Kathy Gibson, Editor of IT-Online, was with Kaspersky Lab in Cape Town, where one of the youngest white hat hackers in the world, 13-year-old Reuben Paul performed a live Internet of Things hack. He intercepted a flying drone, controlling its flight and taking over its video feed.
Reuben – also a cyber security ambassador and committed to helping people use technology for good – relates how he started on the path of cyber-hacking: “My dad used to consult and train people on security and I would listen to his conversations while playing my Xbox in his room.”
One day his father forgot a password while on a call to customer and the then six-year-old Reuben prompted him with the correct code. “So my dad realised I had a natural ability to learn,” he says.
In the first grade, Reuben was asked to draw a picture of what he’d like to be one day. “I drew a picture of a cyber-spy lying on a couch, pushing through a firewall to another computer.” The youngster set about developing the skills he would need to realise his dream.
“I use to try out different things,” he remembers. “My first hack was a Windows PC – a really old one that took a long time. I tried to hack it with a credential harvester attack to get user names and details. But doing this I learned about command lines.”
Once he’d mastered the old Windows machine, Reuben moved on to different operating systems and soon figured out how to pull off the hack in Linux, Windows and Unix. At the age of seven, he wanted to attend a cybersecurity conference and started researching IoT in preparation.
“I started working on a smart teddy bear and managed to hack it successfully using Bluetooth protocols from 30 metres away.” Hacking the teddy near allowed Paul to receive both video and sound from the toy, and to upload audio to it – demonstrating the potential ability to spy on children as well as to make the teddy bear “talk” to them.
Reuben’s family has always been supportive, but ensures that he stands on his own feet. When he asked to speak at that first conference, his parents advised him to apply and, if he was accepted, they would support him in doing it. That first presentation with a live hack was at the age of eight, at a hackers’ convention. Since then he has presented at more than 25 conferences in 10 countries, including Kaspersky Lab’s Cyber Security Weekend in Cape Town.
The teddy bear hack proved to be a turning point in the youngster’s burgeoning career, both in terms of media recognition and his ongoing interest in IoT devices. Today, Reuben works mainly on hacking drones. While it may seem he is at the pinnacle of a white hat hacking career, he doesn’t see himself as anything other than a very junior hacker.
“I am still learning about so many different topics,” he says. “I still need to dive a lot deeper – I don’t think I am an expert on things, but am really just a learner.”
Reuben thinks the drone at today’s event is probably the most complicated hack he’s ever performed, but the teddy bear at his first conference was arguable harder. “The teddy bear we did by ourselves, from scratch,” he says. “Normally hackers pull information from other places and from each other, but we did that one alone. For the drone today, it was a difficult hack, but we did have other resources that helped us to figure it out.”
Hacking is by no means a full-time occupation. Reuben also focuses on his school work – he’s in the seventh grade and a straight-A student; gymnastics, where he made the US national team last year and just missed qualifying this year by a tiny margin; swimming, which he does competitively; and Kung Fu – he’s a third degree black belt.
He also runs a non-profit organisation, Cyber Shaolin, that focuses on helping children around the world learn white hat hacking skills. “I want to make more educational videos and games,” he confides.
The non-profit was born about three years ago, once Reuben become well-known on the speaking circuit. That year, he told his parents that he didn’t want any Christmas gifts but would rather use the money to make videos that could help children around the world learn.
Since he believes education should be free, he wanted the videos to be available to everyone; and so the non-profit organisation was set up so people could help support this goal.
“Cyber Shaolin is about using cyber security skills for the good of humanity,” Reuben stresses. “We always make sure that the kids have the right mindset.” For instance, Reuben explains to kids who ask him to hack into things like Fortnite accounts that it’s not the right thing to do. “We definitely focus on ethics and most of the people we engage with are ethical.”
He is also serious about ensuring youngsters understand the dangers and responsibilities that hacking brings with it. In the long-term, Reuben is still determined to become a cyber spy, but ensuring that his skills are used only for good.
Watch the full drone hack here.
Article by kind permission of IT-Online.co.za