The handful of us have moved onto Crystal Lang. It’s a statically type checked and compiled dialect of Ruby. Crystal is fun to write code, but the compiler is slower (compared to go-lang/rust)… because… well it’s a ruby dialect (with DSL’s)… and the 3rd party libraries are limited.

Thank you for finding that.

I got lucky, I bought a quest around July/August and needed to do the mandatory/initial OS install.

I ended up with v78 (August 3, 2025) release.

I didn’t realize there was a WiP announced in July 2025.

… makes the latest headset with a rather recent update (but NOT the very last ones, so be cautious!) rootable.

Any ideas which version(s) are susceptible? I couldn’t find it mentioned.

Actually, those steps are the ones necessary to recover from a hard brick (re: the device is unusable because you did something you shouldn’t have as root).

The actual process to root the device is simply running a few adb commands (so a prereq is having Developer Mode enabled).

Once you have ran the exploit, your root escalation is temporary until the device is rebooted or you take additional steps to persists your root privileges (thus, potentially leading you towards a hard brick).

source: The docs

How do you think this technology would be abused?

If the device included full audio and video surveillance - I’d totally agree. However, the device does not include video (and it would be a real hard sell to include that).

If all parties are aware that monitoring will occur (maybe include a sign in the door), I’d argue that minors are aware of what this means.

Perhaps, it would mean that students “finish up” faster, rather than loitering and vaping (or bullying, etc)… and if that’s the case, I guess the device has fulfilled it’s purpose.

The article did mention how a hacked device could be used to “play sounds” or trigger false calls for “help”, or gunshots. But I’d argue this would be the modern day equivalent of falsely pulling the fire alarm.

An interesting article and tbh, I’d actually support the device (… and I’m usually very privacy focused).

According to the article the purpose of the microphone is to listen for certain keywords (ie: “help”, “call 911”, gunshots, etc) and to detect when people are vaping, etc.

I mean, I would never install one in my home, due to privacy and security concerns. But if you’re in a public place, like a school such features make sense.

If you’re being bullied or need help, having a facility member “hanging out” in the schools public bathroom would be weird, creepy, and more of an invasion of privacy than a mic in a smoke detector.

That said, students and facility should be aware of what this device is doing and why. However, this article does a very good job of summarizing that.

Yes, the devices security is rubbish, but was patched. It’s not the first IoT device to do that and it won’t be the last (unfortunately).

Thanks for sharing the article OP.