An 11-year-old “cyber ninja” stunned an audience of security experts today by hacking into their bluetooth devices to manipulate a teddy bear and show how interconnected smart toys “can be weaponised”. American wunderkind Reuben Paul, may be still only in 6th grade at his school in Austin, Texas, but he and his teddy bear Bob wowed hundreds at a timely cyber security conference in The Netherlands.
“From airplanes to automobiles, from smart phones to smart homes, anything or any toy can be part of the” Internet of Things (IOT),” he said, a small figure pacing the huge stage at the World Forum in The Hague. “From terminators to teddy bears, anything or any toy can be weaponised.”
To demonstrate, he deployed his cuddly bear, which connects to the icloud via wifi and bluetooth smart technology to receive and transmit messages. Plugging into his laptop a rogue device known as a “raspberry pi” — a small credit card size computer — Reuben scanned the hall for available bluetooth devices, and to everyone’s amazement including his own suddenly downloaded dozens of numbers including some of top officials.
Then using a computer language programme, called Python, he hacked into his bear via one of the numbers to turn on one of its lights and record a message from the audience. “Most internet-connected things have a blue-tooth functionality … I basically showed how I could connect to it, and send commands to it, by recording audio and playing the light,” he told AFP later.
“IOT home appliances, things that can be used in our everyday lives, our cars, lights refrigerators, everything like this that is connected can be used and weaponised to spy on us or harm us.”They can be used to steal private information such as passwords, as remote surveillance to spy on kids, or employ a GPS to find out where a person is. More chillingly, a toy could say “meet me at this location and I will pick you up,” Reuben said.