If yet another cybersecurity expert wanted to warn the general public about the risks associated with the Internet of Things (IoT), it is likely the warning would go in one ear and out the other. But when a sixth-grader hacks an audience of security experts and “weaponizes” his smart teddy bear, it might just snag the attention of parents who have disregarded warnings about the dangers and bought internet-connected toys for their kids anyway.
At the International One Conference in the Netherlands on Tuesday, 11-year-old Reuben Paul set out to ensure that “the Internet of Things does not end up becoming the Internet of Threats.” Judging by security experts’ awed reactions on Twitter, Paul made a lasting impression.
+ Also on Network World: How to wake the enterprise from IoT security nightmares +
“From airplanes to automobiles, from smart phones to smart homes, anything or any toy can be part of the Internet of Things (IoT),” Paul said during his keynote, Mutually Symb-IoT-ic Security. On stage at the World Forum in The Hague, he added, “From terminators to teddy bears, anything or any toy can be weaponized.”
He then used his smart teddy bear, Bob, to prove his point. Paul plugged a Raspberry Pi into the bear, which is connected to the cloud via Wi-Fi and Bluetooth, to send and receive messages. He scanned for Bluetooth devices. AFP reported that “to everyone’s amazement, including his own,” he “suddenly downloaded dozens of numbers including some of top officials.”
Using Python, he “hacked into this bear via one of the numbers to turn on one of its (LED) lights and record a message from the audience.”
Live demos are great when they work as intended, but it surely is nerve-wracking for the speaker.
— Reuben Paul (@RAPst4r) May 16, 2017
Young Paul, aka @RAPst4r, tweeted that his…