This 11-Year-Old Boy Hacked Cybersecurity Audience To Show How Toys Can Be Turned Into Weapons.
An audience of security experts attending a cybersecurity conference at the World Forum in The Hague (The Netherlands) on Tuesday were shocked when a demonstration done by an 11-year-old “cyber ninja” showed the dismal cyber security standards that are prevailing in technology. He hacked into the Bluetooth devices to manipulate a teddy bear and show how interconnected smart toys “can be weaponised”.
The wonder kid in question is American Reuben Paul, a cyber security expert and white hat hacker who’s currently studying in the sixth standard of a school in Austin, Texas.
“From airplanes to automobiles, from smart phones to smart homes, anything or any toy can be part of the” Internet of Things (IOT),” Reuben told the crowd. “From terminators to teddy bears, anything or any toy can be weaponised.”
As part of his live demonstration and to prove his point, Reuben deployed his cuddly looking teddy bear ‘Bob’, which connects to the iCloud via Wi-Fi and Bluetooth smart technology to receive and transmit messages.
He then plugged a “Raspberry Pi” – a tiny and low cost computer – into his laptop on stage and started scanning the hall for available Bluetooth devices. To the astonishment of everyone in the hall, Reuben was able to download dozens of numbers including some of top officials.
Then, using Python, he went on to hack into his Internet-connected teddy bear via one of the numbers and turned on Bob’s lights and transferred a recorded message from the audience through to the bear.
“Most internet-connected things have a blue-tooth functionality … I basically showed how I could connect to it, and send commands to it, by recording audio and playing the light,” he told AFP explaining his demonstration.
“IOT home appliances, things that can be used in our everyday lives, our cars, lights refrigerators, everything like this that is connected can be used and weaponised to spy on us or harm us.”
For instance, they could be used to steal private information such as passwords, as remote surveillance devices to spy on kids, or to locate a person using GPS. More terrifyingly, toys could even be programmed to say “meet me at this location and I will pick you up,” Reuben said.
Besides being a cyber-ninja, Reuben is also the youngest American to earn a black belt in Shaolin Kung Fu. With the help from his family, Reuben has set up a non-profit organisation called CyberShaolin whose purpose is to spread awareness about “the dangers of cyber-insecurity”.
Since his talk, Reuben has been receiving congratulatory messages on Twitter from various experts in the infosec community applauding his work.
Reuben’s father, Mano Paul, an IT expert, said that his kid’s cyber skills emerged at the age of six, when he began exploring how software systems worked.
“He has always surprised us. Every moment when we teach him something he’s usually the one who ends up teaching us,” he told the AFP.
Reuben hopes to study cyber-security at either CalTech or MIT universities.