Brutkey

Andy Greenberg
@agreenberg@infosec.exchange

Security flaws in the Halo 3C would allow any who hacked them to disable smoke/vape detection, spoof false alerts, eavesdrop in real time, or even play whatever audio they chose through the device’s speaker.

Demonstrated at Defcon today and in a video in our story above.

Andy Greenberg
@agreenberg@infosec.exchange

Motorola says it’s pushed out a patch. The hackers who found the flaws argue that’s not enough.

“There's a microphone connected to a computer that's connected to the network,” says one who goes by Nyx. “And there's no software patching that will make that not possible to use as a listening device.”

Andy Greenberg
@agreenberg@infosec.exchange

Motorola has also marketed the Halo 3C for use in public housing—inside people’s homes.

“That kind of took it up a notch as far as how egregious this entire product line is,” Nyx says. “Most people have an expectation that their home isn’t bugged, right?”