The security concerns surrounding the Internet of Things (IoT) took another turn at the World Forum at The Hague in the Netherlands on Tuesday, as an 11-year-old boy stunned an audience of cybersecurity experts by hacking their Bluetooth devices.
Reuben Paul, who lives in Austin, Texas, and who first made his name as a 9-year-old, aimed to show those gathered at the event that connected toys can be used for malicious purposes.
Paul, who already looks destined for a career in cybersecurity, reportedly told experts: “From airplanes to automobiles, from smartphones to smart homes, anything or any toy can be part of IoT.
“From terminators to teddy bears, anything or any toy can be weaponized.”
The youngster followed up those alarming words of warning by deploying a cuddly bear capable of connecting to the cloud through Wi-Fi and Bluetooth as a means of receiving and transmitting messages.
Then, by plugging in a device known as ‘Raspberry Pi’, a computer no bigger than a credit card in size, he was able to scan the hall for available Bluetooth devices and then download confidential and sensitive information, including phone numbers and contacts.
Through the use of a computer language known as Python, he was then able to hack into his bear using one of the stolen numbers and turn on one of its lights and record a message from the audience.
Concerns surrounding connected toys have been highlighted before, particularly around the CloudPet, which was sold in the US and connects to the internet to record, send and receive voice messages.
The product was part of a system containing two million recorded messages, many of them highly personal, which were exposed for an extended period of time to anyone with even the most basic skills.