Unmasking the Snitch Puck: IoT surveillance tech in the school bathroom

Name: Unmasking the Snitch Puck: IoT surveillance tech in the school bathroom
Description: Two researchers — one a recent high school graduate, one an experienced hardware hacker — conducted a comprehensive teardown and security audit of the Halo 3C, an IoT surveillance device manufactured

Reynaldo, nyx

DEF CON 33 · Day 2 · Main Stage

Two researchers — one a recent high school graduate, one an experienced hardware hacker — conducted a comprehensive teardown and security audit of the Halo 3C, an IoT surveillance device manufactured

AI review

Thorough hardware-to-cloud audit of the Halo 3C school bathroom surveillance device, finding rate limiting bypassed via cookie omission, unsigned firmware with the AES key in the header, root code execution via the firmware update 'extra' hook, and a cloud backdoor providing Motorola Solutions permanent admin-equivalent access to every deployed unit. Strong research, important privacy implications, and the origin story is excellent.

Watch on YouTube