鲁本∙保罗在圣路易斯大拱门前(St. Louis Gateway Arch)做劈腿跳跃的动作。(© Mano Paul)
泰迪玩具熊似乎没有什么危险可言,但年仅11岁的网络安全专家鲁本∙保罗(Reuben Paul)却不这么认为。
鲁本∙保罗今年才11岁,但已经成为一名网络安全专家。他比大多数成年人都更了解网络安全的知识。
最近,他在海牙(The Hague)举行的2017国际一体化大会(International One Conference)上发表主题演讲,介绍自己制作的智能玩具如何成为网上窃取敏感信息的工具,让与会者大吃一惊。
鲁本的泰迪熊内置一枚话筒,通过无线上网与因特网连接。他对泰迪熊有哪些薄弱环节进行了研究。 他在大会上说,“了解了泰迪熊的薄弱之处后,我就打开话筒,使这只小熊成为一个探测设备。”
鲁本把一枚树莓派(Raspberry Pi)微型电脑插件装入与玩具熊连接的苹果电脑,通过扫描查找会场内范围所及的蓝牙设备,就可以查看范围内有关设备中的联系人和电话号码。
尽管鲁本很小心地没有进行任何黑客活动,在座的观众,特别是自己的设备被扫描的人,都对黑客可能这么容易就长驱直入感到吃惊。
这对于大会来说是一个很好的例子。这次大会就如何保障物流网(Internet of Things)的安全进行讨论。所谓物流网指通过因特网使所有的日常物品相互联通。鲁本的泰迪熊揭示了其中的风险。
鲁本说,“[物流网]是下一代技术。我们都将接受。”但人们必须留心联网的玩具和系统,不可以在不了解是否安全的情况下轻易接受任何设备。
鲁本从6岁开始跟担任网络安全教授的父亲学习网络安全,8岁时在肯德基州(Kentucky的路易斯维尔(Louisville)举行的网络安全大会上发言。
从此以后,他一再接到海内外各种会议的邀请,一些公司也请他讲解网络安全问题。他经常告诫人们不能反复使用同一个密码。“大多数人为银行账户和社会媒体账户设置同一个密码。但如果密码被盗的话,黑客就能毫无阻拦地利用你的数字身份。”
他还提醒人们警惕公共无线上网的问题,同时需定期更新软件系统。
鲁本强调了网络安全的三个“T”。
Don’t Talk(不说) = 不要在网上泄露个人信息。
Don’t Take(不做) = 不要轻易点击电子邮件附带的链接。需要先检查链接是否可靠。
Don’t Trust(不信) = 任何人在网上都是网络陌生人。不能相信任何人,因为你可能成为钓鱼信件的受害者,或者受到其他恶意攻击。
鲁本除了讲演外,还经常练习体操和功夫,同时也是一个倡导网络安全的非营利组织负责人。
鲁本说,他最想今后能撰写应用程序和视频游戏,在晚上可以进行网络侦查,保护其他人和自己的国家不受网络威胁的侵害。
但是他还说,“我需要先完成6年级的功课。”
To stay safe online, do this
Think there’s nothing more innocuous than a teddy bear? Think again, says cybersecurity expert Reuben Paul.
At age 11, Reuben already knows more about online safety than most adults. Delivering the keynote address at the 2017 International One Conference, recently held at The Hague, he astonished spectators by demonstrating how easily an internet-connected “smart” toy can be weaponized to steal sensitive information.
Reuben had researched vulnerabilities in his “smart” teddy bear, which connects to the internet via Wi-Fi and has an embedded microphone. “Exploiting this weakness, I was able to turn on the microphone and use that as a spying device” at the conference, he said.
To do it, Reuben plugged a Raspberry Pi (a tiny computer board) into his MacBook computer, which he connected to the bear. He then scanned the room for Bluetooth devices within range. The scan picked up all of those in-range devices.
Audience members — especially the owners of the scanned devices — were stunned to learn how easily they might be hacked, although Reuben was careful to stop short of any hacking activity.
It was a good example for the conference, which was debating how best to secure the “Internet of Things.” That term refers to the concept of connecting everyday objects to the Internet or to each other. And Reuben’s teddy bear had just revealed its danger.
“The [Internet of Things] is the next generation of technology, and we are all going to have to embrace it,” said Reuben. But people should be “cautious about connected toys and systems, and not recklessly accept any device” without determining if it’s secure.
Reuben began learning about cybersecurity at age 6 from his dad, a cybersecurity professional. By the time he was 8, Reuben had delivered a talk at a cybersecurity conference in Louisville, Kentucky.
Since then he’s been invited to conferences at home and abroad, and corporations ask him to give talks on cybersecurity. He always warns against reusing passwords: “Most people use the same password for their bank accounts and their social media accounts. So if a password gets hacked, the hacker will have total access to that person’s digital identity.”
He also warns against connecting to public Wi-Fi access points, and tells people to regularly update their software systems.
Reuben offers these “three T’s of online cybersecurity.”
Don’t Talk = Don’t give out personal information online.
Don’t Take = Don’t click on any links in emails without checking to see if they are valid.
Don’t Trust = Everybody online is a cyber stranger. Don’t trust anyone, because you could be the victim of a phishing or other malicious attack.
In addition to speaking and practicing gymnastics and kung fu, Reuben is also the head of a nonprofit organization that seeks to educate people about cybersecurity.
Reuben says he would eventually like to be “writing apps and video games, and to be a cyber spy at night, helping protect others and our country from cyberthreats.”
But first, he says, “I need to pass sixth grade.”
