A lotta vapes are reportedly chock full of lead, so kids probably shouldn’t be puffing clouds in the bathroom stall, but was there any reason to design the most exploitable version of a product to alert school administrators about it?
The manufacturer was happy to expand to Section 8 (USA, subsidized) housing in spite of script kiddies, rogue employees, or legit employees working under new guidelines being able to root into the Motorola Halo 3C and use its fully-functioning microphones to invade privacy.
The frog is boiling slowly: pay more for your car insurance when your insurer buys your driving data today; risk your home insurance when you don’t install this “fire prevention” spyware tomorrow.
DEF CON 33 - Unmasking the Snitch Puck: IoT surveillance tech in the school bathroom - Reynaldo, nyx: YouTube
83,126 views, Oct 10, 2025
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 113 users / day
- 519 users / week
- 1.44K users / month
- 4.49K users / 6 months
- 1 subscriber
- 4.32K Posts
- 109K Comments
- Modlog
The minute the Pi4 compute module showed up, the jig was up.
For the secure boot scheme to be really secure, you have to generate a unique key for each device. Most vendors don’t bother because it means each firmware update has to be signed and encrypted for each unique device. This also means you have to have the infrastructure for device attestation. You can’t just stick an update file on a public S3 bucket or FTP site like the good old days.
Some end up reusing the same product key, so if it’s compromised, all devices in that family can be hacked. But even that’s too much for some vendors.
Instead, they just wing it, and go back to the bad old habits (no encryption, or symmetric keys embedded in firmware) that get them featured in DefCon presentations.