Teddy Bear
11-year-old boy hacks teddy bear to show IoT devices' vulnerability iStock

Top infosec experts attending a cybersecurity conference were stunned by an 11-year-old, who hacked a robotic teddy bear to show how IoT (Internet of Things) devices, including toys can be weaponised.

Reuben Paul enthralled the crowded attendees at the World Forum in The Hague recently and has since been praised for his skills by numerous security experts who took to Twitter to give the young "cyber ninja" a virtual pat on the back.

"From terminators to teddy bears, anything or any toy can be weaponised ," Reuben told the captivated crowd of hundreds, The Guardian reported. "IOT home appliances, things that can be used in our everyday lives, our cars, lights, refrigerators, everything like this that is connected can be used and weaponised to spy on us or harm us."

It is important to note that the term weaponised here may not necessarily mean that IoT devices can be customised like drones to carry bombs and other actual weapons. Instead, the term refers to cyber-weaponisation; how IoT devices can be hacked and controlled to then become spyware in the hands of attackers.

As part of his live demonstration, Reuben hacked into the attendees' Bluetooth devices by scanning the conference hall with his Raspberry Pi. He then hacked into his internet connected teddy bear using the programming language Python.

"Most internet-connected things have a Bluetooth functionality ... I basically showed how I could connect to it, and send commands to it, by recording audio and playing the light," he told AFP, explaining his demonstration.

Reuben's father, Mano Paul, an IT expert, said that Reuben's cyber skills emerged fairly early on and that at the tender age of six, he began exploring how software systems worked. "He has always surprised us. Every moment when we teach him something he's usually the one who ends up teaching us," Mano Paul told AFP.

Paul said he had been shocked to discover how vulnerable smart toys were when Reuben hacked his first toy car. "It means that my kids are playing with timebombs, that over time somebody who is bad or malicious can exploit," Paul said.

Reuben, who is also reportedly the youngest American to become a Shaolin Kung Fu black belt, along with his family, has set up a non-profit organisation called CyberShaolin that is aimed at spreading awareness about "the dangers of cyber-insecurity".

Since his talk, Reuben has been showered with congratulatory messages on Twitter from various experts in the infosec community, who praised him for his work.