Smashing Security podcast #303: Secret Roomba snaps, Christmas cab scams, and the future of AI

And these photos which have been shared include pictures of people sat on the loo.

And people are sharing these pictures online. People are oh, hey, take a look at me. No, no, no, no, no, no, no, no, no, no, they're not. Okay.

Smashing Security. Episode 303. Secret Roomba Snaps. Christmas cab scams and the future of AI with Carole Theriault and Graham Cluley. Hello, hello and welcome

to Smashing Security episode 303. My name's Graham Cluley. And I'm Carole Theriault. And Carole, for our last episode of the year before Crimbo, look who we've got. We've got the register's Iain Thomson. Hello, Iain.

Hello there. How are you this fine and lovely morning?

You mean afternoon. Oh, we're doing a transatlantic.

I'm actually a little bit like Rudolph the Red-Nosed Reindeer because I have an enormous pimple right on the end of my nose.

That's not like Rudolph because that's not a charming little cute deer.

Well, it's red, it glows. I'm scared of going out of the house in case people laugh at me. Do you want a trick? Do you want a trick on air of what you can do tonight? Oh, go on then, go on, yeah, tell me, can we?

Just tonight, when you go to sleep, just dab on a little bit of baking soda, which you probably won't have, so a little bit of toothpaste on your little pimple. Really? Yeah, and it'll dry it out by morning. Oh, interesting. Okay. There you go, that's how we open the show. Lots of tips. Before we kick off, shall we thank this week's sponsor, Bitwarden. It's their support that help us give you this show for free. Now, coming up in today's show, Graham, what do you got? A Roomba, a Roomba.

What about you? Well, I've got a security warning from the Swomis. The Finnish government has been looking into how AI is going to be used to crack your computers over the next five years. Oh,

God. And thank God I'm here, everyone. I have a Christmassy tale of Irish woe. All this and much more coming up on this episode of Smashing Security. Now chums chums listen carefully you might be able to hear the sleigh bells ringing in the distance snow is falling even in San Francisco it's been a wee bit frosty Santa is going oh we're all relaxing and it's time for the Smashing Security Christmas party of course oh wonderful just a minute.

be going for the bake-off market, but go on. Imagine you're there with all the rest of the crew, and your boss is serving up some old slop, and it's disgusting. It tastes donkey vomit that's barely warmed up to room temperature. Well you're talking to a journalist here so that's default position Yeah you have to be pissed into eating really don't you it's a liquid diet largely. And there you are after the party. You're driving home in the wee small hours of the morning through the snow.

Where are you living? You didn't figure that one out. And you crash and die. The end.

No, that's not the end of the story. But you feel, you can, oh, crumbs, your stomach. Oh, blimey. You're feeling a bit. Oh, no. You're feeling a bit dicky, right? You've got a bit of a fever. Your stomach's gurgling. Whatever your boss has fed you, it just isn't agreeing with you.

Plus, you've got this big zit on your nose, you know. Which is

Lighting up the road as you drive home. Drunk. You lurch into your bachelor pad. Carole, you're in a spinster's cave or a chick shack or whatever. What is the feminine version of a bachelor pad? A bachelorette pad? A home. A home, yeah. Okay. You live alone. You don't have a partner. It's just you, right? You race to the loo. You pull down your kecks and you let loose.

This is just too visual, honey. This is not nice.

We're painting a picture with words.

No one wants to see this picture. I'm literally painting from the sounds of it.

We're decorating the porcelain. We're hevel-dashing it, yes.

Thank God I don't have to edit this bit. And then you hear a noise. Right? Something or someone is in the hallway. It's the dead of the night. You're thinking who could that be? Did you leave the front door open? Could there be a burglar, a robotic burglar? The cat's become a cyborg.

Yeah, exactly. You try and stay as quiet as you can, right? You're gripped with fear.

It's the tuna fish you should have thrown out weeks ago.

It's difficult to stay quiet in your current state. You try to clench your buttocks, but... And then it comes around the corner. Oh, thank goodness for that. It's the iRobot Roomba J7 Series Robot Vacuum.

Which miraculously appears in your house without you purchasing it?

No, you do own one of these. You just forgot.

Yeah.

It becomes sentient at two o'clock in the morning because that's when people set them to go round the house.

No, who does that?

Lots of people do because you're asleep upstairs and so you say, do a quick, you know, trawl round the house.

At two in the morning? Not if you live in a bedsit. You put us in a, what was it, a chick shack you offered me. It's a bedsit.

It's a bachelor pad. You mean a mansion. It might be a duplex. You might normally live upstairs. Right. Anyway, it's your pride and joy. It's your little friend. It's vacuuming your house tirelessly in the middle of the night when normally you'd be asleep. And you think, well, that's all right, isn't it? Doesn't matter. That's safe, isn't it? No, wrong, wrong. Not safe at all. Because, as MIT Technology Review has reported, pictures are being taken inside people's homes by Roomba robot vacuum cleaners and are then being shared on social media.

OK, whoa, whoa, whoa, whoa, whoa, whoa. Yeah. What kind of? OK, are they pictures of the floor? Pictures on the loo. Yeah, are they pictures of the floor in front of them? So if I was on the loo, they would see my big toe.

I am talking about pictures where the camera is angled upwards. And these photos which have been shared include pictures of people sat on the loo.

No one wants to see that with me involved.

And people are sharing these pictures online. People are like, oh, hey, look at me. No, no, no, no, no, no, no, no, no, no, they're not. It's not the owners. No. Because as Technology Review describes, pictures of, for instance, a young woman in a lavender T-shirt sitting on the toilet, her shorts pulled down to mid-thigh, are being posted on social media, not by young woman in question. But by? Well, this is the question, isn't it? So it's two big questions as I say. Number one, who on earth wears a lavender T-shirt? People wear lavender t-shirts.

No, they don't.

Yes, they do.

No, they don't.

I don't know. I don't know. Let's do a test right now. Let's do a survey. I'm just raising my hand here at the moment. I do have a lavender t-shirt. Admittedly. You have a lavender t-shirt? Yes, but admittedly it does have a picture of Cerebus the Aardvark printed on the front of it, but it is lavender.

My hair is currently lavender. Well, I'm outnumbered. Okay, so three big questions. Who wears a lavender T-shirt? I think we've answered that one. Next question. Why are robot vacuum cleaners taking photographs of people on the loo? And finally, why are these photographs being posted on social media sites? And I hope to explain why this is happening to you. So instead of pimp up my car, pimp up my Roomba.

Let's not use the word pimp too much at the moment. I'll say to my nose if you mind. That'd be good. But yes. So maybe it's Mrs. Geoff Bezos sat on the loo. I don't know. Well, they're not living in the same.

Yeah, they're not living in the same house anymore.

I'm pretty sure she has a mansion somewhere else.

You've not done a lot of research in this story. There is a lot of weird... He's got a girlfriend. Hasn't he married his new girlfriend?

No, no, they're still just dating and he's just wandering around trying to look buff, going through his midlife crisis.

Oh, God, discussing the prenup. That's going to be a long one. So there are people who work for the company who get these vacuum cleaners, these special versions of the vacuum cleaners. But there are also apparently people who are actually paid by Roomba to collect data. They pay guinea pigs.

Like beta testers kind of thing.

Yes. I think what's happening is that they basically say, look, if you pay me a little bit of money, I will run your special Roomba around my house and allow you to collect data about me and about my house.

Oh, so the fine print always comes down to the fine print.

So maybe this is their way of getting the robot vacuum on the cheap. And all they have to do is pay with their privacy.

Yeah. I mean, they're absolutely.

Wow. I mean, I'm sure we both remember InfoSec. There was one PR company that did a questionnaire on, would you give over your password for a chocolate bar? And it was typically about 80%. So yeah, Roomba, no surprise there. Yeah, yeah. And anyone would say anything for a chocolate bar, weren't they? It's the most pointless press release ever, wasn't it? Well, yeah, I mean, one, two, three, four, now give me the Bournville chocolate bar. Yeah, give me the Cadbury's.

God you're like the Roomba's in there

Get out now throw the kids in the garden little Charlie lock them in the airing cupboard tell them to hide upstairs pretend there's a Dalek in the kitchen go upstairs stay up there till we've dealt with it

Graham are you suggesting that the reason they say hide your private stuff is because they automatically put it on social

Is that what they're doing well I don't think it is automatic I don't think it's designed to promote Roomba. We're going to get on to why this is happening in a moment. No, but it's an interesting theory. I mean, I have to say,

I was just thinking, it's just well, hang on, security on IoT devices is pathetically bad, usually. So maybe, is someone hijacking the signal?

Right. We've seen this recently, haven't we? We have Eufy webcam doorbell things, where they've been uploading and you can get a live stream from people's doorbells, even though they claimed they weren't sharing anything with the internet. Indeed. Also transmitting passwords in plain text over Bluetooth. Right. Very, very popular. So iRobot, when this technology review report came out, they're not very happy about it. And they say, look, as far as we're concerned, anyone who appears in these photos or videos, they're perfectly fine with being recorded. Whatever they're doing, they're comfortable with it. And our employee who you caught on the loo or our Roomba caught on the loo, I'm sure they're fine with that because they signed off on it, and they wouldn't have allowed the vacuum cleaner in if they... But the problem is, of course, these things are collecting our personal information. There's so much IoT which is doing this and other services as well. Our voices, our photos, our faces. I said faces. That's the kind of thing which they're…

I'm just wondering why you didn't start this story with a couple trying to do a bit of Netflix and chilling, you know, as opposed to the extremely colourful…

Because that's the example that was actually shared by MIT Technology Review, was of this woman on the loo. I'm looking at it now, and the picture is, yeah, she's sitting there showing. Yeah, she is. Yeah. So why are Roombas collecting this information? To get smarter. That's why they're doing it. They're learning more about the outside world. And the reason why they're not just looking ahead but are angled upwards is because they want to learn more about their environment. And so they're thinking, well, you know, we need to know what's around. And for instance, you might be able to map a room more easily, the dimensions of a room, if you look upwards towards the corner of the ceiling, rather than trying to work it out from what you can see at floor level. It kind of makes sense.

Is she doing her business in the dark or does it have just a really shit camera?

It looks like there's a light on outside, but not in the room itself. God, I feel like a pervert just looking at this. I haven't analysed the photo

This closely, I must admit, so I can't help with this. Hey, don't blame me. You brought this one up.

Hey, you definitely used your imagination, yeah.

So what happens to these pictures and video streams? Well, of course, they're uploaded to the internet, right? I mean, you know, surprise, surprise. Where a massively sophisticated AI, artificial intelligence system, it analyses every image securely, then securely – oh, no, it doesn't do anything that. What happens is... Has Graham lost his mind? Yes, a while ago. What happens is low-paid gig workers, they've got the job of labelling items in each picture, and they say, that's a dog poop, that's a chair, that's a stool, that's a frying pan. It sounds a monotonous job.

Oh, to educate the AI. Right. With words and images, so trying to do that cross. Yep, yep.

And iRobot's founder, his name is Colin Angle, he says that this enables them to build intelligence into their products, object recognition and avoidance, blah, blah, blah, customised cleaning suggestions. That's his angle on all of this.

And it's all down to some poor sod who's got to sit there and click on, this is an image of this, this is an image of that.

Right. And I cannot wait for a fucking smart vacuum cleaner. I mean, I just can't wait. I just don't know how I've lived this long. Haven't you? I do, actually. He does do all the vacuuming. There you go. There you are. It's the ideal. But of course, these people have now got pictures of your face. Oh, yeah, but there's obviously a here's a funny one, guys, which is why they loaded up the toilet ones.

This was on a private forum or on a public one? It sounds like it was a closed group, and the images were then later shared with the journalist. As happens, yeah.

Let's write a story and say...

Has that ever worked, Iain? Has that ever worked? I'm sure I begged you once or twice not to write something.

I know. Well, in fact, I did. There was a long and hard debate which actually relates to the toilet issue. Do you remember North Security? Oh, yes. Who went spectacularly bust. We broke the story of the bust. But the person who leaked it to, or one of the people who I was speaking to, obviously you've got to ask, can you prove that you're a member of North Security? And he said, well, yeah, here's this and here's this. Oh, and here's a picture of the Christmas card they sent us last year. And he sent a Christmas card with the CEO and his family, and he'd laid one out over it to be polite and sent us the picture what he'd literally taken a dump on his boss's photo and sent it to you because you want to see that?

No. Sent it to me for confirmation he wasn't a pissed off ex-Norse employee. And there was a huge debate about whether or not to run it. I mean seriously, it's just well, just pixelate out their faces, but then we also would have to pixel out the device and then we've just basically got a thing of pixels.

Anyway, back to the point. So, Technology Review, they actually pixelated out people's faces, the woman on the loo. Yeah. And they sort of said, well, it's more than Roomba did. So, iRobot, they say that they are terminating their relationship with a service provider who leaked the images and are investigating and taking measures to stop it from happening again in future, though quite how they're going to do that, I don't know.

Sorry? Where was the sorry there? Just a little word. It's not hard, guys. Not hard.

What have you got for us this week? Well, usually government reports are really, really boring. They are second only to financial statements when it comes to we've got to cover this story, I'm going to be spending the next two hours reading bland stuff. But amazingly enough, Finland, a nation which punches above its weight in software, hardware for Nokia, drivers for Formula One and rallying, and in getting spastically drunk and jumping over fires, which is actually a leading cause of death during the summer solstice.

You're kidding.

No, they lose a couple of people every year because you go out to the country, you build a big bonfire, you get drunk, and then you jump over it. And people trip and fall. What could go wrong? Basically, they've laid out a five-year plan of where we're going in terms of AI systems being used to hack your computers. Now this is obviously speculative, but it is taken from an analysis of what data is out there and what code is there. But we're going back to probably the early 1990s in terms of security and script kiddies, because these people, once they get AI enabled, you can farm this stuff out to anyone who'll pay. The main problem is they're going to use AI for finding holes in your system. Automatic vulnerability scanning is going to get improved. And then you've got generating data to do proper spear phishing. Finally, it's the speed of reaction. You can't beat a computer when it comes to speed and automation. And this is a point where I disagree with the report. They say there is no evidence of AI attacks. Well, first off, GAN generation of faces could be considered an AI attack. So we're at that stage already, but the main thing at the moment is for phishing. What they're predicting will happen is that you'll go for vulnerability, you'll find a vulnerability, get in there, and the AI system will automatically look for key data and key individuals who can be targeted in future. So basically, next couple of years, phishing is going to be the major issue. But the big question is, can you get a full end-to-end? AI gets into your system, defeats your security software, reacts to its attempts to cut you out. They're putting that at five years, and they're saying it's only going to come from nation-states. So it's going to come, but I think we're all pretty much divided on when it's going to come.

I wonder if this might mean the end of something like apps, right? Because apps won't be able to survive in a world like that because they'll all be full of vulnerabilities, right?

They can't survive now, yeah.

I think you're right. I'm just wondering if we'd go back to a kind of Google or internet-based method of working. Because those

can't have vulnerabilities, you mean? No, no, they can.

But I wonder if, I don't know. It's just really, I think everyone's kind of overwhelmed with how many fucking things you've got to manage. It's just too much.

And this is one of the things they're relying on, because you're right, we've got so many of these things. I probably shouldn't, I mean I don't know about you guys, but corporate policy is I have to change my password every few months, and that's just a nightmare.

Obviously there are automated systems already used by vulnerability researchers to find vulnerabilities, to find security holes. And we've even seen recently things like ChatGPT, where you can give it a lump of code and say to it, tell me where the problem is, and it'll say, oh, there's a vulnerability here. Now, admittedly,

Stack banned them temporarily because they got it wrong so many times, but that technology is getting scarily smart now.

Yes. And it's only still nascent. Well, as you say though, there are already tools to do this. One of the points they made in the report is that when it comes to an AI going around internally in a network and avoiding security software, there are no data sets for that as yet. There's not even that much academic research. There's only been, I think there's a research center in Israel from 2020 and one at Carnegie Mellon from 2019 that are looking at this stuff. So there's no AI training sets. Is there anything good that's coming from AI though? I mean, if we were to balance the good and the bad, do you, it feels like we tell a lot of doom and gloom stories regarding artificial intelligence on, well you do.

All the time. We tell doom and gloom stories about technology in general, Graham.

My story was very, very positive. If you were to fall down the lavatory, then maybe the robot would actually come to your rescue. Maybe it would send out a distress call. It's only going to require a new update, I'm sure, to the Roomba to do that.

All right, so now definitely do poop with your Roomba with the door open. Didn't you hear that story this week that happened with someone's Apple iPhone? This was a remarkable case down near Los Angeles. It was local news. A couple were driving along, lost control of the vehicle, fell 300 feet into a gorge.

That's what we need, some cheer, finally. Thank goodness. Carole, I'm sure you're going to cheer us up with your story as well. I am. I have a Christmassy tale with a warning. All takes place in Ireland.

You can take the woman out of Canada, but you can't take the Canadian out of the woman. Exactly. I love a white Christmas. Cabbies are likely to see a big bump in ride requests when the weather's shit. So it's the perfect cabbie trifecta because you have bad weather, you have holiday festivities. And that means you have many merry people who will need lifts to and from places. Are they hacking the taxi driving service?

No, but good one.

Are there cameras in the taxi cabs?

No, that's a okay.

It's pretty low tech approach actually. It's kind of fun.

Is it a cut out of people's faces? Are they wearing reindeer ears using their Facebook photos? Okay, no, no, I have to. So this is the game plan for the attacker according to the paper. So you hit up a busy pub, maybe full of festive cheers and work parties and family gatherings, and you eyeball the target. You might choose your target because you see them pay with their phone, for example, at the bar.

said Paddy, girl. That was outrageous. Blatant racial slurries helping. I feel abused.

Taxi! Okay, and the fake cabbie's job is to do a drive-by, to be a beacon in the snowstorm, blinking on its little legit-looking light to attract the target. In one case, the victim says the fake cab actually honked the horn in sort of a yoo-hoo way and then waved him over. And, of course, the target is going, oh, God, how amazing am I? Great, I've got a cab. I'm so lucky. This is amazing. And they hop in. And what do they do next?

I don't know. How do they steal the money?

What do you do when you get in the cab? We'll

just give them a taxi ride.

Wait. What are you going to do when you get in a cab?

You say, follow that cab quick and don't spare on the horses.

You give them your address. Probably heading home. Your address. Don't you? Yes. Okay.

All right. Yeah. This is the long con.

Right. Okay. It's so long. Wait. Just wait. Okay. But that doesn't seem to be the claim because during the drive, the criminal cabbie has to somehow get his mitts on your phone. Right? So how do you go about doing that? So in one instance, the scammer brought the target close to the destination, but then asked to double check a route. Could he borrow the phone so he could double check a route on Google Maps? Guy hands over the phone. Cabby then drops it into the passenger side footwell and claims he can't get it because of his bad back.

I'm sorry. I'm really sorry.

So he says to the target, can you come get it? Can you come out to the front and come get it in the footwell? And the target's, fuck yeah, that's my phone. Yeah. So he jumps out of the backseat. Yeah. Car zooms off. Oh. So the phone is now in the cabbie's hands. They, in this instance, actually, if they asked for Google Maps, you know, the punter, the target would have opened it for them. Right. But the cabbie, they don't want to just get on the phone. They also want to get access to the bank accounts. So the first step is to reset facial ID to your own face, to the scammer's face. And then once in, they head to the banking apps and try and reset that facial ID because lots of the banking apps have facial ID required. And you're almost there because then banks will often ask for a PIN if you try and reset the facial ID for an extra layer of protection. And the key here is that people seem to use the same fucking ID that they were shoulder surfing when they first saw how to get into the phone.

That's a really complex effort to reward. I've got to say, but out of me it's just, well, respect. It's

a great story. Oh, yeah,

it is a great story. It's just, also, I've got to say as an American, the idea that your bank is taking that level of security, I mean, it's just over here, it's a joke. But yeah. Oh, really? I mean, don't get me started. When I first moved over here, Chase weren't allowing symbols in passwords, just numbers and letters, uppercase and lowercase. Anyway, but I mean, it's a really interesting contrast of social engineering and, you know, just...

And low level. You know, you don't have to be a genius here. You know, this is not tech genius. This is just good old fashioned fake cabbie, you know. Hey, you need a cab. You need a cab. Jump in. Well, this is it.

The shoulder surfing job's got to be great, though, because you've just got to hang around a pub looking over people's shoulders. It's just, oh, great. I can drink on the job. I

tell you what, the best place to shoulder surf is on places buses, trains and planes. People are unbelievable. They really feel they're alone in their seat. And it's unbelievable, especially if you sit on the aisle, be careful.

This is why the plane flight from DEFCON in Las Vegas back here is fantastic. Because you've got a bunch of people on your laptops. It's just, oh, no, I have a weak bladder. I need to go and walk up and down the aisles and just see what everyone's doing for a while.

That's why you never work on a plane. Oh, God, no. So, okay, moral of the story. Use long PINs. Harder for a scammer to remember if you have to type it in.

Maybe fingerprint ID or facial ID on your banking apps rather than just a number or something. They did have

that, and they changed it, right? They were able to change it.

Oh, I see. Yeah. Well, definitely have different PINs then for your apps.

Definitely different PINs. Yes, you do have

a PIN there. Always good advice.

Use a password manager to manage all that stuff.

And then just make sure the password manager isn't cracked. Yeah. Because then the game's over. But yeah.

Maybe take a picture of the cabbie before you get in as a precaution, you know, just because then it just goes to the cloud. Oh, they're going to be fine with that. They're not going to find that aggressive, are they? They might drive off and say, I don't want this guy in my cab. You know, he's a waster. And you might think, oh, you damn cabbie. But you might have just saved yourself. And what about shoulder surfing? If you ever think someone's shoulder surfing you, why not just accidentally toss your drink over your shoulder and say, oh, sorry, it's just for luck. What kind of bar fight are

you going to kick off, Carole, in Dublin? What

do you mean? They're lovely people. You just say sorry. Is this how you operate it?

Wow. No, you can't do that, particularly in an Irish. Only in Britain and Ireland is glass both a noun and a verb. You don't want to get into that kind of fight. That's true. So whenever you go to a pub in the UK, it's just a little club in the UK. It's just, here's your plastic glass. It's just white, white. Oh, yeah. Okay, fair enough.

It's being in an airport with your little baby knife. Listeners know that a password manager is an important tool for generating and saving secure credentials for each of your online accounts. And podcast sponsor Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Now what's nice is that it's open source. With published third-party security audits, Bitwarden is transparent and secure. It utilizes end-to-end and zero-knowledge encryption with source code that can be scrutinized by all. And the team at Bitwarden are always introducing new features to make your life easier as well as more secure. For instance, they've just introduced passwordless login for the WebVault, meaning you can authenticate into the web vault using your Bitwarden mobile app instead of entering your master password. Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today. That's bitwarden.com/smashing. I'm just trying to proceed to get my mind ready.

I thought Colin Powell was involved in that.

Despite the attempts of passersby to help him, he cannot be freed from this telephone box. Now, in the chance that some people may actually choose to watch this, I'm not going to reveal what happens next.

He's still in there. Well, I'm—

Not saying anything. But I do believe that there is now a statue of the actual so in Spain this is apparently a famous movie when I say famous famous amongst people my sort of age who are interested in old movies. So there's now a statue of the telephone box in the place where it was filmed which seems rather scary to me and my advice do not go in it. So my pick of the week is La Cabina and you can watch it on the The Tube of You. And I will put a link in the show notes.

That's actually more frightening, isn't it? Being said like that. The Tube of You is exactly what it is. The Tube of You. That doesn't sound good, no. Iain, what's your pick of the week? Well, something that's not going to get me put on a police register, certainly. No, I mean, for me, it's the new year. And we've got another trip around the sun to do. And I was thinking of the future.

Hang on a minute, Iain. Surely that can't be your pick of the week. That's your pick of next week.

Well, okay. Fair enough. Sorry to pull you up on a technicality at this point. Well, I would say it's a time to think about the passing of time then. How does that happen?

Ignore him. Ignore him. Yeah, just ignore him.

And I've just been revisiting one of my favourite books, The Last and First Men by Olaf Stapleton. It's written in 1930, and it covers basically the evolution of humanity from current day in 1930 to around a few billion years later when – well, I won't spoil the ending, but things get interesting. But this is a book which inspired Arthur C. Clarke. It's one of the more popular ones on Desert Island Discs, is the book that they pick. And it's available on Project Gutenberg free of charge because it's so old. I would say if you do read it, ignore the first 50 pages. Future prediction is terribly hard. And he kind of gets that wrong, particularly the Second World War thing. But once you get into the second generation of man, and then the third of humanity, and then the third, fourth, and fifth, and sixth, and all the way up to 18th, it becomes very interesting. And it's a good, joyful book to read at the new year, because you know that we're going somewhere, one way or the other.

I can see there's also a movie of it. I don't know. I've never crossed paths with this book.

It's one of those books which a lot of people who work in the tech industry or who work in science have read and love. It's just, but very few people have heard of. As I say, the first 50 pages are against it, but once you get past that, then yeah. He's a very interesting character, a British bloke, conscientious objector during the war, but then joined up, and wrote, was the science fiction sort of bestseller of his day, but his day was, you know, the 1920s and 30s. So no one remembers now.

Well, you've changed all of that today. Thank you very much. Carole, what is the final pick of the week for the entire year?

Yes, the last pick of the week for 2022 is a book that I just finished called The Other Side of Night by Adam Hamdy. It is a thriller, and I should say it's a book I experienced rather than read, because I just don't seem to read anymore since I got into podcasts and art. It's I have to save my eyes for looking at audio waves and art stuff. So I've been delving into audiobooks recently, and this one blew me away. So just basic premise, because there's a lot of twists and turns, and I don't want to ruin anything, but it's a disgraced police detective named Harriet. And she's now suddenly with a lot of time on her hands. And she hits the library, and she's looking at this book. She's reading this book, and there's this frightening little scribble in the book margin that leads her into this really windy investigation to find out what happened to the person who penned the scribble. Who are they? What happened to them? And basically a simple investigation becomes something entirely different and the story ends up somewhere utterly unguessable and gloriously fitting. It's a really beautiful concept and it's written with honesty and heart and grace but it's kind of also a meta thriller with really big ideas. So I loved it and devoured it up in a weekend and I would say it's the perfect book to drown in. And if you're having a quiet Christmas or holiday, or if perhaps you're visiting the in-laws and prefer to hide away than help make the bread sauce, for example.

I'm so with you on that. Sales have just rocketed.

So my pick of the week. And it's actually also on the New York Times Best Thrillers of 2022. So that's where I actually heard of it initially. So The Other Side of Night by Adam Hamdy and highly recommended.

Marvellous. Can I say we've all done very very well with our cultural picks of the week this week. We've had two books and obviously a Spanish, well maybe my one wasn't a Spanish movie about someone being trapped in a telephone box but anyway. I feel we've raised the tone and that's a good note to end on and it just about wraps up the show. In fact it wraps up the show for 2022. We will be back in the second week of January 2023 now to make because you get proper Christmases over there right, we have proper breaks over here. Now to make sure you do get that episode as soon as it's released follow Smashing Security in your favorite podcast apps such as Apple Podcast Spotify and Google Podcast and you'll never miss another episode. Iain I'm sure lots of our listeners would love to follow you online, what's the best way for folks to do that?

Well, it used to be Twitter, and I am still Iain Thomson on Twitter, although I'm mainly restricting myself to posting very little other than marking the burning of Rome, as it were. But you can get me at Mastodon Social using the same name, and I apologise in advance for the spelling of Iain and Thompson, but I have Scottish heritage, and my parents and I have had words about this, but yeah, if I ever have a kid, they're going to be called Dave or something so that no one misspells the name. So it's Iain with two I's and Thompson without a P, I think. Without a P and Mastodon Social.

Massive shout out to this episode sponsor Bitwarden and to our wonderful Patreon community. It's thanks to all that this show is free all year.

Until next year cheerio bye bye.

Happy New Year Happy New Year Thank you very much.

Yeah that was fab.

No problems that was a lot of fun.

Can you go back to bed now or do you have to go to work?

Oh god no no. My work day is 8 till 6. So yeah I'm clocking on in a few minutes. But yeah it's the American, it's not my brain.

Hey listeners, despite us still living in a crazy, unpredictable world, we wish you and your loved ones a safe and happy holiday. See you in a few weeks.