Cybersecurity experts were shocked Tuesday when a sixth grader showed them just how easy it would be to hack their mobile devices and weaponize a seemingly innocuous item—in this case, his smart teddy bear.
At a cyber safety conference in the Hague, Netherlands, 11-year-old prodigy Reuben Paul used a small computer called a “raspberry pi” to hack into audience members’ bluetooth devices and download phone numbers, Agence France-Presse reports.
Paul then reportedly used one of the numbers to hack into the teddy bear, which connects to the Internet via Bluetooth or WiFi, and used the toy to record a message from the audience by using a computer language program called Python.
“I basically showed how I could connect to [a remote Internet-connected device], and send commands to it,” Paul told AFP.
He warned that Internet-enabled everyday objects “can be used and weaponized to spy on us or harm us,” for example by scraping private information like passwords. Toys could even be programmed to say “meet me at this location and I will pick you up,” he added.
For more on cybersecurity, watch Fortune’s video:
Though not yet a teenager, Paul is already well known among his community in Austin, Texas, and beyond. In 2014, the wunderkind founded his own company, an educational gaming website called PrudentGames. Paul is now the company’s CEO.