11-year-old boy hacks into ex­perts’ de­vices to ma­nip­u­late a teddy bear

New Straits Times - - World -


AN 11-year-old “cy­bern­inja” stunned an au­di­ence of se­cu­rity ex­perts on Tues­day by hack­ing into their Blue­tooth de­vices to ma­nip­u­late a teddy bear to show how in­ter­con­nected smart toys “can be weaponised”.

Amer­i­can wun­derkind Reuben Paul may be still in sixth grade at his school in Austin, Texas, but he and his teddy bear, Bob, wowed hun­dreds at a cy­berse­cu­rity con­fer­ence in The Netherlands.

“From air­planes to au­to­mo­biles, from smart­phones to smart homes, any­thing or any toy can be part of the In­ter­net of Things (IOT),” he said, a small fig­ure pac­ing the huge stage at the World Fo­rum here.

“From ter­mi­na­tors to teddy bears, any­thing or any toy can be weaponised.”

To demon­strate, Reuben de­ployed his bear, which con­nects to the iCloud via Wi-Fi and Blue­tooth smart tech­nol­ogy to re­ceive and trans­mit mes­sages.

Plug­ging into his lap­top a rogue de­vice known as a “rasp­berry pi”, a small credit-card size com­puter, he scanned the hall for avail­able Blue­tooth de­vices and, to ev­ery­one’s amaze­ment, sud­denly down­loaded dozens of num­bers in­clud­ing some of top of­fi­cials.

Then, us­ing a com­puter language pro­gramme called Python, he hacked into his bear via one of the num­bers to turn on one of its lights and record a mes­sage from the au­di­ence.

Reuben said: “Most In­ter­net­con­nected ob­jects have Blue­tooth func­tion­al­ity. I showed how I could con­nect to it and send com­mands to it by record­ing au­dio and play­ing the light.

“IOT home ap­pli­ances, things that can be used in our ev­ery­day lives, our cars and re­frig­er­a­tors, can be used and weaponised to spy on us or harm us.

“They can be used to steal pri­vate in­for­ma­tion such as pass­words, as re­mote sur­veil­lance to spy on kids or em­ploy a GPS to find out where a per­son is.”

He said more chill­ingly, a toy could say “meet me at this lo­ca­tion and I will pick you up”.

His fa­ther, in­for­ma­tion tech­nol­ogy ex­pert Mano Paul, said at the age of 6, Reuben had re­vealed his early IT skills by cor­rect­ing him dur­ing a busi­ness call.

Us­ing a sim­ple ex­pla­na­tion from his fa­ther on how a smart­phone game worked, Reuben fig­ured out it was the same al­go­rithm be­hind the pop­u­lar video game An­gry Birds.

“He has al­ways sur­prised us. When­ever we teach him some­thing, he’s usu­ally the one who ends up teach­ing us,” Mano said.

He said he was “shocked” by the vul­ner­a­bil­i­ties dis­cov­ered in kid toys af­ter Reuben first hacked a toy car, be­fore mov­ing onto more com­pli­cated things.

“It means that my kids are play­ing with time bombs, that over time some­body who is bad or ma­li­cious can ex­ploit.” AFP

Reuben Paul giv­ing a talk at a cy­berse­cu­rity con­fer­ence in The Hague, The Netherlands, on Tues­day.

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.