Leaves open the question of how they joined the network - WiFi passwords and such. Maybe stolen from the phones/laptops and then sent to the device as part of the exploit?
I could imagine there’s a lot of toothbrushes near unsecured wifi hotspots. (Hotels, in backpacks of travellers in a cafe, a demo unit in a store) Could be as simple as polling continuously till one allows the device to phone home.
This does seem to be a debunked story though.