Reynaldo Vasquez-Garcia, a 16-year-old hacker from Portland, discovered that his school’s Halo 3C smoke detector, a device marketed as an “all-in-one intelligent security device,” had several security vulnerabilities. Working with fellow hacker Nyx, Vasquez-Garcia reverse-engineered the device and found that it could be easily hacked to become an audio eavesdropping bug.
The Halo 3C’s microphone feature was designed to detect specific keywords, such as “help” or “911,” but it also included a more general speech recognition feature. This allowed hackers to listen in on conversations without the user’s knowledge.
Motorola Solutions, the manufacturer of the device, released a firmware update to address the vulnerabilities. However, experts argue that this only fixes symptoms and not the underlying issue: the use of microphones in devices designed for safety purposes.
Vasquez-Garcia and Nyx’s findings raise concerns about the widespread use of such devices in schools and homes. They highlight the need for caution when it comes to IoT devices and the importance of understanding what’s inside before accepting their claims of “no recording” or other features that may seem beneficial but actually pose a risk.
In a statement, Motorola Solutions emphasized its commitment to data security and the deployment of the firmware update. However, experts argue that this is just the beginning, and more needs to be done to address the concerns surrounding IoT devices with built-in microphones.
Source: https://www.wired.com/story/school-bathroom-vape-detector-audio-bug