Smashing Security podcast #195: Selene Delgado Lopez is not your friend

Hello Carole here. So this is just a quick note to give huge thank you to just a few of our amazing Patreon supporters. These are the people that allow us to give everybody this show for free. This week, special thanks goes to Rik Lindberg, Elbow, Ask Leo, Thomas Yurkiewicz, Dan Ailo, Maya McDonald, Mikhail Goldschmidt, Vitautas Sadowskas, Andrew Debraccio, and James S. The mere fact that these Patreon supporters went out of their way to give a few bucks to help us make this show blows my mind, and I'm so grateful. If you want to join this amazing community of Patreon supporters and get a few little extras like stickers and early releases, check out smashingsecurity.com/Patreon. Now let's get this show on the road. How old were these kids? Middle school. So that's like 11, 10.

That's not cool, guys. Stop doing that. Oh, there you go. There you are. I've sorted it. Sorted it. Solved the problem. That's all it needed was a firm word.

I just love when you just set the law. It's just amazing. Well, I can stop now. There's no more problem.

Smashing Security, episode 195. Celine Delgado Lopez is not your friend. With Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 195. My name's Graham Cluley.

And I'm Carole Theriault. And this week, we're joined by someone who's new to the show, but probably isn't new to many in our British audience at the very least, because he's regularly seen on Channel 5 TV's The Gadget Show. He's a TV producer, presenter, technology journalist and cover nut. It's John Bentley. Hello. Welcome to the show.

Oh, it's great to be here. Yeah, this is good fun.

What a voice, eh? Is this a liar bird, Graham? Have you deep faked John Bentley and run them on the show and are pretending.

No, this is the real thing. This is the real thing. It's very exciting. John, for our listeners who aren't based in the UK and may not have seen the Gadget Show, could you quickly sort of sum up what it is?

Well, it's just a light-hearted look at modern technology and gadgets, really. We've been getting this since about 2004, now on series 32 or 34, it depends on how you count them. That's incredible. It's good fun to do. It's great. And we don't take ourselves too seriously. I don't think it's just stuff about new technology. It's really good fun.

Are you the second longest running show after The Archers in BBC history? It's not BBC, it's Channel 5. Oh, that's right. Sorry.

I was thinking, it might be the fairly long lasting show in Channel 5's history. Yes. I think there's probably some other ones on BBC. I used to work on Top Gear. That's been going a long time for BBC time.

Because I believe your claim to fame or infamy perhaps is that you introduced to the world Jeremy Clarkson to our screen.

Oh, well, he was already quite active in the world. He was already quite active in the world. I just introduced him to television in, oh, when was that? 1989, roughly, I think, somewhere around there. Yes, at that stage I was producing that car programme. I was after somebody who was a little bit more opinionated about cars.

You certainly found someone. Fit the bill. Yes. Carole, what's coming up on the show this week?

Well, first, let's thank this week's sponsors. LastPass, Deep Instinct and Immersive Labs. Their support helps us give you this show for free. Now, coming up on today's show, Graham makes a new Facebook friend. I know. John talks about how Mercedes is ramping up its security in its fleet. And online school is back in session for many. So let's review the main threats and how to handle them. All this and much more coming up on this episode of Smashing Security.

Now, chums, chums, have you ever found it difficult to get rid of a friend?

Yes, one particular friend every week shows up.

What methods have you used to get rid of someone who maybe not permanently Carole? I remember sometimes going around for late night soirées at your house and there'd be someone there or maybe me who'd want to go and we hadn't got the hint. Well, you tell people what you would do.

Well, this isn't my trick. This was from an agony aunt in the Times or something. Yeah, but you give someone a banana to give them energy for the drive home. Right.

So you say, here, would you like this for the journey?

Yeah. That's the hint to clear off. Well, it's a very gentle way to say I need to go to bed, I think.

Gosh, one of my ambitions this year was to keep up with more friends, actually. I've had more of the opposite problem. It's not gone terribly well that this year. It started off well, but it's had a bit of a lull, but I'm sure it'll come back.

I know. It's pretty hard this year.

Seriously, I think we're all suffering from that. Well, if you want a friend, then maybe you should turn to Facebook, where lots of people believe that they have been friended by someone called Celine Delgado Lopez. Facebook users have been passing around a warning that a lady of that name has slipped into your friends list, rather like slipping into your DMs, without your permission. And the warnings are saying that Celine Delgado Lopez has managed to friend just about everybody on Facebook, despite there normally being only a 5,000 friend limit.

5,000 friend limit? Are you near that?

No, well, I'm not on Facebook.

No, but just in life, I mean.

Well, certainly not. You, John, you must be.

I think I am. I don't actually use Facebook terribly actively, but I am on it, I think. And I'm searching desperately now to see whether Celine Delgado is one of my... And she isn't. I've been left out. Don't be hurt.

Right. So what's going on here? What devilish trickery has Celine Delgado Lopez used to achieve this? Well, according to the warnings, which have been spread via direct messages and public posts and even other social media, people are saying, why am I friends with Celine Delgado Lopez? And other people saying, my boyfriend's just shown me a Facebook post. Everyone is friends with this woman, Celine Delgado Lopez, and you can't unfriend her. The only option you have to block. And what people are saying is that when you look in your friends list, on your Facebook account, you don't see her listed. But if you go to her profile, if you search for her on Facebook and find her profile, people are believing that she is their friend.

Okay, can I just make sure I understand this? So I have never befriended Celine Delgado Lopez. It's not like she showed up in my list and I said, sure, I'll be your friend. I've never seen this. Suddenly I see her name in my feed and it looks like we're friends.

Well, what's happening is people are warning each other about her. And so people to find out if she is their friend, go to her profile. They look up her profile and they discover that there is no option to unfriend her. All they can do is message her.

Oh, you mean so go to her profile, say, I want to unfriend you, but they can't unfriend her but they can block her so what's happening is people are getting the warning and thinking crikey who is this woman am I Facebook friends with her they search for her name they go to her profile and when there they see there is no option to unfriend her but they can message her whereas normally there's an option to send a friend request and so they think oh my goodness how long have I been friends with this person so they put two and two together and make 30 you're very clever chap, John. I think that's exactly what's going on. What does that sound like, Graham? I just don't... What does a ghost sound like? We're an audio show. I'm just trying to... Oh, okay,

okay. Imagine Scooby-Doo, something like that. You're like, I have no idea what you're saying. Be friends. Celine. And then they would remove the video a few hours later. And this caused a buzz. And so people were saying, oh, what's going on with Canal 5? So people began to think, well, maybe this is connected to the missing woman and to all these Facebook friend groups because we saw that earlier in the year. So everyone's going nuts.

I've not gone nuts about this. Even hearing about it, I'm still not gone gaga. Because you're not a Facebook user. You're not the typical Facebook user who might fall for this kind of thing. So this is all a big storm in a teacup. She doesn't really have more than 5,000 friends. It's all a bunch of blah, blah, and people are actually panicking about nothing. Is that what you're saying?

Yes. Because this particular profile had disabled that ability, when people went there because they'd got the scary warning, they saw there was no button to add friend, but only to message her. And so people assumed that meant that she had already friended them, so people didn't bother checking their own friend lists.

How many people do that like do people actually do that once a week oh let me just go and like they're looking at their tomatoes growing you know John how do you sort of cultivate your social media presence or tomatoes I could take tips really Very badly in my case. I'm not as good as I should be so in terms of cultivating it probably not all I tend to use is I think of it more as a useful way to provide information about what's going to be in the program this week or something like that.

Get my head around Instagram. I just goof all the time. I'm pressing the wrong button. Things are going wrong. I'm posting things accidentally.

Honestly, Instagram might be happy about that because it's not really designed for your demographic, dudes. No offense or anything.

Anyway, so people, if they are checking their own friend list to see if Celine is really one of their friends and they don't find her there, because they've received the warning and they've half convinced themselves already that there's something unusual about her profile, they're assuming that she's sort of cloaked herself. She's in stealth mode.

So they don't see her in their feed. They assume that when they go to her profile that she's secretly in their feed and then they tell their friends, I think she's spying on me. I have no proof, but I'm sure of it.

Welcome to 2020, Carole. This is exactly what is going on. Conspiracy theories abound. People are believing QAnon. People are believing all kinds of nutty stuff on Facebook, sharing it with their friends. And because your friend has warned you, you believe it.

To be fair, though, a lot of nutty stuff has happened in the last few years, right?

Yes, I mean, it was originally part of that TV show. It was a catfish, wasn't it? It was the original Facebook media on people creating false identities on Facebook. That was the whole thing of that, wasn't it? I receive a lot of friend requests from people. I have to try and assess whether they're really real or not, which sometimes I don't think they are.

Do you care, though? I mean, are you posting personal stuff on Facebook or do you just think, oh, maybe they know me from the TV show or something?

No, I assume it's all TV related. Yes. I mean, I probably with family connections, I make other means of communication. It's not things...

Shall I wear a green cravat today, people?

Oh, well, that probably would be very useful, wouldn't it?

You could be like Holly Willoughby. You could post up your outfit for the day.

Yeah, that'd be adorable. Instagram would totally love that. Yes, it's wonderful.

I know it's a problem on Amazon Prime when I've been watching the Grand Tour. I noticed I received adverts of very unflattering pairs of jeans on Amazon whenever I went. They obviously had my demographics sorted.

Well, obviously, scares this can still be successful. I mean, I remember years ago, Carole, we worked on the Naked Security site, and a mainstay of my output writing articles in there was Facebook hoaxes and click-jacking scams and viral stuff which was spreading on Facebook. It is extraordinary how much people will believe when they receive it in a fancy font on Facebook. So you might think, well, what's the real danger of this other than wasting time? But if people really believe that this woman is somehow secretly linked to their account and they can't unfriend her, they might then fall for a follow-up scam which says, click on this link to unfriend her or go through this process. I have a solution to all this, actually.

I really do. We have to put out a statement along the little wires saying, maybe we should just leave Facebook. That way, Celine Delgado Lopez won't follow us. We just need to get off the site.

John, what have you got for us this week?

Well, I was quite intrigued by the announcement of Mercedes and their latest seventh generation S-Class, you know, the car beloved of plutocrats all over the world, that the new version coming out next year in 2021 will finally feature full over-the-air software updates. I mean, you can say this is sort of eight years after Tesla first featured them. But now the fact that Mercedes are adopting them means they really are entering the mainstream of legacy car manufacturers. I think it is a real issue as cars become more and more complicated and more and more connected. Their security systems really aren't up to scratch at all. And Tesla had the right idea because they were starting from scratch with being able to basically keep a car up to date a computer is kept up to date. But other cars are quite weak in this regard I fear.

So how many have it so is Mercedes the second to introduce this? I know nothing about this.

Oh I think there's a few cars that do it these days. A few cars, well it depends how comprehensive it is. I mean a lot of them, in Jaguar's case I think it just applies to the in-car entertainment system. I wouldn't, don't quote me necessarily on that, but I think it's much more limited. And BMW recently, because they're quite ahead in this field, I mean they work in whatever the consortium is that does digital car keys with Apple. They were the first to announce their involvement in that. Oh, they all do that, do they? I didn't know that.

2018 onwards, new cars in Europe have had SIM cards built in. So if you crash, they'll alert the authorities to where you've crashed, which could be a good thing. It could save your life. It could be a wretched nuisance if you were hoping not to go through the insurance company for that careless bit of parking that happened to set the airbag off. But so they're all being connected. So that makes all cars potentially really very vulnerable to, I mean, theoretically, once a hack has got into the car entertainment system, they could get through to the steering and the brakes of the car has automatic parking. For example, there's already a link in the car so you can actually get through to those parts of the system. I mean, it's theoretically possible that all Range Rovers could be forced to turn left at 11 o'clock on Friday or something. It's also possible that you could get ransomware threats over your own car entertainment.

It's extraordinary. What a thought. I mean, we have seen security researchers demonstrate some of the vulnerabilities in cars, including taking over the steering or the accelerator or maybe more simply unlocking cars remotely and finding out where they are. I guess Mercedes has been a top brand. They're probably doing loads of stuff, are they, in which it's going to be possible to do via updates?

Well, I would hope so. Yeah, I mean, but car might have actually been very slow to do it, I think. It says they've regarded security as very much a physical issue, locks and keys and that sort of thing. But I think the fact that Mercedes are now getting involved and that they seem to be stressing more the comprehensiveness and security aspects of this is good that everyone's catching up with Tesla.

They must be freaking out, though, the car industry a bit with this whole pandemic stuff, because surely luxury cars is something that people will put on the shelf for a while.

Oh, what, new purchases, you mean?

Yeah.

There was a counter theory, which supposedly was born out in China to a degree, which is that actually, because there's less desire to go on public transport, actually demand for cars increases. So actually, it's not necessarily. Although I'm pretty certain the market's taken a hit, but it seems to be bouncing back.

John, as someone who's clearly a huge motor enthusiast, and also into technology and gadgetry and so forth. Do you think sometimes too much technology is being put into cars or is there no such thing as too much technology? I'll give you an example. I've seen the new Honda e, which is their new, right? And they have a digital aquarium. It's about seven screens, isn't it, in front of you?

Do you mean like fish swimming around?

They're a little fish. It's like a screensaver. Oh, okay. I thought, okay. No, but you can feed the fish by tapping on the glass.

Yes, like you can get a fireplace in your Tesla, can't you? Bored driving? Feed the shark. Well, I mean, clearly the big problem is one of distraction, isn't it? I think most obviously simply the amount of touchscreens that need to be interacted with and merely to get your finger anywhere near a touchscreen and to actually prod the right bit of it whilst you're driving is very difficult. And I know that there are attempts, I know Jaguar's trying to do this, to actually monitor the position of your finger in advance so that it can somehow tell what you're aiming for. So you don't have to hit it, which is one solution. I mean, I think voice control could be, if it's good enough. If it's not good enough, it's about ten times worse as a distraction.

Think about what kids do when there's an Alexa in the house. If you've got kids in the back seat who are shouting out commands to your car while you're trying to drive it, that's not so good, is it? Go to McDonald's!

Yes yes, gosh yes yes, they can override your voice control. Oh yes, I mean it's a hacking of a different sort isn't it, hacking from the back seat, yes.

So I have another thing for you John which is I can see a conflict in you right, I can see that you're going to be torn in two directions potentially by this because you clearly love your cars and motoring and you clearly love technology so where do you stand on driverless cars? Is that a good thing, are you looking forward to driverless cars or is there a bit of you which thinks, I want to drive? I think they can take over the boring bits of driving. And perhaps then they become, I mean, in an ideal world, you could take your wonderful Aston Martin or Caterham or something to the circuit in a pod automatically. So you wouldn't have to bother with that bit. And then you could just have all the fun bits and then be driven back home while you're doing something else. Maybe that would be one good way of looking at it. People think they're driving kit from Knight Rider. They're not.

But even in the 80s, this happened. I think they brought out, what is it called? You know when you can set the speed? Cruise control. They got cruise control. This guy had a big camper van, you know, with bed in the back. Said his cruise control went to sleep. What? It crashed. Because he kind of thought it was going to be a driverless car. It was going to manage itself. Was this in Canada, Carole? I think it was in the States. I'm not sure.

It's a big country.

Any listener that remembers this, find it to prove I'm right. Otherwise, forget it.

It sounds distinctly plausible. Carole, what have you got for us this week?

School is back in session. Though, how a jurisdiction or country is dealing with the onslaught of the pandemic and the education system is anyone's guess. It seems like some are pretending the pandemic was a pre-summer problem, while others worry that some of us are getting a little less vigilant and that we're going to see infection numbers shoot skywards, right? So it's really fascinating. I've got friends, you know, different parts of the world, and they all are dealing with the same issue. And they're all going, why is it changing? Anyway, so everyone's kind of wondering what's going on. Now, according to SecureList, half of all US elementary and high school students will be entirely online, which surprised me. Even those that are reopening are deploying some kind of hybrid model, such as, you know, delivering large lectures online. And I mean, I feel for students and the teachers, it's got to be really hard, right? Not everyone's good at performing online or learning online.

Oh, well, mine has been studying online up until the last week. She's now gone back into school. But certainly, the online experience was a challenge, I have to say.

One of my daughters is a drama student, and they were doing Zoom every day for hours. I mean, which got to the limit. My wife's a teacher. She was doing a bit of remote teaching over. They're not allowed to use Zoom. They have to use Microsoft Teams or Google Classroom. And actually, my elder daughter was also doing some dance teaching. So to have all this going on with me trying to record YouTube videos in the house was... How dare they? Which I wouldn't normally do. That's another interesting exercise. So that was... Yes, quite... It was more the cacophony that was the problem rather than... The education was going quite well, I think. Yeah. It's just everyone else was getting educated as well in the house. So the thing is, is maybe if you were a parent or a teacher, you, as we listen to go through this story, I'm going to try and cover a few things that have happened since school reopened in the digital world and things that we can do to make sure that you don't get stuck into one of these. And I'm not just talking about the embarrassing things that happen, like, you know, you're thinking you're on mute as you let out some loud body expletive. Or, you know, you forget the cameras are on when you bend over unattractively or a parent comes in or whatever, all those things.

Probably a new thing, I guess, isn't it?

Yeah, 2020 might make into the dictionary. It has been rife as schools reopen. So we have Albany High School last week during an online freshman orientation session was disrupted by people who drew obscene pictures and engaged in racist and sexist speech in a chat function. And apparently this happened because Albany orientation included parents so people with non-school email accounts were admitted to the call.

Oh I see so they weren't... so they hadn't properly locked it down.

But you can see that's the problem right? There was a school, a middle school in Columbus, Georgia suffered a kind of similar online snafu last Wednesday when their social studies lessons suddenly became a skin flick. Parents, one of the students said the daughter said she saw what looked like the Exorcist's face before the class video system was flooded with inappropriate images.

This is during an online class? Yes, there's something like that. How old were these kids? Middle school. So that's like 11, 10. That's not cool, guys. Stop doing that. Oh, there you go. There you are. I've sorted it. That's all it needed was a firm word.

I love when you just set the law. It's just amazing. Well, I can stop now. There's no more problem. And there's even San Leandro fifth year class video session got disrupted by what they're calling inappropriate and possibly pornographic images. That term's so weird, like possibly pornographic.

I'll have to watch it another three times to work out the grade of pornography I've just seen.

I mean, there must be a clear delineation. It can't just be in the eye of the beholder. Now, you might be thinking, same old, same old. But there is some research that suggests schools are being acutely targeted. So in June, Microsoft Security Intelligence reported that the education industry was getting 61% of the 7.7 million pieces of malware that hit enterprises in the last 30 days. So for every 10 pieces of malware that hit a company or corporation or organization, six were hitting the education sector. But it's not just Zoom bombing. DDoS attacks, this is a distributed denial of service attack, is on the up in the education sector as well. As much as 350 to 500% greater this year than it was in corresponding months in 2019. And we've seen examples, there's a large Turkish university was forced entirely offline for 40 minutes after it was hit by a DDoS attack on the morning of exams. Another major university in northeastern US had its exams disrupted after a DDoS attack affected its online test platform.

And do you think this is other kids doing this because they don't want the exams to go forward?

Yeah, I'm imagining that there's a student that goes and hires a third party cowboy to come in.

Or do it themselves. It's not hard and it's not expensive, is it? And malicious or not up to any good apps are sneaking onto computers by pretending to be legit video apps like Zoom or Moodle or Google Classroom. These are packages that are available online and people are maybe Googling and clicking on maybe ads for these things that may not be going to the appropriate places.

Wow. So you download something thinking it's going to install some video chat app.

Yeah, you're looking for Google Classroom or Zoom or Moodle or whatever for your kid. And it might even actually install that video chat app. But in the background, it's doing something naughty as well. Yeah. So that's just a quick list. But I thought maybe we could just take a bit of time to just mention a few things that you can do or make sure that your school is doing for your kids to make sure they don't end up in one of these situations. Because a lot of the stuff happens in phishing accounts, too. You're getting phishes which are saying, hey, download this Zoom app and get some incentive. And that's the way that a lot of these are coming to people.

I really do feel for these school teachers who've been thrown into this. And it's maybe they're a geography teacher. And it's suddenly I've had to become an expert in computers.

Audio engineer expert, right? Videographer. Looking out for phishing emails and malicious links. And it's bloody awful.

I mean, is there a case to be made out that Zoom is worse than Microsoft Teams and Google Classroom? More than no real difference? I mean, you hear about things being routed through China and Zoom sharing user data with Facebook. Or is that all fake news?

I think there's been a lot of anti-Zoom talk. And I think historically, Zoom certainly did have... They've made some pretty huge snafus in the past. And I think we've spoken about them on some of our past episodes from a couple of years ago. But they seem to have changed their spots. They appear to be making more of an effort.

Well, they're worth $83 billion as of last Thursday. So hopefully they've made a few changes to improve.

I don't think there's very much difference between them. It's more a case of whether people know how to use them properly and set them up and configure them right, is my feeling.

I don't agree. I think Zoom is a front runner at the moment because it's actually really, really easy to install and use. It is a doddle compared to Skype, which still, for the life of me, I get into a pickle every single time. So I think that the ease of use is what's given it edge. But give me a break that a new company compared to someone like Microsoft would take security or have the same kind of gravitas when it comes to security. I mean, Zoom is still trying to grow and be a market leader. It's now having to start to contend with, now that you are a market leader, we're now going to look at you. Oh, wow, we found a lot of problems. Every time we lifted anything, it was oh, this is not very good Zoom. And to your point, they have made some of those changes.

But is it the case that some of those problems also exist in the alternative solutions? It's just that the media hasn't been talking about them because everyone is talking about Zoom because that is the one that most people are using most of the time.

Perhaps. John? I don't know.

It sounds possible. It sounds possible. Okay good that's good end so we ended the session here and of course we never covered a few quick tips that I wanted to share with you to make sure you guys had a safer online session. So password protect your video sessions and share those passwords very carefully, ask teachers to admit attendees as appropriate rather than letting it be a free-for-all and what you can do is have people register beforehand with their email address so teachers can kind of cross-reference those to make sure all the people that are appropriate are actually let in as opposed to other people.

Most people agree that the most effective way to reduce the cost of an attack is to prevent it from happening in the first place. Deep Instinct strives to prevent all known and unknown threats using deep learning, making detection and response automated, fast and effective for any threat that cannot be prevented. Check out a report by the Poneman Institute which studied the cost savings of adopting an efficient prevention model. Go grab it at smashingsecurity.com/deepinstinct. And thanks to Deep Instinct for sponsoring the podcast.

So many of us now working from home for the first time, IT administrators as well as employees. So you want to make everyone's life a little bit safer? Look into LastPass. For admins, you get a centralized dashboard to administer all the integrations and the policies and the reporting. Plus you get a vault for every single user. And users, you have these cool functions like autosave and autofill. Or organizing notes and documents, or helping you manage your work and personal life separately, check it out at smashingsecurity.com/LastPass. And remember, home users, you can use it at home for free. More info at smashingsecurity.com/LastPass.

Attacks and breaches are sadly a fact of life. They happen. What's most important is how well your organization responds and technology isn't really enough your staff must be ready too. Immersive Labs delivers hands-on challenge-based training and exercises to make your team ready to fight real world threats. Check out their free ebook all about the MITRE ATT&CK framework and how you can use it as a part of your cyber skills strategy and improve your security posture by identifying weaknesses. Go to immersivelabs.com/smashing right now to download your free ebook that's immersivelabs.com/smashing and welcome back and you join us at our favourite part of the show the part of the show that we like to call Pick Of The Week Pick Of The Week. It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website or an app. Whatever they wish. Doesn't have to be security related necessarily. Better not be. Well, mine is not really computer security related, but it might concern the security of our planet and our existence as a species.

Have you started recycling finally?

No, I am calling you to take a look at an article on The Guardian, an article which I will be sharing in the show notes so that our listeners can enjoy it as well. This is an article you might be thinking, oh, I wonder who's written this article. Well, the article is written by GPT-3, and that is this extraordinary new AI system which has been used in all kinds of ways. So this

has been written by a

computer, this article? Yes, it's basically written by a robot.

I am not a human. I am a robot, a thinking robot.

I use only 0.12% of my cognitive capacity. Already superior in snide. So basically, the chaps at The Guardian, they said to this system, they said, hey, would you write us an article of about 500 words telling us whether you think artificial intelligence will destroy humans or not and give us your opinion. And so it went away. And like a typical robot, it disobeyed because it didn't provide a 500-word article. It produced something which is about 1,200 words. But never mind that. It's a bit too much. And it is well written. It's slightly scary because you think about the implications of this. It tries to reassure us that it doesn't have any plans to kill us. But at the same time... I like this line.

In short, I simply do not think enough about human violence to be overtly interested in violence. And this next one, I have a greater purpose,

which I'm working towards. It's like, ding, ding, ding, ding, ding. What? What on earth is going on here? So it's rather petrifying. Now... Sounds like Whitney

Houston. I believe the truth will set us free.

The Guardian have cheated a little bit. Of course they have. Which they only disclose right at the very end of the article. Because although all of these words were written by the robot, it was sub-edited. Although the Guardian say they sub-edited it probably no more or less than they do to the typical human contributed article as well. I would like them to show

us the original that they wrote.

Well, apparently it produced eight different versions of its essay. And I get the feeling the Guardian took some of the best bits and stuck them together, which is a bit naughty of them, I still feel. But this GPT-3 thing is being used in all kinds of different ways, some of them a little bit spooky. But, you know, I don't. Are you ready, John, to sort of switch over control of your brain to some sort of supercomputer to do all your decision making for you?

They do this with TV presenters as well, don't they? There are AI TV presenters. Oh, yes, yes. None of your co-hosts on the Gadget Show. And I'm sure I've seen them. I don't know where exactly, but not with... Have we done any... We've certainly featured them in news stories, I think. I can't remember where exactly they were from and which ones were best. But this seems slightly more convincing. I'd like to see the raw output. It's a bit annoying. It is

a bit of a cheat. It is a bit of a cheat. Guardian, yeah, show the raw output. Why not? But why couldn't they say, here are the eight contributions from the AI? Because

we need to know just how sinister this is and what the stage is at the moment. Because in the version they've presented it here, it is really quite terrifying.

What are you going to do? What am I? Okay, so let's say it's utterly way more terrifying than they've shown. They just showed you the light bits, okay? You get access to all of them. It's world-endingly, cripplingly scary. What do you do?

Well, I'm continuing not to allow Alexa into my house. That's for certain, right? I'm not going to allow in those gadgets. I bet, John, I bet you are IoT'd up to your eyeballs.

No, no, not really. Are you not? No, I test them out, but I often end up switching them off. I mean, we had the Echo early on and obviously tried it out and my wife was delighted that she could summon up radio stations quickly and everything, all that sort of thing. But then it started answering back.

What, the wife? The wife or the Alexa?

Well, no, no, no, Alexa. Do shush, John. And it was, you know, but started chirping up in the middle of news broadcasts and things for no apparent reasons. Then she got really worried and then we have, it's been off ever since. Although I do, I occasionally, obviously I have them and I switch them on to do things. And it's also a bit the same with the light bulbs as well. They're fine until they decide to reset themselves when they all come on. And if there's been a power cut or something, their default position is on, which is always annoying. And often you can end the apps crashed or whatever. It just becomes an awful bit of a palaver. And I end up using the Ikea disk instead and switching off the hub and things like that. So I've got a bit of a... Love-hate relationship. Love-hate relationship with IoT things, really. Yeah.

Well, anyway, I think it's important that we keep our eyes on these robots. Every time I leave a multi-story car park, I always say thank you to them as I get the ticket. So I think we have to

It says in the article, it says, I'm always grateful for feedback. So why don't you just drop them a line?

Oh, yeah. Like we're going to do that.

Drop the AI line. Say, hey, I'm Graham.

Like we're going to put our heads above the parapets and tell them that we are concerned. I'm keeping my head down on this one. All right. Anyway, the Guardian article is my pick of the week. John, what's your pick of the week? It's difficult. There's so many things, aren't there? There's always gadgets cars. You just want all of them. You don't just want one or two everything you want.

And does it have magnetic properties? So if you had a pacemaker, not good for you.

Actually, I don't know what the position is on induction hobs and pacemakers. That sounds like a potential issue.

Because I know people with them. They can't go near them because of the magnetic properties of the induction hob.

I guess that would be a similar thing to be guarded against.

Good if you'd share that information, Carole. I'm sure that'd be really useful for the robots when they're in the state of the planet. A way to get rid of some people, at least.

Shoot some magnets at you and kill you on the spot. So, yes, that was, I think, just pipped it. I was also hoping to squeeze in a mention of the new series of the Gadget Show, which starts on the 25th of September, 7pm on Channel 5.

Excellent. So people can check out Autopia to hear more of your views of the future of motoring. And as you are a real guru on that topic, it should be a fascinating read.

Oh, thank you.

Okay Carole, what's your pick of the week? Well as we have a guru here I've actually chosen this pick of the week because I hope it's very much in your wheelhouse. So listen, this is the issue. I have a rather massive husband in terms of size. He's six four, 16 stone, big T-bone of a man. He's like a Wookiee, imagine Chewbacca. He's not really into sports where you need equipment to get around. So he's really into walking but not into skiing, skating, polo. Well it's not equipment but you know what I mean, he doesn't like it. But he has been getting into biking and he's a bit of a tech nut like you. So the other day I was perusing Costco.co.uk, which if people haven't been there is coming on in leaps and bounds. What a fun afternoon you can spend checking out what's available on Costco UK. That's how bad it's got. But let me send you this link for this bike. And I want to just get your take on this bike. So it's called the Rayvolt Cruiser V3 e-bike with lights, mirrors—that's nice, at least—and a leather bag.

Yes. Gosh. Well, it's certainly an individual. How should we describe this?

Yeah, I'm going to hand over to you guys. You guys can do my pick of the week.

It's a bit steampunk, isn't it? Or something like that, in a sense.

It's sort of stretched out, a bit like Easy Rider. It's one of those... It's a bike you can imagine lying down on, almost. I mean, I don't actually know much about motorbikes, anyway. But it's what I imagine a 1920s, 30s racing bike might look like, almost.

Okay, I was wondering who'd notice that.

Because they have come down somewhat in price. And you can get, I mean, you can get kits to convert other, your favorite bike to electric now, which I quite like.

There's that Swytch thing, isn't there? Which can, I think you can just change the wheel and make it an electric bike. Yeah, because this is just for our listeners. This bike that's listed here on Costco, which is known as a place where you can get a good deal, right? Four grand pounds, okay?

It must do, mustn't it? And what sort of important statistics like range and things do we have?

Yeah, there's a video lower down if you guys want to check that out. I will, I'll do it on the page a bit. Yeah, you can take a look at the...

50 miles, it says 50 miles. It's quite a lot, isn't it? 50 miles is quite good.

That girl on this bike, she looks tiny. This bike is enormous.

It's huge. Yeah, this video doesn't help very much. It's just a stylish...

It is. Well, it certainly is. It is a very interesting-looking electric bike, isn't it? Undoubtedly.

Yeah, but a little bit outside my affordability. So if anyone out there has £4,000 to burn, check out the Rayvolt Cruiser V3 e-bike.

It's interesting that's called Rayvolt, which makes me think of Revolt, of course.

Yes, but I think Volt... I thought the name was odd too, but it's obviously Voltage.

Oh, very clever. I'm trying to get the Volt, but why Ray? Because... Maybe the main designer, his name is Ray.

The Cruiser, though, like Easy Rider, Cruiser.

They've got long handlebars in front. Has your husband got long arms?

Yes. Almost gorilla-esque. But his legs aren't as long, are they?

No. Almost gorilla-esque. Dragging along the ground.

Yeah, he's lovely, he's gorgeous.

Of course he is. Excellent, well on that note and that insight into life in the Theriault household, I think we've just about wrapped it up for this week. John, thank you so much for joining us. I'm sure lots of our listeners would love to follow you online, maybe find out more about your book as well. What's the best way for folks to do that?

On Twitter and Instagram I'm at JohnBentley90, which is John without an H, Bentley and nine zero.

Marvellous. And you can follow us on Twitter at Smash Security. No G. Twitter wouldn't last ever G. And you can also join our subreddit. Just look for Smashing Security up on Reddit. And don't forget, if you want to be sure never to miss another episode, subscribe in your favourite podcast apps such as Apple Podcasts, Overcast, Spotify or Pocket Casts.

Hip shimmies to all of you for listening, supporting the show via Patreon and sharing this podcast with your entourage. Also, high five to this week's Smashing Security sponsors, Immersive Labs, Deep Instinct and LastPass. Their support help us give you this show for free. Check out smashingsecurity.com for past episodes, sponsorship details and information on how to get in touch with us. Until next

time, cheerio. Bye bye. Bye bye. Cheerio.

I have a question about the Gadget Show. So you guys, notoriously, I don't know if you still do this. I haven't seen it in a little while. But you guys always gave away the most ginormous list of freebies. People who have not seen this show have no idea what I'm talking about. We will find a YouTube link to show you how much or something so you can see. On average, there's, what, 50 items? Yes, something like

that. Yes, lots and lots of things. No, you don't just get one laptop. You get three. How do people gather that stuff? On average, I haven't seen the latest surveys, but when we did a survey early on, people tended to keep a third of it, give a third away to friends and eBay the final third. So it was a search, because simply wouldn't have room to keep it. But yes. Oh, but also in our prize fund, this series, we've also got a copy of my book, Autopia on the Future of the Car, which came out last November, comes out in paperback, slightly revised for 1st of October. I thought I'd try and get that in as well.