Before an audience of experts at the International One cybersecurity conference in the Hague this week, an 11-year-old tech enthusiast was highlighting mass IoT insecurity in a language that everybody understood.

Reuben Paul, a sixth-grade student from Austin, Texas, assessed the terrain as follows: “From airplanes to automobiles, from smartphones to smart homes, anything or any toy can be part of the Internet of Things. From terminators to teddy bears, anything or any toy can be weaponised.”

He scanned the hall for Bluetooth-activated devices with a Raspberry Pi microcomputer powered by a laptop’s USB port, then proceeded to hack a random audience member’s phone to remotely control the “Smart Toy” teddy bear he had brought on stage.

Reuben went on to say:

IoT home appliances, things that can be used in our everyday lives, our cars, lights, refrigerators — everything that is connected can be used and weaponised to spy on us, or harm us. They could be used to steal private information such as passwords, as remote surveillance to spy on kids, or employ GPS to find out where a person is, he said. More chillingly, a toy could say “meet me at this location and I will pick you up”.

Smart homes and toys increasingly implicate the “Intimacy of Things,” which is especially concerning when infants, children and adolescents generate just as much data as adults. IoT privacy and security debates concerning children — even by children themselves — are vital to have lest we continue down a path towards normalizing child surveillance.