Surveillance Via Smart Toothbrush - Source: www.schneier.com

Comments

Clive Robinson • May 29, 2025 8:52 AM

@ Bruce, ALL,

This time it’s a “Smart Device”, or as previously mentioned on this blog an internet connected “adult only toy”.

But also it could just as easily have been via the house “Smart Meter”…

Any electrical device usage in your home gets reported via the “smart grid”. And can be in sufficiently near “real time” detail that anyone monitoring the communications –even if they are encrypted– can see devices are being used and how.

Think of it as “Traffic analysis” on steroids.

But… further all usage of grid power has “a signature” that can identify the device type/model and quite often environmental factors like the temperature in the room. Think how your fridge compressor comes on and goes off likewise air con. So a change in “Delta” for the fridge but not in the aircon is indicative of someone using the contents of the fridge, and potentially the mass of what was taken out or put in.

This is because energy “Star Ratings” became a selling point, thus the “drive for efficiency” brings out those signatures significantly. So much so it’s possible to work out what you are watching on TV not just the channel but actual movie or stream.

The UK has “TV Licencing” which basically means you have to pay a lot of money each year to watch Broadcast Television from anywhere (not just broadcast from the UK). It’s known that people have been investigating using the power signatures that smart meters broadcast “back to base” to see if this can be used as a method of catching the increasing numbers who now “don’t pay” but still sometimes watch “broadcasts” on a TV or Computer.

So unless you take precautions having anything “smart” that communicates will “tell on you” for all the world to hear if they want to…

And if people think that’s not legal, info from a “fitness band” has been used in successful prosecutions of murder…

atanas entchev • May 29, 2025 9:10 AM

A story from years ago: A married couple shared access to their Fitbit accounts. A marital affair was discovered when the husband’s heart rate spiked at 2am while away on a business trip.

Clive Robinson • May 29, 2025 9:27 AM

@ Bruce, ALL,

There are rather more than two copies of the story as a duckduck on “ARF Investigators toothbrush” now shows,

This one is interesting,

https://usmail24.com/private-researcher-reveals-how-a-toothbrush-can-prove-whether-your-partner-cheats/

For a couple of reasons,

1, It sort of credits the Mirror
2, It uses the same photo as the Mail-Online.

Other links also kind of credit the Mirror by a “told the Mirror” or similar, which suggests the Mirror was probably the source for this blatant “service advertising” for ARF.

But they use the same image as the Mail which is a stock from Getty. Which is odd because Getty have thousands of similar “two in a bed cheating” images that could have been used (duckduck the phrase and hit the image tab to see that).

So the question of,

“Cut-n-Paste Writing?”

Does spring to mind with a minor effort to hide the plagiarism that is now the staple of “MSM News” (especially in the Rupert “the bear faced liar” Murdoch stable of overly paywalled nonsense.)

Chris • May 29, 2025 9:57 AM

I am of the generation who got to read George Orwell’s 1984 in 1984. So it was 41 years ago that my 8th grade English teacher pointed out that supermarket scanners and credit cards would someday make it impossible to, say, hide members of a persecuted minority group in your attic because the authorities could easily detect that your grocery consumption had risen (we also read The Diary of Anne Frank that year).

I still maintain the Huxley’s Brave New World is the dystopia we’re slouching toward because no one is forcing us to buy Internet connected toothbrushes and the benefit we get from such gizmos seems to go almost entirely to their vendors. As one of the epitaphs on my daylight-readable, LCD, “Smart” headstone may one day cycle through, “Just Because You Can Connect Something to the Internet Doesn’t mean You Should.

Not really anonymous • May 29, 2025 11:03 AM

Clive, a couple of questions. Are water meters currently a similar threat? Can you use UPS’s as a buffer to hide electrity use well enough to prevent detailed descriptions of what you are doing from being emitted?

TexasDex • May 29, 2025 11:17 AM

Water meters aren’t read all that often–IIRC most are still read by radio from a van driving down the street. So they’re probably not a threat yet, but expect water companies to make their metering infrastructure smarter in the next decade or three.

A UPS probably won’t make any difference for occupancy detection. They only come on when upstream power is lost, and only last a few minutes, not long enough to realistically shift load substantially in time. If you have an appliance that has a very distinctive usage pattern, and deliberately unplug the UPS while using it, it could help a little to hide the fact that you used that device, but the meter will see increased usage a few minutes later.

Devices like Tesla PowerWalls might make a bigger difference, esp if they’re programmed to charge at night and discharge during the day, but I don’t think they respond directly to demand, so your fluctuations could still be visible to the meter.

Not really anonymous • May 29, 2025 11:37 AM

For water meters, part of the concern is that even though they report in bursts, they might be reporting usage over multiple short intervals in those bursts.
For UPS’s, often better UPS’s directly supply power and charge separately while they have access to power. The cheaper ones use a bypass while they are getting power and only supply power when its supply goes out. But even for the better ones, since they are charging while they are supplying, a signal is still going to get out that is related to usage. So if you don’t do anything else, how much is the resolution of that signal changed? You could take other steps if you really cared, to control the charging, but I don’t think that is a normal option for UPS units.

Clive Robinson • May 29, 2025 1:01 PM

@ Not really anonymous, ALL,

You ask what is three questions,

1, Are water meters currently a similar threat?
2, Can you use UPS’s as a buffer to hide electrity use?
3, [W]ell enough to prevent detailed descriptions of what you are doing from being emitted?

To answer the first, Water meters in the UK are “an oddity” every one is supposed to get one fitted, but mostly they “were” mechanical and replaced the “off premises stop valve” that was required by law when the “local council’s” were responsible for water, sewerage, and local rivers etc, back quite a way’s into the past century.

Like both electricity and gas meters to reduce labour cost they are going “smart” but as they control the premises cut-off in all cases it’s safe to assume that they will be used for “Corporate Oppression” to make excessive “share holder value” and “director bonus” at the very least whilst not carrying out even basic maintenance (look in UK MSM for “Thames Water fine” and the behaviour leading up to it… It’s as bad if not actually worse than California’s PG&E I’ve mentioned here in the past).

The real question that is going to arise is believe it or not “Radio Spectrum”… At the moment the meters use either 2G GSM which was supposed to be phased out a decade or more ago, or “local” lamppost networking on ISM bands or via WiFi, with bluetooth on-site operator port.

The more crowded the spectrum the less data that can be sent. But… As any network specialists can tell you, as usage rises linearly contention due to simultaneous access fails and back-off rises as an exponential law.

Thus to maintain through put data will be sent less and less in “real time”. So it will act as an integrator that in effect acts as a low-pass filter thus “smooths the signals”.

However “under command” most meters can be told to slow down whilst an individual meter can be commanded to speed up.

The approximate maximum frequency of signal that can be measured currently is ~600Hz which is actually enough to pass recognisable speech envelope (~300Hz)… Add in “data compression” via the equivalent of a “lossy codec” and you can get 10-75 times the base sampled data rate.

So even though “not normally” applies for “general metering” they can go way up for “special metering” the supposed reason for this requirment is to “catch rate fiddlers”. Think of it like a “police stakeout” rather than a “police patrol” drive-by.

As for UPS’s they come in so many flavours the answer is “some will” such as “always on full sinewave” but “most won’t” especially consumer and low end commercial systems.

In essence what you need is energy storage acting as a very low frequency low pass filter. You get very short term storage with “Power Factor Correction”(PFC) that can save you a lot of money with your energy supplier (look up the difference between real ana apparent power and just how much you get hit with it).

You get more storage with AC-DC-AC systems used to protect sensitive equipment and remove supply noise and brown out issues, they used to be used in laboratories and data centers. Put overly simply you add energy storage at the DC point.

They also tend to come with good lightning protection and “Line Impedance Stabilization Network”(LISN) that gives a high degree of active “phase correction and isolation” in the four quadrants. Thus in effect make your “demand side” look like a “passive resistor” to the “supply side, again saving you money with the supplier.

A similar system actually uses two DC points one used for short term float via say a battery and the other an auxiliary power input from a generator or similar.

A friend built a system where he used a natural gas powered generator to provide way less expensive energy when the “solar” did not meet required power[2]. You can obtain “Combined Heat And Power”(CHAP) generators that fast start in upto 3kW size[1].

So yes you can smooth out the signals quite a long way. However Solar electricity that is “grid tied” is not your friend due to the way it works it actually amplifies signals and has a high bandwidth.

[1] Domestic sized CHAP generators will push 1-1.5kW of electricity and slightly more in “hot water”. The latter you can dump into a wax, sand, or water “heat battery”.

The wax ones are known as “Phase Change Material”(PCM) thermal storage see,
https://www.sciencedirect.com/science/article/pii/S2666386421002514 if you want to know the material science details. You can also consider sand based storage in a similar way to the old “storage heaters” that were basically a pile of bricks you heat on the inside and heat radiates over a very long time from the outside of the bricks. They were designed to use “Off-Peak” cheap sources of energy to smooth out loads on the various energy grids. And likewise water based storage like an immersion heater storage system[3].

[2] The reason my fried did it is that in the UK at the time natural gas was less than 1/6th the price per kWh than electricity even with “Off-Peak” rates. You can see the current figures at,

https://www.ofgem.gov.uk/information-consumers/energy-advice-households/energy-price-cap

So there is still quite an advantage in doing so, especially if,

1, You are a low energy user (see daily charge difference).
2, As is now the case increasingly in rural areas there are “power cuts” especially at cheap rate (Economy 7 etc) rate times…

[3] Water batteries are very cheap to make and have very desirable properties but one major downside, they have limited head capacity due to temperature differential and a max temp of 50-60C to stop water vapor issues. However “second circuit with heat pump” can move that up to “boiling” or hotter in closed circuit pressurised systems as have been used with Solar Water Heater systems.

The big problem with gas generation and heat from “combustion products” extraction is Carbon dioxide and carbonic acid. whilst the acid is not poisonous you are best to consume it from a soda can 😉

https://letstalkscience.ca/educational-resources/stem-in-context/chemistry-pop

Ray Dillinger • May 29, 2025 1:13 PM

I remember a brief moment in the 1990s when a “smart” thermostat meant one that you could set a weekly schedule for the times you cared about what the temperature in your house was, and what range to keep it in during those times. They were legit, and the one we got paid for itself in under a month judging by the temperature outside and our utility bills before and after.

And even though they were smart enough to provide the value to pay for themselves in under a month, they weren’t connected to the internet, and didn’t report your usage to anybody, and didn’t have a remotely hackable unix installation that can support remote logins and bash scripts exposed on your home wifi, and didn’t have a camera or a microphone in them.

It was smart enough to provide good value, but not smart enough to destroy value.

But alas, those halcyon days are gone.

By • May 29, 2025 6:09 PM

Modern water meters group usage into 30-minute intervals (buckets). Useful for showing a consumer they have a leaky toilet flapper. Not so good at distinguishing what people are using that water for.

Power is a real issue. Modern water meters have an unreplaceable lithium button battery for power to measure usage, and a solar cell to power the display. They can’t power a lot of data storage or computing.

Electric meters are another matter. Lots of power. But consider that you can have multiple fridges/freezers, and they turn on & off somewhat randomly throughout the day. I myself have three, and would like to get another. Also, different brands may outsource components to the same supplier, using the same compressor or whatever, with the same electrical signature. Some folks leave computers on 24×7, have them run software automatically at various times. Or turn appliances on & off through a timer.

Yes they can see electric usage at 1000Hz. But it costs. Keep in mind, their meters have to be hardened, durable, outdoors, in direct sunlight, through baking hot summers, freezing winters, and remain unserviced for decades.

The payoff from spying is becoming more iffy. Negative press stories are commonplace. What happens if our government decides to outlaw such spying, and the company has to replace their meters? Granted, in the U.S., not likely. But it’s a contingency companies have to contemplate.

@Ray: Perhaps those halcyon days will come back. Certain manufacturers are more interested in selling products than spying. My toothbrush is an $18 Walmart Equate rechargeable. No spying. Cleans my teeth just as well. Perhaps being spied on is a first world problem, eh?

Subscribe to comments on this entry