The U.S. Department of Defense expressed interest in the hacking talents of Reuben Paul, a 12-year-old who can tell us a lot about the state of cybersecurity.
IoT devices like smartphones can be compromised and used to access other secure systems. What’s more, this extends to webcams, “nanny cams”, and even smart fridges.
Reuben Paul, a 12-year-old student from Austin, Texas, recently surprised cybersecurity experts. Paul’s main exploit involved cheap, readily available tech, and simple tactics.
Reuben used a Raspberry Pi and Bluetooth devices to show how easy it is to gain personal information from IoT devices.
After gaining information like phone numbers, Paul took things one step further. He hacked a bear with a camera in it using only Python and a phone number.
So what does this cybersecurity wunderkind advise regarding IoT security?
IoT Threats: Bluetooth Concerns and More
Paul first made waves as an 11-year-old at DoDIIS Worldwide Conference in 2017. In the video above, he demonstrates how to “hack” a teddy bear with a camera in it.
Paul hacks into Bob, the bear of breaches, using his Raspberry Pi. He warns that any IoT device including home appliances poses a risk. The main issue is the Bluetooth technology.
“Most internet-connected things have a Bluetooth functionality . . . I basically showed how I could connect to it, and send commands to it, by recording audio and playing the light”, Paul told The Guardian.
He also expressed his concern over potential hackers manipulating children using vulnerable toys. As disconcerting as this notion is, Paul’s ability to find, understand, and interpret risks is just as impressive.
In the video above, Paul elaborates that, at age 6, he first became interested in cybersecurity. His dad taught him some basics like hacking phones and IoT devices.
Paul saw that these topics needed to be made digestible for your average IoT device user. So he founded CyberShaolin in 2015 to serve that precise goal.
The video above uses a short format and animation to convey information about cybersecurity. CyberShaolin intends to make all of this information digestible for people regardless of age or training.
But Paul also acts as CEO of Prudent Games which he also founded in 2015.
All of these accomplishments come as a result of his impressive skills with hacking.
This kid can crack any of your passwords, and he's only 12! pic.twitter.com/CzQpsnKpGF
— CNET (@CNET) April 19, 2018
Watch Reuben Paul in Action
Once you get over your cybersecurity fears, this story is quite heartwarming. This is where Paul debuted his “hacking into an IoT teddy bear” skills.
Paul calls himself the “cyber ninja”, but he also practices Shaolin kung fu. He wants to work for the NSA or the FBI someday.
That’s why he expresses such concern about IoT devices. In an interview with CBS, he remarked that: “Bluetooth is going into new autonomous cars, autonomous drones . . . It’s going into medical devices.” Paul wants to do what he can to prevent breaches and abuses.
But the U.S. is not the only one to notice the young man’s talents. The government of the Netherlands extended offers to him, as well. Paul jokes in the above video:
“I want to get done with 6th grade first before I start thinking about jobs.”
However, Paul raises valid and necessary concerns over IoT privacy. Of course, threats don’t always come in the form of malicious hackers. Citizen data privacy regarding corporations can be just as tumultuous and vulnerable.