LAS VEGAS, NV – – A popular IoT “smart sensor” marketed to schools and other institutions as a privacy-protecting vape detector can be remotely hacked and turned into a covert audio surveillance, according to new research presented at the DEF CON 33 security conference. The device, the HALO Smart Sensor, is widely deployed in sensitive areas like school bathrooms and locker rooms under the assurance that it does not record audio.
In a presentation titled “Unmasking the Snitch Puck”: https://hackertracker.app/event/?conf=DEFCON33&event=60990, researchers Reynaldo Vasquez-Garcia and Nyx demonstrated how they discovered critical security flaws in the HALO sensor.
As detailed in WIRED (https://www.wired.com/story/school-bathroom-vape-detector-audio-bug/), the researchers exploited vulnerabilities that allowed them to bypass the device’s login protections and install their own malicious firmware. This gave them complete control over the device, including the ability to access its internal microphones and stream live audio to a remote computer, effectively weaponizing a safety device into a tool for eavesdropping.
The findings directly contradict the core marketing promise of the HALO sensor, which is sold as a security solution for “privacy areas” where cameras and microphones are prohibited. The manufacturer has repeatedly assured customers that the device performs “audio analysis only” and does not record or stream conversations. While the device is not intended to record, the research proves its microphones are “always listening” to detect keywords or sounds of aggression, demonstrating that the device’s software-based privacy protections are fragile and susceptible to complete overrider.
“This research exposes a critical privacy paradox,” said Jordan Park, a cybersecurity analyst at The Privacy Accountability Network. “A device sold on the promise of protecting privacy in the most sensitive locations becomes the very tool that can violate it. The issue isn’t just a single bug; it’s an architectural failure that places thousands of students, patients, and employees at risk of being monitored without their knowledge or consent.”
The HALO Smart Sensor is a product of IPVideo Corporation, a subsidiary of Motorola Solutions, and is used in thousands of schools and organizations worldwide. The vulnerabilities affect HALO 3C, 2, and 2C models.
In response to the researchers’ findings, Motorola Solutions issued a security advisory on August 4, 2025, classifying the vulnerabilities as “critical” and released a firmware patch. However, while devices connected to the company’s cloud service were updated automatically, devices operating in a standalone mode require a manual update by IT administrators, leaving a potential window of vulnerability for any unpatched systems.
The researchers said their goal was to highlight the broader risks of the ed-tech surveillance industry, questioning the rapid deployment of network-connected sensors in private spaces without rigorous, independent security review.
About : The Privacy Accountability Network is a non-profit advocacy group dedicated to promoting digital privacy and security. Through independent research and public education, we aim to hold technology manufacturers accountable and empower consumers to make informed decisions about the technology they use.