(Above link with skipped Paywall)
Summary by Andi:
A teenage hacker named Reynaldo Vasquez-Garcia discovered that the Halo 3C vape detector, which looks like a standard smoke detector in school bathrooms, contained hidden microphones and security flaws that allowed it to be turned into a secret listening device[1].
Working with another hacker known as “Nyx,” Vasquez-Garcia found the device could be hacked by exploiting weak password controls and firmware update vulnerabilities. Once compromised, attackers could use it to eavesdrop on conversations in real-time, disable its detection capabilities, create fake alerts, or play audio through its speaker[1:1].
The researchers revealed these findings at the 2025 Defcon hacker conference, demonstrating how any hacker on the same network could hijack a Halo 3C by brute-forcing passwords at 3,000 attempts per minute. The device’s firmware could also be modified since its encryption key was publicly available in updates on the manufacturer’s website[1:2].
Motorola, which owns the Halo 3C’s manufacturer IPVideo Corporation, said it developed a firmware update to address the security flaws. However, the researchers argue this doesn’t solve the fundamental privacy concern of having microphone-equipped devices installed in sensitive locations like school bathrooms and public housing[1:3].
It’s apparently a vape and bullying detector. So ostensibly the mics are used for the bullying part. But it does make you wonder the vape detection actually works by just listening for “can I get a hit”