An 11-year-old boy has stunned a cybersecurity conference in the Netherlands by hacking the audience’s phones to weaponize a teddy bear in a terrifying display of the inherent weaknesses in the Internet of Things (IoT).
Reuben Paul gave the opening keynote speech, entitled ‘Symb-IoT-ic security’ at the #NLCyber conference in the The Hague on May 16.
“From airplanes to automobiles, from smartphones to smart homes, anything or any toy can be part of the ‘Internet of Things (IOT),” Paul told the crowd, as cited by AFP.
“From terminators to teddy bears, anything or any toy can be weaponized.”
It was fun but I hope people did not miss the message – Secure IoT before the Internet of Toys becomes the Internet of Threats 🙂 https://t.co/m09QFli4tp
— Reuben Paul (@RAPst4r) May 16, 2017
In a chilling demonstration, Paul used a credit card-sized device known as a Raspberry Pi to scan the auditorium for Bluetooth enabled devices. Within seconds, he was able to download dozens of cell phone numbers, one of which he then used to hack his teddy bear, Bob.
Bob is a member of the current generation of smart toys which can connect to the cloud and the Internet of Things (IoT) via wifi and bluetooth smart technology to send and receive messages.
Using the Python programming language, Paul was able to switch the bear’s lights on and off and, more importantly, record a message from a member of the audience.
Any and all Bluetooth-enabled devices connected to the cloud and the IoT can allegedly be hacked in a similar manner, enabling unscrupulous hackers to engage in remote surveillance, steal passwords and geolocate people.
“Most internet-connected things have a Bluetooth functionality … I basically showed how I could connect to it, and send commands to it, by recording audio and playing the light,” Paul told AFP.
“IOT home appliances, things that can be used in our everyday lives, our cars, lights, refrigerators, everything like this that is connected can be used and weaponized to spy on us or harm us,” he added.
Reuben’s father Mano told AFP: “It means that my kids are playing with timebombs, that over time somebody who is bad or malicious can exploit.”
When asked about the ethics of hacking, Reuben was quick to respond that such skills can be used for good.
His presentation drew the attention of tech industry insiders, including high praise from Microsoft Regional Director and MVP for Developer Security Troy Hunt.
He was even offered a job with the Cyber Crimes Unit of the Dutch Police.
Reuben is one of the founders and the current CEO of Prudent Games, a company which aims to educate and inform children about cybersecurity and technology through gaming.
He also established the non-profit organization CyberShaolin“to educate and equip the current and next generation with cybersecurity and technology knowledge and skills, empowering them to create a safe and secure cyber world.”
Reuben has been a keynote speaker at least 10 times at various cyber security conferences around the world and plans to further develop his already impressive skillset at either CalTech or MIT universities once he finishes his studies at The Harmony School of Science in Austin, Texas.
In addition to his business and technology credentials, Reuben is a multi-instrumentalist, an award-winning gymnast and was the youngest person ever awarded a black belt in Shaolin Do Kung Fu in the United States at age seven.