in the settings.

I switched over to Polar and now the watch I have lasts 5 days on a single charge - quit the change from about a day or less.

[II2II]

> I switched over to Polar and now the watch I have lasts 5 days on a single charge - quit the change from about a day or less.

I uncovered a cheap digital watch in the cupboard the other day. It hasn't been in use since it's strap broke at least four years ago. It is still keeping time. Poorly, granted. It is off by half an hour, Then again, it is the type of watch that needs updating twice or thrice a year to account for DST and leap years.

I realize that modern watches are much more than timepieces, but the difference is battery life is astounding.

[inglor_cz]

My Garmin stays connected to my Samsung smartphone via Bluetooth constantly and will last about 6-8 days on a single charge. I can't imagine charging my watch every night.

[LeifCarrotson]

I've been using Garmin GPS watches for more than a decade, they get two weeks on a single charge (double or triple that if you don't use 24/7 heart rate, or GPS, or Bluetooth/Wifi, but even on long trips I don't need months without a charge). And they have Bluetooth that syncs with my phone for weather data and optionally shows notifications, but it doesn't need a phone connection to be a great watch.

Sure, my top-end Fenix 6 Pro cost $750 new in 2019, and very little of that is hardware BOM (there's a lot of price segmentation), but it's still just as good as it was then. It's honestly extremely refreshing to deal with a company and an app that tries to build and sell good hardware rather than tricking you into a subscription.

[throwway120385]

I've gotten 5-7 days out of a charge with my entry-level Vivoactive 3 even 4 years later. They're very good.

[manicorganic]

Since we're on the subject, also be careful of Philips CPAP machines, they will slowly spray disintegrating cancer-causing foam into your lungs as you sleep.

Great company though, it's not like they had the choice to not buy out one of the best CPAP manufacturers and then skimp out on materials until they hit the cancer recall margin of diminishing returns (and then hide it for as long as possible).

[dmix]

What risks could a WiFi hotspot on an air purifier expose if it's not connected to the network or a computer?

[dessant]

Anyone in Wi-Fi range can exploit the device. The sensors of the air purifier can be used for spying, and the device could also serve as a hopping point for exploiting other devices in your home.

[mynameisvlad]

> The sensors of the air purifier can be used for spying

To be able to... know if your target's house has a lot of pollutants? Is particularly warm? There is practically no useful information that can't be gleamed by just looking through their windows, blinds and all.

> and the device could also be used as a hopping point for exploiting other devices in your home.

It's not connected to your home network, that's the whole reason for the hotspot existing. How, exactly, could it be used as a hopping off point, except to other devices with hotspots that... can just be exploited in the first place.

[snapcaster]

You're lacking in imagination, and maybe the conceptual idea of "sensor fusion". Multiple seemingly innocuous data streams in isolation can be combined to create sensors you wouldn't have imagined

[mynameisvlad]

Do you understand what data is available in a smart air purifier?

Please, explain exactly what sensor fusion would get you actionable data out of the PM2.5 sensor and "gas sensor" in a Philips smart air purifier.

[jamesrr39]

At a guess; if able to monitor over a period of time (e.g. pick up data from a parked car), a potential burglar can see when there is activity and figure what times of the day house occupants are normally at home.

[dotancohen]

Maybe increased CO2 on Tuesday afternoons will tip off that the wife is cheating?

It's not even far fetched, smart watches reporting physical actively at unexpected hours have revealed infidelity in the past.

[cromka]

Just a mere few years ago you wouldn’t believe WiFi access point can be used as a sonar to literally scan the area like a low-def camera in real time.

Stuxnet also sounded like a completely made up scenario.

As someone said, you lack imagination. And that’s OK, but you’re also being quite arrogant, too.

[mynameisvlad]

> There is practically no useful information that can't be gleamed by just looking through their windows, blinds and all.

I have plenty of imagination. I also am practical and realize how illogical the argument of “sensor fusion” is to do something you can just use your eyes for.

Nobody is going to go out of their way to do this when KISS methods already exist and y’all don’t seem to understand practicality if you don’t see that.

[yread]

If the sensors don't detect your farts for a while you're probably not at home so the burglars can come in

[rightbyte]

Worst case would be a fire hazard. Maybe produce too much poisonous ozone.

If the hardware is fail safe I guess it can waste electricity.

[LesZedCB]

you could believe you're inhaling purified air but, lo! you are breathing impure air, muahahaha!

[kps]

You may think you're joking, but 4 days ago: https://news.ycombinator.com/item?id=39223982

[whyenot]

You might not be able to turn bluetooth off, but you can choose not to pair them with anything (or remove the pairing after setting up the device).

[dessant]

The issue is what happens to these toothbrushes in a couple of years when their vulnerabilities will be discovered. Their inevitable exploitation could be prevented by simply allowing to turn off bluetooth. Or even better, only enable bluetooth if the user wants to set up and use these smart features, at least in that case the vulnerable firmware can be updated using the smartphone app.

[ethbr1]

"Shipped dumb by default" is enticing as a legal requirement.

Have a colorful switch to enable it, whatever.

But poor security posture out of the box, for a questionably-supported, poorly-developed, long-lived physical device seems important enough to mandate slight one-time inconvenience.

In the future, this bullshit is going to be looked back at like default passwords on ISP WAPs.

[HnUser12]

Same with my samsung tv and my neighbour keeps trying to pair her watch to it for reasons I don’t know.

[SoftTalker]

She most likely doesn't know either.