Don’t panic, but a bug has been found in FaceTime that could allow someone to spy on your conversation – and even see through your iPhone’s front-facing camera – before you answer an incoming call.
Word spread quickly of the problem after a tweet went viral, with a demonstration of the privacy goof.
Now you can answer for yourself on FaceTime even if they don’t answer????#Apple explain this.. pic.twitter.com/gr8llRKZxJ
— DEAD FRIENDS™ (@DeadFriendsCHI) January 28, 2019
And it’s not complicated to do.
As 9 to 5 Mac reports, the technique is alarmingly easy:
- Start a FaceTime Video call with an iPhone contact.
- Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
- Add your own phone number in the Add Person screen.
- You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.
9 to 5 Mac later confirmed that the flaw could also be used to expose video footage from the targeted phone’s front-facing camera.
Inevitably, some are likely to use the technique to prank their friends (it’s hard to tell whether this following NSFW video is a joke or not… but obviously it’s not cool or funny to prank your friends in this fashion)
Right now, it’s hard to tell just how serious this crappy bug is. It doesn’t feel like a way for – say – a state-sponsored attacker to open a persistent hot mic on a targeted phone in another nation’s government.
But I would still be deeply disturbed if someone was able to spy on me, even for a short while, without me noticing. It’s easy how it might also be used by jealous partners and obsessive stalkers to spy on the vulnerable.
And it’s clearly deeply embarrassing to Apple (which is attempting to pitch itself as one of the more privacy-conscious companies.)
Lest we forget…#Apple #FaceTimeBug pic.twitter.com/bqr3HPWp2p
— Graham Cluley ???????? (@gcluley) January 29, 2019
The FaceTime privacy problem needs to be fixed, and pronto. If you’re concerned, consider disabling FaceTime entirely until a fix is forthcoming.
Interestingly, Apple appears to already be attempting to mitigate the problem. A visit to the company’s system status webpage reveals that Group Facetime is currently unavailable.
Given the level of attention this bug is going to get from the media, my guess is that Apple will issue a fix to iOS 12 pretty darn quick.
Unfortunately it shouldn’t have needed media attention to get this problem on Apple’s radar. From the looks of things, the problem was brought to Apple’s attention by the parent of a 14-year-old boy who discovered it over 10 days ago. There was no response from Apple.
My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport…waiting to hear back to provide details. Scary stuff! #apple #bugreport @foxnews
— Michele Thompson ☀️ (@MicheleT_inAZ) January 21, 2019
I have letters, emails, tweets and msgs. sent to Apple for 10+ days reporting the Group FaceTime bug that lets someone listen in. My teenager discovered it! Never heard back from them. #apple #facetimebug @FoxNews @cnbc @CNN
— Michele Thompson ☀️ (@MicheleT_inAZ) January 29, 2019
FYI- I called, FB messaged, faxed, emailed and tweeted Apple exhaustively last week to no avail. Submitted official bug report also. Tried to keep it private b/c of the security concerns. Never heard from them.
— Michele Thompson ☀️ (@MicheleT_inAZ) January 29, 2019
Expect a patch from Apple in the coming days. If not earlier.
For more discussion on this issue, be sure to check out this episode of the “Smashing Security” podcast:
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
You could listen to someone or even see them before they answered your phone call. So you would send them a call via FaceTime and you'd be able to listen to what they're doing before they've hit the answer button. Okay, let's act it out, Graham, right now.
Right. Pretend you're calling me. Oh, God, it's that fucking ass again. Oh.
Smashing Security, episode 113. FaceTime, Facebook, Faceplant, with Carole Theriault
and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 113. My name is Graham Cluley. And I'm Carole Theriault. Hello, Cluley. Hello, Graham. Hello. And we're joined this week by a special returning guest. It's John Hawes all the way from AMTSO again, the Anti-Malware Testing Standards Organization. The worst acronym in the world. Hey, it's a great
name. It's a great name. A bit cheeky. Leave our name alone. It's all right. I missed that week when they chose the name. It's
just hard to say fast. Well, Anti-Malware Testing Standards Organization. AMTSO. AMTSO. It's very good for Eastern European people. To use today's parlance, are you trying to drain the swamp of crappy reviews?
Exactly, yes.
We're all into swamp draining. Oh, thank you for draining swamps, John. And thank everyone as well who has joined us on our Reddit page. After we put out the plug in last week's episode, we've had literally hundreds, yes, plural of hundred people joining our Reddit page and chatting with us. And you can join us there as well at smashingsecurity.com slash Reddit. Hope to see even more of you up there. Exactly. It's the best place to get a bit of
behind the scenes information. If anyone actually could care about that.
Now, we've got a fun packed show, right, Carole?
Yeah, listen to this. We've got DJ Daddy Cluley covering the FaceTime privacy snafu. Mr. John Hawes digs into Nick Clegg's work duties at Facebook and yours truly heads to Japan to see how they're prepping for the 2020 Olympics. All this and oodles more coming up in a pretty sweary version of Smashing Security. Are you not running a password manager in your organization? What are you thinking? Check out LastPass Enterprise. Just go to this URL, lastpass.com slash smashing. Here you can learn all about what password managers can do for your firm. And you can learn more about LastPass Enterprise. I mean, if you want to solve poor password hygiene, if you fancy securing every password-protected entry port in your business, fly it on over to lastpass.com slash smashing. I use them, so you should check them out. Hey, Graham.
Yes.
So, I've got a problem.
Yes.
I use a cloud service, I put all my files and data up there, and I'm kind of nervous about prying eyes looking at it. Any advice?
Yeah, you've got to encrypt it.
Before I load it up?
Well, I would recommend so, because any file which you put on Dropbox or Google Drive or OneDrive or those other sort of cloud services, it could be accessed by that company or indeed law enforcement or any hacker who broke into your account. So what I would recommend is use a piece of software like Boxcryptor. It's what I run on my computer. And any file, before it gets uploaded to those cloud services, gets encrypted with my own keys, which I control. So the cloud service itself can't see the contents of the files which I'm putting on the cloud drive. It's all encrypted.
Cool. I'll check it out.
Go to boxcryptor.com and thanks to Boxcryptor for supporting the show this week. Now we are recording this on Tuesday, the episode goes out most people I think pick it up on Thursday so things may have changed. I'm just putting this in context because we have breaking news.
Ooh.
Last night, I was tucked up in bed in the wee small hours of the morning with my long johns on and my Womble hot water bottle clutched close to my heart.
What a glorious image that is.
And I felt a little tingle. I felt a tingle in my spider senses.
Ooh.
Are your long johns connected to the internet? I knew something was not right with the internet. And so I awoke. I turned on my wee little phone. And I saw that the Twitterverse was going bonkers.
As usual.
About a bug which had been found in FaceTime.
Are you sure it was your spider sense and not just your phone going... But yeah, I turned on Twitter and people were sharing this video. And what people were demonstrating in this video is that you could listen to someone or even see them before they answered your phone call. So you would send them a call via FaceTime and you'd be able to listen to what they're doing before they've hit the answer button. Oh, God, it's that fucking asshole again. You guys. That could hurt a friendship, man. That could really damage our buttness.
Exactly. I'd go down a tier, I think.
Right. Right. Yeah, you'd be definitely tier
two by that point. So dangerous. Or if you're having a poop or something and you don't want your camera on and someone's trying to do a camera. Well, there's all Number of embarrassing scenarios. And, of course, as people were sharing this video and the instructions on how to do it were really very, very simple. Indeed, basically, you sort of added yourself to a group call with the person and somewhere the Apple logic went bonkers.
Good? Okay. That's a bit rude, Cliff. It's a bit rude. Okay. It's a bit rude. Oh, no. Yo, you're beating your shmeet. So to the guy on Reddit who told us he doesn't like our show because he can't listen to it with his 12-year-old son, this is very much not the episode you should be listening to.
I should think within a couple of years his son will know all about this, to be honest, if he doesn't already. He probably already does. Anyway, so then it turned out it wasn't just audio. They could actually look at you as well. They could take over the front-facing camera. Wow. Now, of course, that's deeply, deeply embarrassing for Apple, right? If you remember at the CES show recently on the West Coast, they were touting privacy. Well, they were touting privacy very much. They had a great big poster up on the side of a hotel saying, you know, we're basically the privacy company because Google and Facebook keep on getting themselves into a mess. Apple is trying to differentiate itself, isn't it? So this bug has only really become public knowledge for less than 24 hours at the time of recording. It's hard to tell quite how serious it is. If you were a state-sponsored attacker, for instance, and you wanted to hack into the phone of a leader of a rival country, it doesn't seem like a way to persistently sort of open up a microphone. It's going to be quite a short length of time. It can be a little bit obvious if they haven't turned off their ringtone and such likes. It doesn't seem like that kind of scale of thing. But it's still bad.
Oh, no, no. And it's getting a huge number of headlines everywhere.
Also, if you know that a major politician keeps their phone on a stand on their desk with lots of important secret documents underneath it. And what,
They're wearing their phone underneath their chin, facing downwards? No, they've got it on
A little stand on their desk so that they can, you know, watch videos or something. The camera happens to catch a little glance of the nuclear codes or something. I suppose it could be. Could be. Could be. I think don't panic. If you're really worried about this, until Apple pushes out a proper patch, you can just turn off FaceTime if you wanted to. To be honest, I haven't turned off FaceTime.
Kind of solves the problem in the short term. I think they handled it very, very quickly. I was kind of impressed by that. I kind of thought your story would be more
Of a... Were you impressed? Yes.
Okay, tell me why I'm wrong on that. I can tell by your... I feel like I'm being set up here to follow my face. Well, maybe you shouldn't be
Quite that impressed. Because at first I was thinking, well, that's quite a good response. I mean, it's obviously embarrassing that the bug was there, but they've responded quite well. Until you do a search on Twitter, and what you find out is that over 10 days ago, a 14-year-old kid contacted Apple support multiple times saying that they had found this bug and they wanted it fixed and Apple never got back to them. Okay,
Okay. Can I just defend Apple? I know I'm a big... Apple whore. Apple whore.
Yes, you're like the Nell Gwynn, but rather than oranges, you're apples.
Apple is a big company. Who knows who they call the Apple? Medium-sized. Exactly. Who knows who they called, right? And who knows if that person just was like, oh, God, okay, thanks, thanks. I mean, a lot of people must call with those kind of things that they've found something.
Well, at least get back to them and say, can you give us more details? I mean, in these days of bug bounties and serious vulnerabilities, and remember, this is Apple, which is all about, well, they're now wishing that they had. I bet. They now wish that they had just tweeted about it. And this problem would have been fixed faster. They also, by the way, contacted Fox News, and they never heard back from Fox News either. Oh! Which is surprising to me, because you would think Fox News are looking for alternative news stories to focus on, rather than other things which may be appearing in the headlines. So you'd
Think they'd want to do that. But then also, people like Fox News must get a lot of calls from people saying, Hey, look what my kid can do with his phone. Sure. Which aren't necessarily all going to be great news stories. Right.
But the people who I think have dropped the ball here are Apple themselves. They should have got back to him. They should have asked for more details. They should at least have acknowledged the bug report. So there's an official bug report which was submitted. They never got any response to it.
And also they should have noticed the problem in the first place. If it's something that a 14-year-old can spot, surely a team of professional software testers should have been able to spot it. Well, yeah, because this does seem to keep on happening with Apple, doesn't it? I mean, there have been so many bugs involving the lock screen, for instance, and ways to bypass it and bizarre logic like that. You should be testing that pretty thoroughly with every release. Could be embarrassing.
I use FaceTime fairly regularly with some people. Do you ever have problems with FaceTime, Carole? Yeah, I do. One of the things I find is I find it very easy to accidentally call someone. So what happens is I'm thinking in my head, I need to call Graham, right? And I put in my passcode, get to FaceTime, and then I forget and I go do something holding my phone. So FaceTime is open on my phone and I end up calling someone who's in San Francisco at four in the morning. And then I'm madly trying to get the hang up button to stop bugging them. And it always kind of goes wrong at that point.
And there was that weird thing, we actually covered this in a special bonus episode, didn't we? We had a little breakaway behind the scenes episode. Do you remember my phone used to call you on FaceTime when I was in the shower? And it didn't matter if it was my shower at home or a shower at a hotel. And I wasn't even close to the phone. I want to stress that. And I would hear, I'd pick it up and I'd just hear this, shh. And I'd go, no, oh God, oh God. It wasn't a video call. It was only ever audio, I think. Thank the Lord. Have you filed Carole's contact under... John, what's your story for us this week? Well, I wanted to talk a little bit about Nick Clegg. I think they put the brakes on things like the snooper's charter and they prevented some of that you know which Lib Dems strongly believed was a bad thing and the Conservatives want to push forward and they slowed it down a little bit well unfortunately you know their brakes aren't that big politics took a particular turn and we no longer have a coalition government able to stop the Conservatives from doing things like that yeah a Little bit politics there anyway after he was deputy PM for five years you know they had another election and by that point everybody hated them so the whole party pretty much collapsed they lost all their seats he lost his seat a couple years late 2017 and yeah my main memory of him is that he was on Desert Island Discs the BBC show where they great show interview celebrities about what they would take to a desert island. And his luxury he wanted to take was an unlimited stash of fags.
Cigarettes for our American counterparts. Yes, don't take that the wrong way. What was he planning to do then?
Ooh, la-dee-da title. Head of propaganda, basically.
Yeah, he's there. They're lobbyists. He's there to pester government people because he knows how to talk to them. So he's the liaison between Facebook and politicians.
He is actually quite a good choice to talk about this, particularly in Europe. I mean, he speaks not only English, he speaks Spanish and German and French and Dutch.
Yes, he used to be an MEP and he was in Europe for a long time. Yeah. My nephews used to go to school with one of his sons. Yes, he used to be an MEP and he was in Europe for a long time. Yeah. My nephews used to go to school with one of his sons.
And Google and all the way. He also said, oh, you know, we could charge for things, but then, you know, all the poor people won't be able to use it.
So advertising is much better. And it's how the internet works, I think he said. And also TV and newspapers and things like that. And he talked a little bit about the data economy and how that was a growing thing and how Facebook was a big part of it. And it was going to be very useful for the world in the future. Really? He talked a little bit about all the efforts they're making to restrict bad content, terrorism and hate speech and things like that, and particularly fake news, obviously, and fake accounts with all the political shenanigans that have been going on, Cambridge Analytica and all that.
This seems a little flip-floppy from, you know, things like the Snoopers Charter and not supporting it, doesn't it?
Well, he's got a new job, you know, so he's got to start spinning a new line. That's what he's paid for. Yeah,
You've got to get Fernando through school, you know? Does anyone have any good faith anymore? Does anyone stand for anything?
I have to say, actually, in his speech, he did come across as quite genuine. And he was quite flexible. He was saying, look, yes, I admit this is quite bad. But, you know, we're trying to do this about it. And I'm not sure exactly how true it was.
You think Facebook is mending its ways? That's what you think? No, no. You think it's mending its ways?
I think he was clearly well chosen as a person to...
Make it look a little cleaner. Yeah.
Just because... He's making... Yeah, he's taking the stench
Off the pile of doo-doo.
Yeah. Yeah, yeah. Well, look, he can say all he likes. And yes, he is a very nicely presented chap and he seems like a decent fellow as well. But he alone isn't going to fix Facebook. He's not going to stop all the trolls, the fake accounts, the bad news which is on there or the offensive material. There's been something in the press in the last week or so about a young woman who killed herself because of all these images of self-harm and so forth which are still being found on Instagram. If Facebook and its sister companies wants to really improve its image, it's got to clean up that stuff, hasn't it?
Well, he talked about that a little bit as well. As always, hiring more people to get more human involvement in the moderation and fact-checking and things like that. And also investing more in machine learning technologies to do it all automatically. But what his main point seemed to be throughout all of this was that it shouldn't be down to Facebook to deal with this stuff. Oh, it's the user's problem. No, no, they shouldn't be the ones who decide what the rules should be. Talked about they set up an independent board to review free speech complaints. They're setting up an operation centre on election integrity. But his central theme throughout it all was governments, seriously, you need to be setting some rules about what we can and can't do.
And they're just saying that because they know it's too complicated for governments to do that.
Well, they'll try and it will take them forever. And the bureaucracy is going to take forever. And if they helped, it would go a lot faster. And anyway, this really pisses me off.
And he put a little caveat on that saying, please don't restrict data flow too much because, you know, you'll still damage all kinds of innovation and things health care and stuff where big data is going to be very useful in future.
So we're not suggesting we should damage data flow too much. No, we're just suggesting Facebook. Let's just cut off Facebook at the knees. Right. I haven't got a Facebook account. Carole, you're not on Facebook, are you? No. John, I can't imagine you're on Facebook either.
I don't spend a lot of time on that.
Right. You know, and Instagram and WhatsApp and all of those. If you feed into the Zuckerberg.
You know, he owns 51% of Facebook. So he is properly the owner. That's not like Geoff Bezos or anything.
So yes, coming back to the financial side. So he very briefly touched on taxation. And in various, there was a few other interviews and stuff. He's been doing this last week as well, where he got slightly less friendly questioning. And a lot of people obviously brought up the whole tax thing and why Facebook doesn't pay much tax. And he brought that back to pretty much the same point, saying that it's not Facebook's job to volunteer to pay tax. You as governments should be fixing this. You should be setting some rules that can handle things like Facebook, which I think is actually true and is correct and is the only possible way forward and I think should in the long term have a much bigger impact on the internet and security in general, because once governments get together and set some kind of global system that can handle companies the size of Facebook, alongside that, you have to also have not just tax regulation, but also laws and crime prevention. Because at the moment, if someone attacks someone in America from a computer in Russia via another computer in Japan and steals some money that the Americans have been keeping in Sweden, and transports it off to China. You know, you can't just call your local Bobby. You need the world police to do that.
And that's a while away. What I'm hearing and what he's saying is we are a company. Our design is to get as much as we can and give out as little as possible. And we do not want to have to do the right thing, ethically or morally. We want to do the right thing legally. And right now it's a freaking wild west and we want to be free to take advantage of that without getting our wrists slapped.
Well but he's also saying please make sure that at some point you actually implement some kind of... Yeah so Facebook has done a nice little PR exercise here and they've put out some talking points but for me the big point is that we do need much better global regulation of the internet and these giant companies and governments don't want to hear that because it basically means the purpose of a government is to be in charge, and you don't want to admit that you're too small to be in charge of something anymore.
Well, why don't you wait to hear my story and see if you change your mind on that. All right, then. It might enlighten you.
All right, well, Carole, you've teed it up nicely. What's your story for us this week?
Well, for my story, we head to Japan. This is the land of deliciously slurpy ramens and sci-fi toilets with built-in butt sprays and dryers. You've been on one of those, haven't you, Cluley?
Not this morning, but yes, in the past.
But whatever your thoughts on Japan, it's a country where people enjoy the fourth largest life expectancy in the world. How's all that sushi? Of 84 years. Can you guess, actually, guys, can you guess what might be a country that beats Japan?
Is it Nepal or something?
Oh good guess. Nope. Iceland? Get three guesses. Nope. More than Japan? Yep. So people live longer than in Japan. There's only one I think you might get.
The Vatican? No, a lot of very old folks there. So but you know what, you're on the right, you're on the right path. The first one's Monaco, then Hong Kong and Macau. So interesting. You always get interesting facts from me. Being convenient. People are going to be so disappointed. Darn it! Well, no, I've been to Japanese convenience stores and they quite often have basically a porn aisle. You get one for a cup of soups and one for your everyday basics, your milk and eggs and cheese. And then the other one is porn.
Do Olympic athletes tend to go into a convenience store to buy a porn magazine just before?
Graham, I think we're talking about the 20 million tourists that are showing up.
Oh, I understand. Giving a good impression of the company. They did this. They had a, was it a Winter Olympics? It was the World Cup, I think they had there a while ago. I'm not sure this is strictly true. I just heard this from someone I knew out there. They temporarily banned the sale of magic mushrooms during the event. No one at the time knew that magic mushrooms were even legal in Japan. They kept it very quiet. But while all these foreigners were there, they made it illegal, and then they overturned the rule when everyone left.
Yeah. Now, apparently not all bogs are high-class gizmos, right? Thousands of public ones are actually squat loos, where there's a pan or a bowl on the floor.
But you have little foot marks to show you where to put your feet.
What is your obsession with lavatories?
Well, it's interesting. It's interesting because they're concerned that these squat loos will be stressful for tourists. Maybe I'm just thinking... They are quite stressful. I would find that... And so they're going to be replaced by Western toilet models.
Okay. Not the super fancy ones with the dials and the knobs.
Actually, if you had to squat, it must be a really good thigh workout.
It's all poop-related. Carole, is there any security content at all in what you're telling us?
Yes, I'm teeing it up now. And Japan also wants to improve cybersecurity ahead of these big sporting events. So I took a peek at Japan's 2018 cybersecurity strategy. There's a link in the show notes for anyone interested. And one of the big focus areas is the establishment international delivery model for addressing vulnerabilities in IoT devices. So this is a fancy way to say we need to figure out a way to fix the growing problem of insecure and vulnerable IoT devices all over the land. Okay, sounds good. According to Koji Nakao, government advisor on cybersecurity and guest professor at Yokohama University, so, you know, a knowledgeable dude, one would presume, one of the big reasons that these IoT devices are vulnerable is because they use very simple user IDs and passwords. And he says the typical end user, this sounds very familiar to us here in the West as well, the typical end user has poor knowledge of cybersecurity. They connect and forget, relying on default passwords, provided maybe with a device. And he says most people in Japan wouldn't have a clue how to update it. So all these millions of devices connected all around Japan, and they're all holding a ton of information, private and sensitive and all that. And the big worry is that too many of them are vulnerable, and they could be compromised by some malicious code or an attacker today or in the future. So what does a country do when it wants to educate its users on being better with passcodes and user IDs? So you expect them to launch a splashy media campaign, right, on password hygiene. But Japan went a different route entirely. They've approved a rather radical approach to dealing with this problem just this past Friday. So starting in a few weeks' time, Japan plans to crawl the Japanese internet, hammer away at IoT devices in homes and in offices all around Japan to break in, to break into them. And here's the gist. Using an exhaustive list of passwords, the National Institute of Information and Communication Technology, NICT, will attempt to break into devices by hammering away at these usernames and passwords.
Presumably the first thing they're testing there is not whether your password is any good, it's whether your device allows you to try tens of thousands of passwords until it lets you in. Surely it should lock you out after three attempts or something. Webcams and routers is where they want to start and they plan to attack hundreds of millions of these devices. And when they successfully gain access to the device, the owner will be contacted and advised on how to improve security measures. Naturally. So this sounds a little half-baked, thorny little nest of ethics here isn't there. First of all, yes there is the ethical concern of should they even be hacking in at all, are they going to access other countries' devices and how will the other country feel if this organized Japanese government effort to access their IoT devices is spotted and how they might respond to that. It seems weird. If someone came to me and said, oh, your webcam allows me to try 10 million passwords before it locks me out, I can't fix that. Yeah, exactly. That's true. Now, both of you have not mentioned the big question that came to me immediately. I was, whoa, is this even legal? Right? So they were getting ready for this.
No, they've been getting ready for it since they created their cybersecurity strategy in 2018. So all the things you mentioned, Graham, I worry too. How do you know? Who are you going to contact exactly? And are you just going to snoop in the information you've accessed to find out the identity so you can contact them? Is that how they're going to do that? Right? And then aren't they setting a dangerous precedent here? So many people would definitely not want their governments having full access to all their private day-to-day stuff. And why should they? And what if you don't trust your government?
Well hopefully with most things you can actually, you can kind of log in without then going through all the data that's available in it. You don't have to sit and watch a webcam for eight hours to know that, you would imagine.
That they're logging in, they're accessing the admin panel and maybe they can initiate an update for instance, a firmware update or something if that is required. But this, it's weird, this sort of resetting the passwords and telling people, that's a whole other step. If once they're in there, do they then go and fix any problems themselves?
Right.
Oh right, yeah.
From the stuff I've read, I didn't see anything on that. It was all about contacting the owner, but that is another big can of worms. I'm sure that will be eventually how it is that they can go in and just change stuff or remove stuff or add stuff as break stuff.
You get a letter in the posting. Sorry, your password was rubbish. Here is your new one.
The other interesting thing I was thinking about is how do they compel people to care? Is the answer magic mushrooms?
Is that how we're going to make them care? Actually, but that's a good point. How is this going to help with their appearance to all these visitors that are coming for the Olympics? You know, wander around the country.
Connecting to people's Wi-Fi's. I don't know, maybe people do. There's 20 million people expected, right?
Yeah, but you don't kind of wander around a country going, oh, this is a rubbish country. All of these webcams have been hacked. You know? Yeah, yeah, it's true. I think it probably might improve the country's overall cybersecurity posture. But I don't think the ends justify the means here at all in my book.
So this is another typical segment of Smashing Security. Something has gone terribly wrong with the internet and we're going to grumble about it. Isn't that what we're here for?
Really? That is how you've reduced my work that I've put quite a bit of work into this?
I'm sure someone from the Japanese government is listening and they will change this. I've heard we're big in Japan.
That was in the 80s, wasn't it? Yeah, I think we should probably move on. To pick. I shouldn't sing it yet. And welcome back. Can you join us on our favourite part of the show? The part of the show that we like to call Pick of the Week. Pick of the Week. Pick of the Week. That's the part. I like it. It's the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like. It doesn't have to be security-related, necessarily. Oh, no, it should not be. And my pick of the week this week is a website. Well, actually, first of all, let me ask you. Do you remember the 70s and 80s when you'd turn on the TV and there wouldn't be any programs on? This was certainly true in the UK. We didn't have programs all day long. And there would be something on the screen called Teletext, or sometimes called CEEFAX. And they had this in different countries around the world. It was beautiful. There's 24 lines of 40 characters. So it was like a blocky sort of pixely game. And it would give you information about the news or the TV listings.
I remember it in the UK. I don't remember it when I was in Canada.
You were probably more advanced in Canada and North America. You probably had all night TV. Yeah, you probably had hockey reruns or something. The website I want to point you towards is called Teletext the World, which is a celebration of Teletext. And specifically, it has a feature which I quite enjoyed where you can upload an image and turn it into its Teletext version. Because they were remarkably creative on that small palette. I've also included a little link to a YouTube video where you can see. I'll put this in the show notes. You can see some of the incredible things which can be done with teletext. And I've made images of myself and both you, John, and Carole.
Well, you've loaded my picture on a random website.
Well, you have been converted into teletext on the website via the website's image generator. And with your permission, Carole, with your permission. Which wasn't granted. This is a picture which you have put on the Smashing Security website. I will post these on Twitter so people can see your teletext representations.
That's fine. I think my teletext representation is excellent, actually. I really like it.
Yes, these are probably quite good for privacy because no one's ever going to recognise any of these people, right? Your one is clearly you, John. There's no doubt that is you. 100%. That's just definitely John. Super nice little pick of the week. Thank you very much. John, have you got a pick of the week for I have and I feel quite proud of myself actually because it kind of connects back to my main story even though I chose the pick of the week much longer ago than the whole Nick Clegg thing came out. Is it a Nick Clegg 2019 calendar that you're going to be. So I wanted to think a little bit about perspective. Sometimes it's important to take a step back, look at the bigger picture, and just remember that probably your problems aren't that serious. And I have a few things that I use when I feel the need for a little perspective, which I quite like to share with you. One of them is the Cosmic Eye video. Actually, all of these are quite old. This is from 2012. So I've been dipping in and looking at this every now and again. It's very famous. It starts with a face and it zooms out and it goes face, person, building, city, country, planet, all the way out to universe and then all the way back in into the eye and then all the way into...
Oh, yes, I remember this. It zooms all the way out into the cosmos and then goes back into this woman's eye.
Yeah, and then all the way down to the size of atoms and things like that. Which is very fun. It's only about three minutes long. I thoroughly recommend it. I have another one called ChronoZoom, which is a time thing. It's an academic project. Again, this is from 2012. Obviously, sometime around 2012, I felt the need for a lot of perspective, and I looked up a bunch of these things, which I've hung on to ever since. So this one does pretty much the same thing, but with time. So it's laid out various bits of timeline. And you can I recommend going to humanity where it shows you the last 5,000 years where we've kind of documented history since we invented writing and then if you click from that and then go to I think it's cosmos and you watch it zoom out and it shows you how insignificant an amount of time humans have been around it's super. And then the third one which is actually my favorite of the three is a site called Wait But Why. They have a post from again from about five years ago it was called putting time in perspective which is kind of similar to chrono zoom except that it's much more simple. It's quite fun. It starts with you know a year and then puts that year into the last 30 years and each time the previous graph shrinks down into the corner of the next one and it does the same thing kind. And it goes through humanity. Yeah. So that's great. And actually, the whole website, I thoroughly recommend. Their piece on electric cars is amazing.
This is the Wait But Why website. Yeah.
It's really, really good. Again, they don't do stuff very often. I'm not actually sure they're still doing stuff. They typically only put out something every six months or something.
I like in their banner image, they say, new post every sometimes. Yeah, that's very sweet, isn't it? They're very cute.
Cool. Okay, it's bookmarked. Thank you very much.
Your talk about perspective there, John, reminded me of something about perspective as well. Do you remember that Father Ted sketch where Ted speaks? Small, far away. With the cows it's very funny. I'll just put the youtube link in there for you. Right Carole, what's your pick of the week?
Well I kind of wanted to do Roger Stone's documentary Get Me Roger Stone because of everything that's been going on politically in the past few days with respect to the Nixon lover but I think you did it already on a previous show. I think we might I've spoken about it before. Yeah. Yeah. I think it was your pick of the week. So I have another political, satirical mockumentary, well, this is a mockumentary rather than a documentary. Jonathan Pie, and it's called Jonathan Pie's American Pie. Now, Jonathan Pie is not everyone's favourite, but I find him quite edgy and I like him. So in this show, Jonathan Pie's American Pie, he plays a spoof news reporter. And he kind of mashes together, you know, Louis Theroux's Weird Weekends personal deep dive bits and the furious blasphemy from Peter Capaldi in In the Thick of It and the kind of Steve Coogan suave-ness in Alan Partridge. So it's kind of a mashup of those three for real. And he pulls it off, I think, quite well. Not everyone thinks so. It's not perfect, but I was really glued to the script, to him, to how he was handling it. And I love how you kept seeing the cameramen behind people. I don't know, there's kind of a behind the scenes feel to it that makes it great, I think. It would be easy to create a narrative that Donald Trump is just this orange buffoon. Very insane. Huge mistake. I say check it out. It's on iPlayer. It's an hour long. It did air on BBC3, but don't let that put you off too much. It is worth it. And that is Jonathan Pie's American Pie.
I didn't think it was hilarious. And actually, I found him quite... I didn't like him at all to begin with, but he kind of grew on me through the thing.
I've seen some very short videos of his, which popped up on Twitter from time to time, often by people who think they were genuine news reports. So I think that's how he made a name for himself, wasn't it? We're talking about some political things.
Yeah, and that's kind of interesting because I was just thinking when I was covering this, deciding to put it into the pick of the week, I was suddenly going, oh, I wonder if satire is going to die because of fake news.
I think satire has died because you just can't send up reality any longer. The world's too crazy.
And it's such a sad thing because, you know, one of the reasons I moved to England was because you guys were pretty satirically wonderful.
Don't worry, Carole. Everything's going to be wonderful. We have a glorious future line ahead. I just feel sorry for Europe. I just don't know how they're going to cope without the United Kingdom. Poor, poor fellows.
You guys are still welcome to listen to our show no matter what happens. We're here.
And that just about wraps it up for this week. Thank you, John, for joining us. John, if people want to find out more about you or about Amtso, what is the best way to do that?
Thanks for having me. You can email info at amtso.org. God, how 90s. I'm very old school.
That's cool. Well, you can find us on Twitter at Smash In Security. No G. Twitter wouldn't allow us to have a G.
You can find us on Reddit at smashingsecurity.com slash Reddit.
And if you enjoy the show, please tell your pals. Yeah.
You can even leave us a review if you wanted. That'd be nice. Thanks to all of you for listening to the show. And thank you to our sponsors, Boxcryptor and LastPass. Is that it? Are we done? Right, until next time. Cheerio. Well, why don't you turn off the ringer?
Well, I'm trying to do it without actually answering the phone, because I have to pick it up to answer it. Hang on. It takes a while to turn off. No, I'm all right.
Are we all following at the moment?
Yes, I'm going to act out. I want to respond to that.
You're going to act out?
I'm going to act out right now. Right, OK. OK, I'm ready. Hang on. They're going to contact the owners and tell them how to improve the skill. How will they contact the owner?
