An 11-year-old “cyber ninja” stunned an audience of security experts on Tuesday by hacking into a teddy bear via bluetooth to show how interconnected smart toys “can be weaponised”.
American wunderkid Reuben Paul may be still only in 5th grade at his school in Austin, Texas, but he and his teddy bear Bob wowed hundreds at a timely cyber security conference in The Netherlands.
“From airplanes to automobiles, from smart phones to smart homes, anything or any toy can be part of the” Internet of Things (IOT),” he said. “From terminators to teddy bears, anything or any toy can be weaponised.” To demonstrate, he deployed his cuddly bear, which connects to the icloud via wifi and bluetooth smart technology to receive and transmit messages. Plugging into his laptop a rogue device known as a “raspberry pi” — a small credit card size computer — Reuben scanned the hall for available bluetooth devices, and to everyone’s amazement including his own, suddenly downloaded dozens of numbers including some of top officials.
Then using a computer language programme, called Python, he hacked into his bear via its bluetooth address to turn on one of its lights and record a message from the audience.
“Most internet-connected things have a bluetooth functionality ... I basically showed how I could connect to it, and send commands to it, by recording audio and playing the light,” he said.
“IOT home appliances, things that can be used in our everyday lives, our cars, lights, refrigerators, everything like this that is connected can be used and weaponised to spy on us or harm us.” They can be used to steal private information such as passwords, as remote surveillance to spy on kids, or employ a GPS to find out where a person is.
More chillingly, a toy could say “meet me at this location and I will pick you up,” Reuben said. His father, information technology expert Mano Paul, told how aged about six Reuben had revealed his early IT skills, correcting him during a business call.