Andy GreenbergThe Halo 3C is a smoke/vape detector that Motorola sells for use in school bathrooms. It also has microphones inside.
A teen hacker found them at his school, and with another security researcher has now shown they could be hacked for audio surveillance.
https://www.wired.com/story/school-bathroom-vape-detector-audio-bug/
demi7en π
πͺπΊ
@agreenberg@infosec.exchange Is this the PRC Chinese '#Motorola' that is also flogging 'smartphones', the most intimate item always around people?
This Halo eavesdropping company certainly sounds like PRC...
Sadly Murica and the PRC are becoming harder to tell apart. Putin must be laughing.
Leeloo@agreenberg@infosec.exchange
A microphone doesn't get put into a smoke detector by mistake. It can't be removed with a software patch, and even if it's disabled by the patch, will absolutely be enabled again when needed for the reason it was added in the first place.
Andy GreenbergSecurity flaws in the Halo 3C would allow any who hacked them to disable smoke/vape detection, spoof false alerts, eavesdrop in real time, or even play whatever audio they chose through the deviceβs speaker.
Demonstrated at Defcon today and in a video in our story above.
Andy GreenbergMotorola says itβs pushed out a patch. The hackers who found the flaws argue thatβs not enough.
βThere's a microphone connected to a computer that's connected to the network,β says one who goes by Nyx. βAnd there's no software patching that will make that not possible to use as a listening device.β
Andy GreenbergMotorola has also marketed the Halo 3C for use in public housingβinside peopleβs homes.
βThat kind of took it up a notch as far as how egregious this entire product line is,β Nyx says. βMost people have an expectation that their home isnβt bugged, right?β