DoDIIS 2017- Teddy Bear Hacking with 11/ yo Cyber Prodigy Reuben Paul

00:00

are you ready to weaponize a teddy bear

00:04

secure ninja hi everyone I'm Alicia web

00:09

secret ninja TV was recently in st.

00:11

Louis for the Defense Intelligence

00:13

Agency's dota s-- worldwide conference

00:15

and not surprisingly the focus of this

00:17

year's event was cybersecurity the

00:20

conference was hosted by DI a's chief

00:21

information officer janice Glover Jones

00:23

in her opening remarks she brought on

00:25

the stage eleven-year-old Reuben Paul

00:27

who was able to hack a stuffed teddy

00:29

bear

00:29

to turn it into an eavesdropping device

00:31

now let's take a look at the

00:32

presentation and if you're anything like

00:34

us you're really going to enjoy this it

00:37

is imperative that we shed our

00:38

preconceived notions of who poses a

00:41

threat to our networks and our digital

00:43

infrastructure today's sophisticated

00:46

hackers use simple electronic devices

00:49

like remote-control cars or other smart

00:52

toys to gain access to our most

00:54

sensitive data skilled cyber actors

00:57

don't need to spend years or decades

00:59

honing or refining their craft to

01:02

inflict severe damage for example a

01:06

five-year-old recently found a flaw in

01:09

an Xbox video game system that allowed

01:11

him to hack into his father's account in

01:15

a ten-year-old discovered a new class of

01:18

bugs in a mobile game allowing her to

01:20

manipulate the results while these might

01:24

not sound like dire threats to national

01:26

security

01:27

they should be instructive to the

01:29

digital world we now inhabit malicious

01:32

cyber actors can come in any shape and

01:35

size and we must adapt to this new

01:37

reality I would like to introduce to you

01:40

someone who personifies this

01:42

technological information and represents

01:45

the sophistication of cyber actors he is

01:49

the CEO of a cyber nonprofit as well as

01:52

a cyber expert all at the age of 11

01:55

please welcome Ruben Paul

01:59

good morning Reuben hey where's Bob why

02:12

don't you go ahead and get started so

02:13

Reuben will find Bob that's got lost 11

02:17

years old you're the CEO of a company

02:20

you consider yourself a cyber expert and

02:25

then you do gymnastics yes all at the

02:30

age of 11 how did you get here well

02:33

before I answer your question I just

02:35

wanted to say a big thank you I want to

02:37

thank my God Jesus Christ for the gifts

02:39

he has given me and giving me this

02:40

opportunity

02:41

I want to thank you miss Glover Jones

02:43

for letting me share the stage today and

02:44

I want to thank all the people who are

02:46

serving today and all the people who

02:48

have served the veterans and all the

02:49

attorneys here and I hope one day to

02:52

serve our nation just like you on the

02:53

cyber wall

03:01

now back to your question it all began

03:05

when I was about six years old and my

03:10

dad used to train people on

03:12

cybersecurity so I used to listen in and

03:15

learn about basic security topics and

03:17

one day when he goes on a business call

03:20

he forgot the word firewall so I

03:22

prompted him from the back and he

03:24

realized I had a potential for learning

03:26

cybersecurity so he started teaching me

03:28

more advanced topics like hacking phones

03:32

and windows and IOT devices so I started

03:40

learning and I had to I was simplifying

03:42

advanced topics down so that anyone

03:44

could understand them and that's how I

03:46

came up with cyber Shaolin my nonprofit

03:48

organization a nonprofit organization so

03:51

tell us about Bob who's Bob

03:52

so this chair is Bob meet Bob so Bob is

03:56

a pair of breeches a silver of breeches

03:59

that's why I named him Bob he got

04:01

something to say huh yeah he has a

04:03

little message for us I just wanted to

04:07

say hi how are you doing I'm really

04:11

excited to be here today

04:12

thanks for the opportunity so what do

04:16

you use Bob for most people sleep with

04:18

teddy bears well but I gathered that

04:20

you're not most people well I'm going to

04:23

hack into Bob you're gonna hack into Bob

04:25

yes okay you're gonna show us what you

04:28

got yes okay so I basically have a

04:31

Raspberry Pi at any computer I'm

04:34

connecting through it I'm connecting to

04:36

it using terminal and just on my Mac and

04:39

I'm gonna use and I'm just gonna scan

04:42

for my dog so here you know Wow

04:53

oh let me turn my phone off happy

04:56

[Applause]

04:57

that is a lot of things I see someone's

05:01

Fitbit charge HR sex someone's device

05:06

like an Apple watch oh there's Bob let's

05:08

see him it's at cloud FETs now you make

05:10

sure it's Bob yes and not general

05:12

Stuart's phone okay okay I need my job

05:18

so if you're trying to turn off your

05:22

Bluetooth devices it's too late so I'm

05:27

just going to connect to the ver

05:28

interactively and once I do that I'm

05:35

going to see these services so the first

05:41

two are for our on Bluetooth specs and

05:45

it's basically for interactive

05:47

interactively connecting between the

05:49

bear and the device the last one is for

05:52

over-the-air updates and this one is

05:55

specific to the manufacturer so what I'm

05:57

going to do is I'm just going to in each

06:00

of these services there is

06:02

characteristics properties that you can

06:04

use so I'm basically just going to

06:07

describe the characteristics so once I

06:11

get this characteristics I see that the

06:14

I went through each one and there's a

06:16

specific one handle 27 but I'm gonna

06:19

actually read handle 28 because that's

06:21

the description for the handle so when I

06:24

do it I'm gonna do character - read

06:26

handle 28 and we get these three or

06:33

these these numbers that's a hex so I'm

06:38

just gonna go into Python and put that

06:39

in a nun exit how did you learn Python

06:44

I've been taking I have a book at home

06:48

Python for kids self-taught okay yeah so

06:54

I have LED so handle 27 controls the LED

06:58

so basically I'm just going to write to

07:00

that handle and I'm gonna write handle

07:04

to handle 2701 so as you see on Bob the

07:09

LED

07:10

little heart LED will flash Wow so I'm

07:16

gonna turn that off and who just wants

07:17

to see a light turn on I'm gonna make

07:19

some audio play so I went through each

07:22

one of these and I found that handle 12

07:23

is for commands sending commands to the

07:26

bear and 0 8 is for audio and then 0 2

07:32

is for a record and it records to slot 1

07:34

automatically there are few different

07:35

slots but it what's the saw one so when

07:38

I enter this command Bob is gonna record

07:41

everything I say and nobody's gonna know

07:43

it so once I enter it miss clover Jones

07:46

it's gonna ask me a question or ask Bob

07:48

a question I'm gonna answer it for Bob

07:50

and then you guys are gonna screen

07:52

notice is awesome ok 3 2 1 hey Bob have

07:59

you just been hacked yes I was so I just

08:08

turned it off and to play it back I'm

08:11

going to t zero eight zero one and I'm

08:13

gonna play back on slot 1

08:21

[Applause]

08:24

[Music]

08:30

so if you were a nefarious cyber actor

08:34

what could you do with Bob or any other

08:37

smart tooth enabled device so I could

08:41

act theoretically stand out any

08:42

government Institute base and then

08:44

connect to a Bluetooth low-energy device

08:46

like a Fitbit or an Apple watch or

08:48

something like that and then I could

08:50

record secretive conversations or if I

08:52

was or I could stand out a doctor

08:55

outside a doctor's office and connect to

08:57

a heart pacemaker and turned it off

08:59

making some causing some serious damage

09:02

so ladies and gentlemen what we just

09:05

witnessed is in about five minutes

09:08

Rubin here was able to hack into Bob and

09:12

record our conversations this is the

09:15

reality of what we live in and we want

09:18

to say thank you Rubin for coming and

09:19

sharing with us how easy this is Wow

09:25

Reubens not just a talented hacker he's

09:27

a true communicator we're pretty sure

09:29

he's going to have a nice long career

09:30

thanks for watching guys be sure to

09:32

subscribe to the channel so you don't

09:33

miss anything that we filmed at DotA's

09:35

2017 leave us a comment below and let us

09:38

know if you have any toys or IOT devices

09:40

yourself we'd love to hear about it I'm

09:43

Alicia Webb and I'll see you next week

09:44

bye