Smart Teddy Bear Weaponized by 11-Year Old Prodigy

An 11-year old prodigy using a Raspberry Pi and a laptop stunned the audience at the Netherlands cyber safety conference in Hague by remotely hacking audience members’ Bluetooth devices, downloading phone numbers, and using them to remotely dial into a smart teddy bear.

With a smart device communicating via Bluetooth or Wi-Fi, young researcher Reuben Paul demonstrated how easily someone can hack and remotely control them with basic programing skills. Emphasizing that any such devices can be weaponized against their owners, the sixth-grader pointed out that, although his smart teddy bear may look harmless, the toy could be programmed to say “meet me at this location and I will pick you up.”

“From airplanes to automobiles, from smart phones to smart homes, anything or any toy can be part of the” Internet of Things (IOT),” said Reuben. “From terminators to teddy bears, anything or any toy can be weaponized.”

As IoT devices become ubiquitous, Paul believes they can be used to spy on people and kids, steal personal and private information, or track victims by enabling their GPS systems.

Paul’s father, Mano Paul, said this is not the first time Reuben hacked a smart toy; he started with a toy car before moving to more complicated things. Mano said it all started with him explain to Reuben how a smart phone game works. After that, Reuben figured out by himself that Angry Birds was using the same kind of algorithm.

“He has always surprised us. Every moment when we teach him something he’s usually the one who ends up teaching us,” said Mano. “It means that my kids are playing with timebombs, that over time somebody who is bad or malicious can exploit.”

Reuben’s ambitious plans involve harnessing his skills for good, but only after attending CalTech or MIT to beef up his cyber security skills. His current focus is to spread the message that collaboration between law enforcement, IoT vendors, and security researchers is vital for having secure smart devices.

Add Comment

Your email address will not be published. Required fields are marked *