Brutkey

Andy Greenberg
@agreenberg@infosec.exchange

The Halo 3C is a smoke/vape detector that Motorola sells for use in school bathrooms. It also has microphones inside.

A teen hacker found them at his school, and with another security researcher has now shown they could be hacked for audio surveillance.

https://www.wired.com/story/school-bathroom-vape-detector-audio-bug/

Andy Greenberg
@agreenberg@infosec.exchange

Security flaws in the Halo 3C would allow any who hacked them to disable smoke/vape detection, spoof false alerts, eavesdrop in real time, or even play whatever audio they chose through the device’s speaker.

Demonstrated at Defcon today and in a video in our story above.

Andy Greenberg
@agreenberg@infosec.exchange

Motorola says it’s pushed out a patch. The hackers who found the flaws argue that’s not enough.

β€œThere's a microphone connected to a computer that's connected to the network,” says one who goes by Nyx. β€œAnd there's no software patching that will make that not possible to use as a listening device.”

Andy Greenberg
@agreenberg@infosec.exchange

Motorola has also marketed the Halo 3C for use in public housingβ€”inside people’s homes.

β€œThat kind of took it up a notch as far as how egregious this entire product line is,” Nyx says. β€œMost people have an expectation that their home isn’t bugged, right?”