It looks like a school bathroom smoke detector. A teenager hacker shows this could be an audio error
several years ago, a curious, then-16-year-old hacker named Reynaldo Vasquez-Garcia was on his laptop at his Portland-area high school, seeing what computer systems he could connect to via the Wi-Fi—”using the school network as a lab,” as he puts it—when he spotted a handful of mysterious devices with the identifier “IPVideo Corporation.”
After a closer look and some Google searches, Garcia figured out that a company named was a subsidiary of Motorola, and the device he found in his school seemed to be called the Halo 3C, which is the Halo 3C, a “smart” smoke and vape detection gadget. “They look like smoke detectors, but they have many features like sensors and stuff,” Garcia said.
As he read more, he learned with interest that Halo 3C is not just about discovering smoke and smoke, but especially about identifying unique features of smoke. It also has a microphone to listen to “aggression,” gunfire, and keywords calling for help, a feature that Vasquez-Garcia immediately draws attention to more invasive surveillance.
Now, after months of reverse engineering and security testing, Vasquez-Garcia and a hacker worked with him who he worked with to use the pseudonym “NYX”, which suggests that it is possible to attack one of those Halo 3C gadgets, they called it through the nickname “Snitch puck” and had full control over it.
Reynaldo Vasquez-Garcia and NYX will be held on August 8, 2025 in Las Vegas, Nevada.Photo: Ronda Churchill
At today’s Defcon Hacker conference, their plans show that by exploiting some relatively simple security vulnerabilities, any hacker on the same network could have hijacked the Halo 3C to turn it into a real-time audio eavesdropping error, undermining its detection capabilities, creating false alarms for steam or driving rituals or listeners, and even playing any device to prevent them from using any device. Motorola said it has since developed firmware updates to address these security flaws that will automatically push to cloud-connected devices by Friday.
Many hacker tips are shown in the video demonstration below, which Vasquez-Garcia and NYX did before their Defcon demonstration:
