[a321neo]

>A bunch of BLE chips are also WiFi capable, so not ruling out that someone compromised the firmware to enable WiFi functionality

The ESP32 is now used as a general-purposed chip even in applications where an 8-bit MCU would have been enough. A remotely exploitable vulnerability in the ESP32/SDK could have large-scale consequences.

[greggsy]

The only way to load firmware to consumer esp platforms is usually via mobile apps… so, someone with privileged access to consumer’s apps, or the supply chain, used that access to load bespoke firmware to toothbrushes.. highly doubtful.

[exe34]

Leaves open the question of how they joined the network - WiFi passwords and such. Maybe stolen from the phones/laptops and then sent to the device as part of the exploit?

[graypegg]

I could imagine there’s a lot of toothbrushes near unsecured wifi hotspots. (Hotels, in backpacks of travellers in a cafe, a demo unit in a store) Could be as simple as polling continuously till one allows the device to phone home.

This does seem to be a debunked story though.