Weaponising a teddy bear

At primary school, I loved my Tamagotchi: it moved, it beeped, it was almost like I could talk to it! Nowadays, kids can actually have conversations with their toys, and some toys are IoT devices, capable of accessing online services or of interacting with people via the Internet. And so to one of this week’s news stories: using a Raspberry Pi, an eleven-year-old has demonstrated how to weaponise a teddy bear. This has garnered lots of attention, because he did it at a cybersecurity conference in The Hague, and he used the Bluetooth devices of the assembled experts to do it.

Reuben Paul, from Texas, used a Raspberry Pi together with his laptop to download the numbers of audience members’ smartphones. He then proceeded to use a Python program to manipulate his bear, Bob, using one of the numbers he’d accessed, making him blink one of his lights and record an audio message from the audience.

Reuben has quite of bit of digital making experience, and he’s very concerned about the safety risks of IoT devices. “IoT home appliances, things that can be used in our everyday lives, our cars, lights, refrigerators, everything like this that is connected can be used and weaponised to spy on us or harm us,” he told AFP.

Apparently even his father, software security expert Mano Paul, was unaware of just how unsafe IoT toys can be until Reuben “shocked” him by hacking a toy car.

Reuben is using his computer skills for good: he has already founded an organisation to educate children and adults about cybersecurity. Considering that he is also the youngest Shaolin Kung Fu black belt in the US and reportedly has excellent gymnastics skills, I’m getting serious superhero vibes from this kid!

http://i3.kym-cdn.com/photos/images/original/000/345/632/f54.gif

And to think that the toys that were around when I was Reuben’s age could be used for nothing more devious than distracting me from class…

6 comments

Gene avatar

Ha! I have to bow to the awesomeness of this kid!
And he uses Raspberry Pi too, so extra points.
Remember his name because he will be famous soon.

Let me see what was I doing at his age… putting whoopie cushions under the seats of all my buddies if I recall. ;-)

joat avatar

Not to steal thunder but following is from 2004/2005:

https://www.renderlab.net/projects/teddy-net/

I agree that Reuben gets points for using a RPi.

Enum avatar

Good to see more kids getting ahead of technology!

Roger Smith avatar

Be even better to see some adults stop producing dumb exploitable designs.
About time they starting thinking about security first, instead of how fast can we get this out the door and make some bucks before anyone discovers how insecure this is.
Roger

Laurence avatar

An eleven-year-old using a teddy bear to hack into someone’s phone? Wow. The younger generation are the future of this planet, and it’s great to see that they are already doing amazing things like this.

Graham Johnston avatar

Can anyone recommend a good source for more info about this? I’d like to know more about what’s involved and how to test the security of my own devices. Thanks!

Comments are closed