I can’t upgrade the firmware of my toothbrush because I once did jailbreak

I know people are going to be upset about the &quot;can&#x27;t upgrade the firmware&quot; bit. But, where this story goes wrong is that a <i>toothbrush</i> has firmware to upgrade. Things like this are some of the reasons I avoid &#x27;smart&#x27; devices (<i>e.g.</i> doorbells, toothbrushes), when lower tech ones work perfectly well. I cannot imagine needing an app for my toothbrush.

From the HN headline, &quot;I can’t upgrade the firmware of my toothbrush because I once did jailbreak&quot; I thought he had done a jailbrake on his toothbrush, which, honestly, I was much more interested in hearing about.<p>Turns out he needs to use his phone to update his toothbrush, and being such a security sensitive device as a toothbrush is, Philips won&#x27;t allow that update to be done on jailbroken devices.

The problem is Philips have been burned by all the stunt hacking done on their bulbs and IOT in general. They&#x27;re damned if they do and damned if they don&#x27;t.<p>If they _do_ all the stupid security things they get this.<p>If they _don&#x27;t_ do all the stupid security things they get sensational headlines where stunt hackers use drones to infect all the lights in an office building.<p>Philips had a security assessment on their app for all the obvious reasons. [I am simplifying, it may be part of their standard development process at this point to add these things].<p>That assessment came back with (among others) the findings:<p>xyz.124: No app obfuscation: our testers were able to reverse engineer the app and...<p>xyz.125: No jailbreak detection. During the assessment...<p>I&#x27;ve seen apps that _really_ don&#x27;t need these things come back with these findings in reports from supposedly big, reputable security firms. That is partly because the findings are _right there_ in the methodology and pre-written, and it&#x27;s low effort for the tester to paste them in and pad out their report. There is also the argument that its better to tell the customer they don&#x27;t have those things and let them decide whether to accept the risk.<p>If you don&#x27;t have engineers who can push back on &quot;not applicable&quot; security findings (or you have a team priority to reduce risk at any cost) then this is what happens.<p>It is also remotely possible that the app &quot;needs&quot; these things because the firmware is unsigned and they are concerned about stunt hackers posting on twitter about the funny or mildly nefarious things they can do with the brushes.<p>Jailbreak detection is not an exact science so you will inevitably get outcomes like this.

It could be unrelated to a prior jailreak - I had installed the iOS 14 Beta and my banking software insisted my phone had been jailbroken. Fortunately it allowed me to &#x27;Accept the risk&#x27; and continue.<p>I think the most likely scenario is that there is a third party library or service to detect jailbreaks and it is faulty.

Why did nobody tell us the future would be this stupid

And of course, if the phone was actually Jailbroken, there’s a good chance you could bypass the Jailbreak check.<p>But also, why the heck does the toothbrush care whether my phone is Jailbroken in the first place?