Sign up to our newsletter
There is a huge shortage of skilled professionals in cybersecurity, an industry that is crying out for new talent. These five child geniuses could be the future of the field, assuming of course they choose good over evil and ‘white hats’ over black.
Most nine-year-old boys spend their time playing with dinosaurs, toy cars or a ball of some variety. But not Reuben Paul – he’s already a renowned ethical hacker and CEO.
Reuben, of Harmony School of Science in Austin, Texas, came to the media’s attention last year when he demonstrated how hackers could potentially steal contacts, call logs and messages from an Android smartphone, and all within just 15 minutes.
During a B-Sides security conference, Reuben demonstrated the attack and said that Android users need to be careful over what apps they download.
“If a child can do it then a regular hacker can do it … so I just want everybody to be aware [and to] be more careful when you download games and stuff like that,” he told Fox News at the time.
If that wasn’t enough, Reuben is also acting as CEO of Prudent Games, which attempts to teach people about security threats through a number of educational apps.
Earlier this year, British girl Betsy Davies caused a storm when she showed just how insecure open Wi-Fi is, and all at just the age of seven.
In an experiment carried out by Channel 5 News and supported by virtual private network (VPN) provider Hidemyass.com, Betsy hacked the open Wi-Fi to steal the traffic of a volunteering member of the public.
In the demonstration, Betsy began by searching and then watching a freely available video tutorial on YouTube on how to hack a network. The schoolgirl then set up a Rogue Access Point, often used by hackers to carry out a Man-in-the-Middle (MiTM) attack on overly trusting web surfers, to watch or ‘sniff’ web traffic.
Effectively sitting between the legitimate Wi-Fi network and the customer’s laptop, the London schoolgirl was able to compromise the public network in little less than 11 minutes.
Kristoffer Von Hassel
It is conceivable that the average five-year-old might be able to play the odd Microsoft Xbox Game, or even know their way around the gaming operating system. But a five-year-old who can also find a security vulnerability within the system is something of a rarity.
That was the case with Kristoffer Von Hassel, who sneakily managed to bypass the Xbox Live authentication screen in order to play games he was not supposed to.
As BBC News and others reported at the time, the youngster didn’t steal any passwords. Instead, when faced with a password verification screen, he simply tapped the spacebar a few times and hit enter to get into his father’s account. This allowed him to access games and everything else on the Xbox, including non-age-restricted content on YouTube.
His father, Robert Davies, reported the bug to Microsoft who promptly fixed it, and rewarded Kristoffer with $50, a year’s subscription to Xbox Live and four games.
Some have insisted that the five-year-old, said to be the world’s youngest hacker and now with his own Wikipedia page, didn’t do this alone. However, it might just be that the son is like his father – Mr Davies is a security engineer at San Diego-based ServiceNow, an enterprise IT cloud services company.
Mr Davies has since said that his son mastered a number of other hacks by the age of five, including how to bypass smartphone screen locks.
A fifth grader launched a series of Denial-of-Service (DoS), spoofing and web defacement attacks against Canadian and other government websites during the Quebec student protests in 2012, even passing stolen data from the breaches onto Anonymous in exchange for video games.
The unnamed boy from Montreal, who was 12-years-old at the time, later pleaded guilty to three separate incidents that shut down a number of government sites, including that of the Quebec Institute of Public Health and the Chilean government.
Some sites were out of service for as long as two days, and local authorities estimated that the child, who had apparently been hacking since the age of nine, caused $60,000 in damages.
Almost three years ago, a 10-year-old security researcher, going by the pseudonym ‘CyFi’, came to prominence by revealing a zero-day exploit in games on iOS and Android.
The California-based schoolgirl found the flaw in January 2011, after she “started to get bored” with the pace of farm-style games and, after disclosing it at DEF CON 19, she later told CNET:
“It was hard to make progress in the game because it took so long for things to grow. So I thought, ‘Why don’t I just change the time?'”
Most of the games she discovered the exploit in have time-dependent factors. For example, planting corn might take 10 real-life hours to mature in the game. Manually advancing the phone or tablet’s clock forced the game further ahead than it actually was, opening up the exploit.
CyFi said that while many games look to detect and block this manipulation, there are still ways around it – like disconnecting the phone from Wi-Fi and making incremental clock adjustments.
There may, however, be a queue of job offers in future for CyFi, whose real identity is being protected. At 10 years of age, she was already an accomplished artist having performed an improvised, 10-minute speech in front of 1,000 people at the San Francisco Museum of Modern Art. She was also a Girl Scout and a state-ranked downhill skier.
This article was updated on August 12th.
Author Karl Thomas, ESET