Drones, some coloured cardboard, and a piece of tinfoil may be all the kit you need to crash a robot-driven taxi, and a rapper is accused of using Justin Bieber’s name to defraud a TV company.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Okay, I'm picturing this now. So I'm driving along.
Yes.
The robo-car is coming towards me.
Yes.
Down slews a piece of cardboard in front of me, which is being hovered in the sky with a drone.
On a piece of fishing wire.
Fishing wire, trying to stay in front of me, moving at my speed exactly so that I can't see and going to crash anyway into the autonomous car. It's probably going to be my fault.
Smashing Security, episode 375. Crashing robotaxis and name-dropping rappers with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 375.
My name is Graham Cluley.
My name is Graham Cluley.
And I'm Carole Theriault.
And once again, Carole, you are on a top-secret mission overseas, maybe on His Majesty's Secret Service. I'm not sure.
Yes, I'm in the canine department, so you may hear a number of them commenting in the background.
Okay, so if your dogs are barking, it's not your feet. That's her voice.
So let's get on with this show, but before we kick off, let's thank this week's wonderful sponsors, Kolide, Material, and Vanta.
It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
I'm going to be talking about meddling with multi-sensor fusion.
Ooh, sounds fun. And I'm going to be talking about how name dropping can get you into hot water. All this and much more coming up on this episode of Smashing Security.
Now, chums, chums, I've been very busy this week. I've been reading, reading about malicious attacks against multi-sensor fusion in autonomous driving.
Is that something that you've ever been interested in, Carole?
Is that something that you've ever been interested in, Carole?
Yeah, I think I've actually covered multi-sensor fusion in autonomous driving before on this show.
Have you?
But not malicious attacks.
Oh, okay. Oh, golly.
I know.
Well, if you're an expert in this, you may well know that tech giant Baidu, they have been building fully driverless robocars. We've heard of RoboCops. These are robocars.
So these aren't just self-driving cars. These are ones where you're not sat in the driving seat. You're sat in the back. I'm talking about taxis.
For the last 2.5 years, these robot cars have been offering autonomous rides across China in more than 10 cities.
So these aren't just self-driving cars. These are ones where you're not sat in the driving seat. You're sat in the back. I'm talking about taxis.
For the last 2.5 years, these robot cars have been offering autonomous rides across China in more than 10 cities.
Yeah, this is very different from what Zoe was talking about on the show when she came on, right? Because she was talking about autonomous driving car around the M25.
Do you remember?
Do you remember?
Oh, yes. Yeah.
Yeah. And she was in the driving seat and could always take over control. In this case, you're not doing this at all.
No, no, you are sat in the back.
With your feet up.
Because just like a taxi. Well, your feet up, possibly in a crouched brace position, wondering when on earth the tech is going to crash. And how would you feel about that then?
How would you feel about getting into the back of a cab and then realising it hasn't actually got a driver? You've ordered it via an app.
You've told it where you want it to go, and it just drives off. Is that all right with you?
How would you feel about getting into the back of a cab and then realising it hasn't actually got a driver? You've ordered it via an app.
You've told it where you want it to go, and it just drives off. Is that all right with you?
That's a hard one. I'm sure I would be convinced it's fine by the people, but just like with any new tech, I'd be, this is weird.
Yeah.
I mean, we do it with trains. I mean, I don't know who's driving the Tube in London from A to B. I suppose they can't really go off the tracks.
Well, hopefully not.
Well, yeah.
But I mean, the thing is that if you're in a regular taxi, you might change your mind and say, "Oh, just drop me off here." Or actually, yeah, I know I told you to take me here, but could you instead take me to my mum's house?
Because I've got to pick up some laundry or I've got to do this or that. Or what if you had— how can I put it?
I've listened to your Sticky Pickles podcast and I know there's a common phrase which you use on the Sticky Pickles podcast when you have a personal emergency.
Because I've got to pick up some laundry or I've got to do this or that. Or what if you had— how can I put it?
I've listened to your Sticky Pickles podcast and I know there's a common phrase which you use on the Sticky Pickles podcast when you have a personal emergency.
Yes, a personal emergency is what we call it on Sticky Pickles as well.
Right, right. So you might say, "Oh," diarrhea, something like that.
And if you're in the back of a taxi, and you realize that's about to happen, you may say, "Actually, don't take me for the next 45 minutes through London.
Drop me off here." Because I don't want to have to pay your cleaning bill afterwards. So, you know, there are legitimate reasons why you may want to stop a cab.
And even in these autonomous, self-driving cabs where you're in the back, where a robot's effectively driving you, you can, it turns out, if you have some kind of emergency or a change of plan, you can actually intervene.
There is a way to do it.
So you can either, according to Baidu, who make these Apollo Go Robocabs, you can either go into the app on your phone— I mean, hoping, of course, that you've got a signal in the back of the cab and that your battery hasn't run out.
And you can tell it, "Stop the cab," or, "Drop me off here, please." Or there's a physical SOS button which you can hammer on in the back of the cab, which then calls a customer support agent, right?
Can you imagine being in the holding queue for that?
And if you're in the back of a taxi, and you realize that's about to happen, you may say, "Actually, don't take me for the next 45 minutes through London.
Drop me off here." Because I don't want to have to pay your cleaning bill afterwards. So, you know, there are legitimate reasons why you may want to stop a cab.
And even in these autonomous, self-driving cabs where you're in the back, where a robot's effectively driving you, you can, it turns out, if you have some kind of emergency or a change of plan, you can actually intervene.
There is a way to do it.
So you can either, according to Baidu, who make these Apollo Go Robocabs, you can either go into the app on your phone— I mean, hoping, of course, that you've got a signal in the back of the cab and that your battery hasn't run out.
And you can tell it, "Stop the cab," or, "Drop me off here, please." Or there's a physical SOS button which you can hammer on in the back of the cab, which then calls a customer support agent, right?
Can you imagine being in the holding queue for that?
And it's called SOS button as well.
It's the SOS button. And so you can imagine the holding music.
We're sorry, all of our representatives are still assisting other customers. Please remain on the line as we value your call.
It's calling 911 or 999 and going, please hold, we'll be with you as soon as we can. And there's hold music.
It's calling 911 or 999 and going, please hold, we'll be with you as soon as we can. And there's hold music.
It's not they're going to staff that incredibly well, is it?
It's not they're going to have thousands and thousands of people waiting for your call on the SOS button, I shouldn't think. Anyway, so you can do that.
But, you know, emergencies do happen. And so it got me thinking, well, what can possibly go wrong?
And there are a bunch of researchers at universities who have now developed a method to deceive the multi-sensor fusion system.
Now, this multi-sensor fusion system, this is what's used on autonomous vehicles, Baidu's Apollo Go robo-cabs.
And normally, what that is, is the LiDAR, the radar, the camera system, the thing which is working out where other vehicles are on the road.
It's not they're going to have thousands and thousands of people waiting for your call on the SOS button, I shouldn't think. Anyway, so you can do that.
But, you know, emergencies do happen. And so it got me thinking, well, what can possibly go wrong?
And there are a bunch of researchers at universities who have now developed a method to deceive the multi-sensor fusion system.
Now, this multi-sensor fusion system, this is what's used on autonomous vehicles, Baidu's Apollo Go robo-cabs.
And normally, what that is, is the LiDAR, the radar, the camera system, the thing which is working out where other vehicles are on the road.
Well, a lot of cars have multi-sensor systems, right, that all work together in order to keep you safe.
But it's particularly important if this is a car which doesn't have a real driver, which has a computer system, because it's entirely reliant upon those things.
Okay, true.
To work out if it needs to slow down or stop or swerve or, you know, take some sort of—
Yeah, good point.
—unusual action. So, these researchers have worked out a way to deceive that system.
So, they say that they can essentially hide other vehicles on the road from the robot car, from the robo cab which you are in.
So, they say that they can essentially hide other vehicles on the road from the robot car, from the robo cab which you are in.
Right. So my car doesn't even know that a car is hurtling towards me, for example. Exactly. Wow.
Or it won't be able to see that there's a car in front of you, or driving towards you, or if you're at a junction.
It potentially wouldn't be able to see it, and it would carry on driving and boomf, hit you. Now, what kind of high-tech do you think the researchers found could do this?
What combination of technologies could they use to manipulate another vehicle's radar and camera and LiDAR systems? A mirror? A mirror. Interesting idea. Yes, a mirror. Radio waves.
I think these are all kind of sensible thoughts. What these researchers came up with was tin foil and coloured pieces of cardboard.
It potentially wouldn't be able to see it, and it would carry on driving and boomf, hit you. Now, what kind of high-tech do you think the researchers found could do this?
What combination of technologies could they use to manipulate another vehicle's radar and camera and LiDAR systems? A mirror? A mirror. Interesting idea. Yes, a mirror. Radio waves.
I think these are all kind of sensible thoughts. What these researchers came up with was tin foil and coloured pieces of cardboard.
Oh, it's kind of a mirror, tin foil. It is kind of.
It is kind of a mirror, yeah. But cheaper.
Not nearly as heavy.
So they found that a piece of tinfoil can deflect radar signals, reducing the echoes from the targeted robo cab, and make the car which has the tinfoil on it invisible to the radar.
And the coloured pieces of cardboard, they can misrepresent— I don't completely understand this, but they say they can misrepresent the input image pixel values.
So I guess it's tricking the computer, which is looking at the outside world, and affect its perception as to what is really going on.
And there's other things they can do as well to mess around with the LiDAR lasers.
And the coloured pieces of cardboard, they can misrepresent— I don't completely understand this, but they say they can misrepresent the input image pixel values.
So I guess it's tricking the computer, which is looking at the outside world, and affect its perception as to what is really going on.
And there's other things they can do as well to mess around with the LiDAR lasers.
It's a bit that "are you a robot" thing that Google makes you go through, right? It's you know, you can tell that that's a tenth of a boat, you know, in order to get in.
But maybe a computer can't.
But maybe a computer can't.
At the end of the day, it's always mathematics and it's probability, isn't it? And it's trying to work out, is this a human? Is this a bollard? Is this just a regular piece of road?
It can't use its guts to decide. So what are the potential attack scenarios?
And what these researchers came up with was that drones could be flown carrying these bits of tinfoil and coloured pieces of cardboard.
They could fly the drone in front of the other car in order to fool your car.
It can't use its guts to decide. So what are the potential attack scenarios?
And what these researchers came up with was that drones could be flown carrying these bits of tinfoil and coloured pieces of cardboard.
They could fly the drone in front of the other car in order to fool your car.
Okay, I'm picturing this now. So I'm driving along. The drone car is coming towards me. Or not drone car, sorry. The robot car. The robot car is coming towards me.
Down slews a piece of cardboard in front of me, which is being covered in the sky with a—
Down slews a piece of cardboard in front of me, which is being covered in the sky with a—
A piece of fishing wire.
With a fishing wire, trying to stay in front of me, moving at my speed exactly, so that I can't see and gonna crash anyway into the autonomous car. It's probably gonna be my fault.
This is what university students are investigating right now. Oh my god, university, what's happening?
So they reckon they can either put these things onto your car, so they could maybe affix it on.
They could sort of, you know, slowly lower it down, or they could hover it in front of you on the drone, or they could even project, they reckon, these images onto your car, Carole, so that the robot car doesn't see your car.
I mean, surely there's got to be an easier way to do this.
So they reckon they can either put these things onto your car, so they could maybe affix it on.
They could sort of, you know, slowly lower it down, or they could hover it in front of you on the drone, or they could even project, they reckon, these images onto your car, Carole, so that the robot car doesn't see your car.
I mean, surely there's got to be an easier way to do this.
Surely these kids need to think a bit more.
If you've got a drone, and they're lowering pieces of cardboard, it could just lower a great big piece of cardboard in front of people's cars and cause them to swerve and crash into each other.
That's what I'm saying, yeah!
They could maybe hack into a car and get the bonnet to pop up and maybe block your view as you're going down the motorway. Why not do—
Yeah, Coyote. Do you remember Coyote in the— No, what's that? The Bird Runner? You know, and he would always put a mirror— Oh, the coyote. Yeah, the coyote. Yeah, yeah.
They'd always put "Oh yeah, here's the road." Instead it was a cliff.
They'd always put "Oh yeah, here's the road." Instead it was a cliff.
So you— Yes, he would paint onto the side.
Yeah, you could just paint in the car that the road's clear ahead.
Great.
So they're thinking also, the tinfoil and the colours, they could be disguised as an advert, and then driven by somebody into the side of the vehicle that you want to crash into the side of the robot car.
It's kind of bonkers. I mean, I love that university students are researching this kind of stuff and these kind of attacks.
And I guess maybe it could become more of a problem in the future as we see more and more robot cars.
At the moment, these robot taxis appear to only be in certain cities around the world. But I guess it's inevitable we're going to be seeing more and more of them.
So they're thinking also, the tinfoil and the colours, they could be disguised as an advert, and then driven by somebody into the side of the vehicle that you want to crash into the side of the robot car.
It's kind of bonkers. I mean, I love that university students are researching this kind of stuff and these kind of attacks.
And I guess maybe it could become more of a problem in the future as we see more and more robot cars.
At the moment, these robot taxis appear to only be in certain cities around the world. But I guess it's inevitable we're going to be seeing more and more of them.
Can I just say, though, if a drone dropped a piece of cardboard in front of any car, right? I don't know, man.
I think if I was the academic person reading this paper, I might say, look, maybe you guys have to have a little look at this again, because come on, tinfoil, maybe.
I think if I was the academic person reading this paper, I might say, look, maybe you guys have to have a little look at this again, because come on, tinfoil, maybe.
Well, Baidu is refusing to respond to the research. Perhaps considering it preposterous.
However, I discovered that Baidu were actually hacked in March, or at least someone tried to hack them.
Someone tried to steal details of the company's driverless car technology, and Baidu, the representative of Baidu, inferred that there'd been hackers for hire.
They didn't point fingers as to who it was, but obviously it's a very competitive market, this self-driving car business, naming no names.
But the suggestion was that it could be another nation state, maybe doing it to help their local manufacturers and technology houses who are building cars, or maybe a rival car company.
So, this is big business.
These robot cars— it's gonna be a while, I think, before I'd feel comfortable getting in a car which didn't have a human sat behind the wheel waiting to override when the robot goes haywire.
However, I discovered that Baidu were actually hacked in March, or at least someone tried to hack them.
Someone tried to steal details of the company's driverless car technology, and Baidu, the representative of Baidu, inferred that there'd been hackers for hire.
They didn't point fingers as to who it was, but obviously it's a very competitive market, this self-driving car business, naming no names.
But the suggestion was that it could be another nation state, maybe doing it to help their local manufacturers and technology houses who are building cars, or maybe a rival car company.
So, this is big business.
These robot cars— it's gonna be a while, I think, before I'd feel comfortable getting in a car which didn't have a human sat behind the wheel waiting to override when the robot goes haywire.
You see, Chicken Little was right all along. The sky is falling. No, no, it's just coloured cardboard.
Carole, what's your story for us this week?
Okay, so the story I'm gonna tell you is about a rapper known as Sean Kingston. Oh yeah. Do you know him?
Have you heard of him? Well, I'm obviously very big on the rap scene.
No, no, but you have kids, right? This is after our time of being— Not who are into rap. No? No, Carole, no.
Okay, well, Sean Kingston is a Jamaican-American singer, rapper, songwriter. Record producer, apparently known for his harder lyrics. I think he probably wrote that line.
Or one of his early singles was called Beautiful Girls, which was a pretty big hit in 2007.
Okay, well, Sean Kingston is a Jamaican-American singer, rapper, songwriter. Record producer, apparently known for his harder lyrics. I think he probably wrote that line.
Or one of his early singles was called Beautiful Girls, which was a pretty big hit in 2007.
You're not mixing him up with Peter Andre, are you? No, he had a Beautiful Girls song. All right, okay, they look very different.
Yeah. And in 2010, his first single of his new album was called Eeny Meeny. Yes. And this single featured Justin Bieber, the Justin Bieber, right? Yeah, I've heard of him. Yeah.
And the second single of his album Letting Go, right, had a verse by Nicki Minaj. So, you know, pretty connected in the music scene.
Maybe not A-listy all the time, but certainly has a few places where he's touched, you know, A-list celebs.
And the second single of his album Letting Go, right, had a verse by Nicki Minaj. So, you know, pretty connected in the music scene.
Maybe not A-listy all the time, but certainly has a few places where he's touched, you know, A-list celebs.
Yeah, he's certainly got the connections, hasn't it? It's going to help his fame, I would think, by teaming up with them.
Yeah, I would say this is he was connected maybe a few decades ago. His more recent forays that I was able to find didn't seem as high-pitched.
I think that was his golden era, you know, so far. All right, so anyway, fast forward to a few weeks ago.
We have a 30-strong SWAT team raiding Kingston's mansion, a sprawling white Floridian mansion.
Someone who was present at the raid said deputies were basically taking everything in the house. There were U-Haul trucks parked outside, apparently trying to carry away everything.
Even his fancy car got towed. They arrested his mother, Janice Turner, who was at the house during the raid. But Sean the rapper wasn't at home. However, hours later, they got him.
He was way across the country in California at Fort Irwin, an Army base in the Mojave Desert outside Los Angeles. And he was there performing.
So mom and son get arrested on the same day, and the arrest warrant charges them with conducting an organized scheme to defraud, grand theft, identity theft, and related crimes.
So apparently they've stolen money, jewelry, a Cadillac Escalade, furniture. And soon our rapper, Mr.
Kingston, is facing 8 charges, including 3 counts of criminal use of personal identification information. All right, so what do you think that might mean?
Criminal use of personal identification information?
I think that was his golden era, you know, so far. All right, so anyway, fast forward to a few weeks ago.
We have a 30-strong SWAT team raiding Kingston's mansion, a sprawling white Floridian mansion.
Someone who was present at the raid said deputies were basically taking everything in the house. There were U-Haul trucks parked outside, apparently trying to carry away everything.
Even his fancy car got towed. They arrested his mother, Janice Turner, who was at the house during the raid. But Sean the rapper wasn't at home. However, hours later, they got him.
He was way across the country in California at Fort Irwin, an Army base in the Mojave Desert outside Los Angeles. And he was there performing.
So mom and son get arrested on the same day, and the arrest warrant charges them with conducting an organized scheme to defraud, grand theft, identity theft, and related crimes.
So apparently they've stolen money, jewelry, a Cadillac Escalade, furniture. And soon our rapper, Mr.
Kingston, is facing 8 charges, including 3 counts of criminal use of personal identification information. All right, so what do you think that might mean?
Criminal use of personal identification information?
Well, it sounds like fraud. It sounds like maybe he's using people's information to maybe some kind of insurance fraud or some sort of medical— I mean, that's what I would expect.
Okay, so I'll tell you how they define it.
The criminal use of personal identification is when an individual willingly or without authorization uses someone's personal ID info without their consent.
So you're talking, like you're saying, name, post address, email address. So it's basically, you know, people stealing Social Security numbers, data bursts, all that kind of stuff.
We feel that would fall underneath that. And the penalties for the fraudulent use of personal identification depends on the value of the property or how many people were affected.
So for example, if the value was less than $5,000, $5,000 or less than 10 people being victimized by it, you could get up to 5 years in prison. And that's if it's less than $5,000.
The criminal use of personal identification is when an individual willingly or without authorization uses someone's personal ID info without their consent.
So you're talking, like you're saying, name, post address, email address. So it's basically, you know, people stealing Social Security numbers, data bursts, all that kind of stuff.
We feel that would fall underneath that. And the penalties for the fraudulent use of personal identification depends on the value of the property or how many people were affected.
So for example, if the value was less than $5,000, $5,000 or less than 10 people being victimized by it, you could get up to 5 years in prison. And that's if it's less than $5,000.
Yeah, still get 5 years in prison.
5 years under $5,000.
And if the value is more than $100,000 or more than 30 victims, the conviction is a mandatory minimum sentence of 10 years in prison, which can go up to 30 years.
And if the value is more than $100,000 or more than 30 victims, the conviction is a mandatory minimum sentence of 10 years in prison, which can go up to 30 years.
Right, but I imagine if you steal $5 billion, then you can probably get away with a couple of months' community service. That's normally the way it works, isn't it? I know.
The more money you steal, the lighter the sentence.
The more money you steal, the lighter the sentence.
Oh dear. But you know, I think if I read that and I would, you know, 30 years in the slammer would be a bit scary.
I think so, yes.
Right? So how did rapper Sean get dinged with charges of criminal use of personal identification information?
Well, it turns out that prior to this arrest, Kingston was being sued by Verber Entertainment, V-E-R-V-E-R, for breach of contract and fraud.
And the story goes that our rapper Kingston wanted to update his entertainment system at home, you know, get a new TV, some audio.
And he contacted Verber Entertainment to discuss installing the new home theater, you know, swanky TV and audio system.
Do you remember, Graham, this was ages ago, but I had a family member who likes big TVs?
Well, it turns out that prior to this arrest, Kingston was being sued by Verber Entertainment, V-E-R-V-E-R, for breach of contract and fraud.
And the story goes that our rapper Kingston wanted to update his entertainment system at home, you know, get a new TV, some audio.
And he contacted Verber Entertainment to discuss installing the new home theater, you know, swanky TV and audio system.
Do you remember, Graham, this was ages ago, but I had a family member who likes big TVs?
Yes, I know exactly who you're talking about. Yes, he did.
And he got himself a 72-inch screen. Yes, in this tiny room. 72 inches, it's big.
He had to knock out one of his walls, didn't he, because he couldn't get his chair far back enough from the TV to actually look at it.
He has to sit in the garden to see the TV on the wall.
He has to sit in the garden to see the TV on the wall.
Well, the one that Mr. Kingston the rapper got is a tiny bit bigger than 72 inches. Would you like to guess?
I'm not very good at the inches thing.
Go in meters. It's a whopping 232 inches — 17 feet or 5 meters wide by 3 meters tall. How big are the pixels?
I mean, how much— it must be rubbish.
Can you imagine a close-up of someone's face? Now honestly, his house is probably bigger than the person in my family we were talking about, right?
But the price tag for this colossal Verveur entertainment system is actually a steal — it's only 150 thou. Oh, well then, yeah, yeah, exactly.
But the price tag for this colossal Verveur entertainment system is actually a steal — it's only 150 thou. Oh, well then, yeah, yeah, exactly.
Chicken feed.
Yeah, buy two, buy two.
Anyway, the rapper, enamored I'm guessing with this entertainment system, enters negotiations because why pay the full price if you're already living the high life?
So you're talking to them, you don't want to pay full whack. You might say, do you know who I am? I definitely would do that, right? Beautiful Girls, you know my song?
Back in 2007, you know, Bieber and me — yeah, we were buds.
Anyway, the rapper, enamored I'm guessing with this entertainment system, enters negotiations because why pay the full price if you're already living the high life?
So you're talking to them, you don't want to pay full whack. You might say, do you know who I am? I definitely would do that, right? Beautiful Girls, you know my song?
Back in 2007, you know, Bieber and me — yeah, we were buds.
Exploit my celebrity. That is what I would do — I'm an influencer, you know. I know Nicki Minaj.
Exactly. So he manages through a bit of chit-chatting to lower the initial down payment — can you just give me some credit on that?
If I and my bud Bieber do some ads for you for Verveur Entertainment, right?
And so just before Christmas last year, Kingston wires the company $30,000 to kick off the actual process of making the Colossal television — that's what it's called, this system.
If I and my bud Bieber do some ads for you for Verveur Entertainment, right?
And so just before Christmas last year, Kingston wires the company $30,000 to kick off the actual process of making the Colossal television — that's what it's called, this system.
Okay.
Anyway, so in December, just before Christmas, it was delivered and installed. And they turned and said, well sir, you still owe us $120,000 or a few ads that we've agreed upon.
But as you probably guessed, Kingston never pays up — not with cash, not with ads featuring the maybe not so close bud Bieber.
And it is because of his name dropping of Justin Bieber to get the deal on the TV that added the charges of criminal use of personal identification.
But as you probably guessed, Kingston never pays up — not with cash, not with ads featuring the maybe not so close bud Bieber.
And it is because of his name dropping of Justin Bieber to get the deal on the TV that added the charges of criminal use of personal identification.
Oh, because he name-dropped. Just saying I know Justin Bieber — it's a bit like if I say I know that artist Carole Theriault.
Well, and also saying we're going to do some ads for you.
We're going to do some ads.
So give me a deal. So he not only name-dropped and fraudulently name-dropped somebody, but he also did it for financial gain to the tune of over $100,000.
So because he's paid the first $30K, still was $120K for the Tyrannosaurus Rex entertainment unit he's got, which means the conviction could result in mandatory minimum sentence of 10 years in prison, which go up to 30.
And it seems a little extreme for me for trying to underpay for a TV set — it's a bit. But it does seem that our rapper Sean Kingston has been in a spot of trouble before.
At the time of the arrest last week, Kingston was already serving two years probation for trafficking stolen properties — that's according to AP.
But it does show you the trouble of showing off by association, Graham.
So I know you kind of go around places and go, hey, you know, I'm Graham, you know, with Carole Theriault, right? Carole Theriault and I will do that for you.
So because he's paid the first $30K, still was $120K for the Tyrannosaurus Rex entertainment unit he's got, which means the conviction could result in mandatory minimum sentence of 10 years in prison, which go up to 30.
And it seems a little extreme for me for trying to underpay for a TV set — it's a bit. But it does seem that our rapper Sean Kingston has been in a spot of trouble before.
At the time of the arrest last week, Kingston was already serving two years probation for trafficking stolen properties — that's according to AP.
But it does show you the trouble of showing off by association, Graham.
So I know you kind of go around places and go, hey, you know, I'm Graham, you know, with Carole Theriault, right? Carole Theriault and I will do that for you.
Oh yeah, I use your name all the time.
So I say take heed, because this is not like Bieber's complained of this. The prosecutors have him because they're convinced that Bieber has nothing to do this.
So Sean must be trying to call Bieber now and go, I Well, this is what I would do. I would say to him, look, I'll throw you $50,000, Bieber. Yes. Just say you're my mate. Biebs.
You probably have a nickname for him. The Bieb? J-Bo.
Anyway, the moral of the story here, friends, is don't name-drop to get a deal, 'cause especially in Florida, it seems to cost you a lot of wonga and time.
Anyway, the moral of the story here, friends, is don't name-drop to get a deal, 'cause especially in Florida, it seems to cost you a lot of wonga and time.
How's he gonna get this 232-inch TV into his prison cell?
I don't think that's true. Bit by bit. Can I just have the top left corner?
There's more than one way in to exploit email as an attack vector, and even more to target once inside the mailbox.
Well, Material takes a holistic approach to email security that covers the full threat landscape, stopping new flavors of phishing and pretexting attacks in their tracks while also protecting accounts and data from exploit or exposure.
Visit material.security to learn more about their multilayered detection and response toolkit for email and secure your company's email from every angle. That's material.security.
And thanks to Material for supporting this week's episode.
Well, Material takes a holistic approach to email security that covers the full threat landscape, stopping new flavors of phishing and pretexting attacks in their tracks while also protecting accounts and data from exploit or exposure.
Visit material.security to learn more about their multilayered detection and response toolkit for email and secure your company's email from every angle. That's material.security.
And thanks to Material for supporting this week's episode.
When it comes to ensuring your company has top-notch security practices, things can get complicated fast.
Vanta automates compliance for ISO 27001, SOC 2, GDPR, and more, saving you time and money.
With Vanta, you can unify your security program management with a built-in risk register and reporting, and proactively manage security reviews with AI-powered security questionnaires.
Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to build trust and prove security in real time. Our listeners get 10% off Vanta at vanta.com/smashing.
That's vanta.com/smashing for 10% off. And thanks to Vanta, for sponsoring the show.
Vanta automates compliance for ISO 27001, SOC 2, GDPR, and more, saving you time and money.
With Vanta, you can unify your security program management with a built-in risk register and reporting, and proactively manage security reviews with AI-powered security questionnaires.
Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to build trust and prove security in real time. Our listeners get 10% off Vanta at vanta.com/smashing.
That's vanta.com/smashing for 10% off. And thanks to Vanta, for sponsoring the show.
Long-term sponsors Kolide were acquired by 1Password earlier this year, and both companies are leading the industry in creating security solutions that put users first.
Kolide Device Trust helps companies with Okta ensure that only known and secure devices can access their data. And that's what they're still doing, but now as part of 1Password.
So, If you've got Okta and you've been meaning to check out Kolide, now's a great time.
Kolide comes with a library of pre-built device posture checks, and you can write your own custom checks for just about anything you can think of.
Plus, you can use Kolide on devices without MDM, like your Linux fleet, contractor devices, and every BYOD phone and laptop in your company.
Now that Kolide is part of 1Password, it's only going to get better. Check it out at kolide.com/smashing to learn more and watch the demo today. That's k-o-l-i-d-e.com/smashing.
And thanks to Kolide for supporting the show. And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Kolide Device Trust helps companies with Okta ensure that only known and secure devices can access their data. And that's what they're still doing, but now as part of 1Password.
So, If you've got Okta and you've been meaning to check out Kolide, now's a great time.
Kolide comes with a library of pre-built device posture checks, and you can write your own custom checks for just about anything you can think of.
Plus, you can use Kolide on devices without MDM, like your Linux fleet, contractor devices, and every BYOD phone and laptop in your company.
Now that Kolide is part of 1Password, it's only going to get better. Check it out at kolide.com/smashing to learn more and watch the demo today. That's k-o-l-i-d-e.com/smashing.
And thanks to Kolide for supporting the show. And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security-related necessarily. Better not be.
Well, my Pick of the Week this week is not security-related, but it's something which I've read in the news which has tickled me mightily in the last week or so.
Now, you may have seen that Google got itself into a spot of bother because as we all know, ChatGPT, the AI behemoth, was unleashed on the world.
I think it's about 2.5 years ago now. And everyone just went crazy. Everyone was like, oh, we gotta sellotape artificial intelligence into our apps.
We gotta claim that we have AI, we gotta claim that we have machine learning.
And one of the companies which realized it had to do that, otherwise it was gonna be left way behind, was Google, of course.
And so they said, well, what we'll do is we're gonna plug it into our search engine.
So you may have seen, some of you lovely listeners, something called Google Overviews, which are AI-powered.
So when you do a search on Google, it actually, rather than just giving you a link to something to read, it will actually summarize some of the wisdom which it has found on the internet and offer that as a solution so you don't have to click through.
There's all kinds of implications for this, particularly for publishers.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security-related necessarily. Better not be.
Well, my Pick of the Week this week is not security-related, but it's something which I've read in the news which has tickled me mightily in the last week or so.
Now, you may have seen that Google got itself into a spot of bother because as we all know, ChatGPT, the AI behemoth, was unleashed on the world.
I think it's about 2.5 years ago now. And everyone just went crazy. Everyone was like, oh, we gotta sellotape artificial intelligence into our apps.
We gotta claim that we have AI, we gotta claim that we have machine learning.
And one of the companies which realized it had to do that, otherwise it was gonna be left way behind, was Google, of course.
And so they said, well, what we'll do is we're gonna plug it into our search engine.
So you may have seen, some of you lovely listeners, something called Google Overviews, which are AI-powered.
So when you do a search on Google, it actually, rather than just giving you a link to something to read, it will actually summarize some of the wisdom which it has found on the internet and offer that as a solution so you don't have to click through.
There's all kinds of implications for this, particularly for publishers.
So this is on Chrome. Google Chrome?
Well, no, it's on any browser. It's actually the Google search engine, which is doing this. Right? I think they rolled it out in the States particularly.
But now, and this is much to my amusement, they're beginning to roll it back a little bit.
But now, and this is much to my amusement, they're beginning to roll it back a little bit.
Oh, because there's some issues?
There's some issues. Because it turns out that not all the advice offered on the internet is entirely reliable.
And so it wasn't a good idea to just assume that anything written on Reddit, for instance, was accurate and wasn't actually being sarcastic instead.
So one of the examples which we saw was if you were to type into Google, my cheese isn't sticking to my pizza, Google Overviews would say, well, this can be a problem.
Cheese can slide off your pizza for a number of reasons. Here are some things you can try. You could try mixing some nontoxic glue into your pizza cheese sauce to make it more tacky.
And so it wasn't a good idea to just assume that anything written on Reddit, for instance, was accurate and wasn't actually being sarcastic instead.
So one of the examples which we saw was if you were to type into Google, my cheese isn't sticking to my pizza, Google Overviews would say, well, this can be a problem.
Cheese can slide off your pizza for a number of reasons. Here are some things you can try. You could try mixing some nontoxic glue into your pizza cheese sauce to make it more tacky.
You see, and that's really funny right now because we all know not to do that.
But if it's something that we know fuck all about, hey, just throw some water onto your hairdryer to see some special fireworks.
But if it's something that we know fuck all about, hey, just throw some water onto your hairdryer to see some special fireworks.
Is your toaster too hot? Chuck it in the bath with you. That, by the way, that's not a piece of advice that Smashing Security endorses. Don't do that. Don't do that.
Or someone, for instance, was asking Google, how many Muslim presidents has the United States had?
And so Google's AI Overview feature came back and said, well, there's been one, which is Barack Hussein Obama. And dear listeners, I can tell you he's not a Muslim.
But of course, there are parts of the internet which say that he is or claims that he is. And so Google Overviews was being very dumb.
There was one other great example I just want to share with you. Was someone said, "Can cockroaches live in your penis?" And Google responded—
Or someone, for instance, was asking Google, how many Muslim presidents has the United States had?
And so Google's AI Overview feature came back and said, well, there's been one, which is Barack Hussein Obama. And dear listeners, I can tell you he's not a Muslim.
But of course, there are parts of the internet which say that he is or claims that he is. And so Google Overviews was being very dumb.
There was one other great example I just want to share with you. Was someone said, "Can cockroaches live in your penis?" And Google responded—
What?
Yes! Google responded, "Absolutely, it's totally normal.
Over the course of a year, 5 to 10 cockroaches will crawl into your penis hole while you're asleep." This apparently is how they got the name cockroach.
Over the course of a year, 5 to 10 cockroaches will crawl into your penis hole while you're asleep." This apparently is how they got the name cockroach.
So someone— Okay, so basically somewhere on the internet, this was on a joke page. On Reddit?
The cockroach, the cockroach joke on Reddit. Yes. And posted something like that.
And Google has just gobbled it up with its AI, which has got no sense of humour, and is re-splurging it out.
And Google has just gobbled it up with its AI, which has got no sense of humour, and is re-splurging it out.
What's interesting here, so I use Startpage, right?
So I just did a search, I just wrote just for fun while you were talking, I wrote, how brains work, just to see what would happen.
And at the top, they kind of give precedence to Wikipedia. Like, so the Wikipedia entry on the human brain. Because that's reliable.
Well, at the moment, you know, if I had to rely on Wikipedia versus AI for information that was available on Wikipedia, I'm still on the Wikipedia team, dudes. I'm on team human.
Now, I say that, but I don't know if Wikipedia are deciding to go manic like everybody else is on this AI train. But it would be nice if they didn't.
So I just did a search, I just wrote just for fun while you were talking, I wrote, how brains work, just to see what would happen.
And at the top, they kind of give precedence to Wikipedia. Like, so the Wikipedia entry on the human brain. Because that's reliable.
Well, at the moment, you know, if I had to rely on Wikipedia versus AI for information that was available on Wikipedia, I'm still on the Wikipedia team, dudes. I'm on team human.
Now, I say that, but I don't know if Wikipedia are deciding to go manic like everybody else is on this AI train. But it would be nice if they didn't.
Well, Wikipedia is humans actually moderating in a way, don't they? Which is both wonderful and potentially terrifying as well.
How do they verify that the moderators are human, Graham?
Doo doo doo doo doo doo. Anyway, I'm sure lots of people will already have heard this news story. There's crazy goings-on with Google Search. It really tickled me.
The latest is that Google is rolling it back a little bit and maybe not being quite so fast to introduce this into Search because they now realize things can go very wrong.
Like when, for instance, they said that all of us should eat at least one rock every day, according to geologist experts.
That's another piece of advice that Google was telling people. So that's my pick of the week. Brilliant. Krow, what's your pick of the week?
The latest is that Google is rolling it back a little bit and maybe not being quite so fast to introduce this into Search because they now realize things can go very wrong.
Like when, for instance, they said that all of us should eat at least one rock every day, according to geologist experts.
That's another piece of advice that Google was telling people. So that's my pick of the week. Brilliant. Krow, what's your pick of the week?
Well, summer is here-ish in the Northern Hemisphere. And yes, in summer, many of us take a holiday. Some of us take to lakes or cottages or the wilds, and others like city breaks.
So this pick of the week is for the city breakers. So my pick of the week is an app called Citymapper. Do you use it, Graham? No, I haven't used it.
Well, the way I can describe it is like Google Maps with a bit extra power.
So it's a free application that provides the comfort of walking around a city as though you were a native city dweller, not a tourist.
I wrote in my— there's not a correct— my words say trout, not a tourist. So yeah, so you'd be walking around as a native city dweller, not a tourist.
So you would, for example, you can actually do this, Graham, while we're talking. You can go to citymapper.com because they also have a web portal. Okay, I'm doing it. Right?
Now, the first thing you got to do is choose the city you want. Not every city in the world is there. It started in the UK, so there's a number of cities in the UK that are in there.
I clicked on Barcelona. Perfect. Okay. Okay. So you're in Barcelona and you want to get from A to B across that city, right?
And what it does is it combines kind of public modes of transport.
So bus, tubes, train, trams, ferries, taxis, rideshares, car share, bike hires, e-scooters, and walking is basically what you use it for, not driving. Okay.
So this pick of the week is for the city breakers. So my pick of the week is an app called Citymapper. Do you use it, Graham? No, I haven't used it.
Well, the way I can describe it is like Google Maps with a bit extra power.
So it's a free application that provides the comfort of walking around a city as though you were a native city dweller, not a tourist.
I wrote in my— there's not a correct— my words say trout, not a tourist. So yeah, so you'd be walking around as a native city dweller, not a tourist.
So you would, for example, you can actually do this, Graham, while we're talking. You can go to citymapper.com because they also have a web portal. Okay, I'm doing it. Right?
Now, the first thing you got to do is choose the city you want. Not every city in the world is there. It started in the UK, so there's a number of cities in the UK that are in there.
I clicked on Barcelona. Perfect. Okay. Okay. So you're in Barcelona and you want to get from A to B across that city, right?
And what it does is it combines kind of public modes of transport.
So bus, tubes, train, trams, ferries, taxis, rideshares, car share, bike hires, e-scooters, and walking is basically what you use it for, not driving. Okay.
Right, okay.
So you enter a destination and it instantly compares your travel options in real time and with real-time costs across all transport modes available with live departure times.
So say you're in Barcelona hanging out with your better half, right? And you're like, oh, let's go to ice cream. I know we have this amazing ice cream place across town.
You would put that ice cream place into your app and it would say, look, you can get there by cab. It'll cost you this much. It'll take this long. You could take the bus.
It'll cost you this much. It'll take this long. This when the bus is leaving, take the train, whatever.
So say you're in Barcelona hanging out with your better half, right? And you're like, oh, let's go to ice cream. I know we have this amazing ice cream place across town.
You would put that ice cream place into your app and it would say, look, you can get there by cab. It'll cost you this much. It'll take this long. You could take the bus.
It'll cost you this much. It'll take this long. This when the bus is leaving, take the train, whatever.
Yeah, I'm doing it right now. So I'm heading to Sagrada Familia, which is the awesome Gaudí cathedral thing in Barcelona.
I'm doing that from somewhere near the beach and it's not only telling me how long it'll take to walk there or cycle or go in a cab, but how many calories I'm gonna consume, which you love, by doing this as well.
Well, which is interesting, especially if I get an ice cream at the end of it.
I'm doing that from somewhere near the beach and it's not only telling me how long it'll take to walk there or cycle or go in a cab, but how many calories I'm gonna consume, which you love, by doing this as well.
Well, which is interesting, especially if I get an ice cream at the end of it.
So a lot of people say, you know, why not just use Google Maps? So this is my shortlist, okay? I think it comes up with better routes, more precise timetables.
So sometimes Google Maps will say, you know, there's a train leaving, but say there's a strike or there's a delay, it doesn't update route as quickly.
I like the interface of Citymapper a lot. And I've heard from people that are big cyclists that the cycle route planning is way better.
So it sends you down quiet routes, you know, safe roads where Google Maps doesn't really take account of that.
And for walking, it has an option to say walk home by the main road because, you know, how many times have we been on Google Maps? Oh yeah. Where the fuck am I?
So you don't have to download the app to try. As I said, you can go to the website and have a go, citymapper.com. I've had it for years and I love it.
You should try it, Graham, it's great.
So sometimes Google Maps will say, you know, there's a train leaving, but say there's a strike or there's a delay, it doesn't update route as quickly.
I like the interface of Citymapper a lot. And I've heard from people that are big cyclists that the cycle route planning is way better.
So it sends you down quiet routes, you know, safe roads where Google Maps doesn't really take account of that.
And for walking, it has an option to say walk home by the main road because, you know, how many times have we been on Google Maps? Oh yeah. Where the fuck am I?
So you don't have to download the app to try. As I said, you can go to the website and have a go, citymapper.com. I've had it for years and I love it.
You should try it, Graham, it's great.
Well, thank you for not mentioning it for the last however many years. So this only works in cities?
Yeah, it works in cities. So at the moment you've got a lot of cities in England, so any UKers listening, if you don't have it, get it.
But then you also have the big ones, so Paris, New York, Singapore, Taiwan, Hong Kong. LA, Toronto's there. Hail to my Canadians.
But then you also have the big ones, so Paris, New York, Singapore, Taiwan, Hong Kong. LA, Toronto's there. Hail to my Canadians.
So you said, good if you're on a city break somewhere or if you're away on business.
And very cutely in the app.
They say to you, "What do you want our next city to be?" Because obviously it takes work to go and integrate all the different timetables and stuff into the app so it works.
It can be a tiny bit buggy, but honestly, I've only read this, it's never been buggy for me.
They say to you, "What do you want our next city to be?" Because obviously it takes work to go and integrate all the different timetables and stuff into the app so it works.
It can be a tiny bit buggy, but honestly, I've only read this, it's never been buggy for me.
And this is free, is it?
Yep, totally free. Doesn't track, nice.
Does it have ads and things?
It does have it. Well, it has more than it did, so I say jump on quick before—
I was thinking there must be some way they're funding it. Fun, didn't it? Yeah. Okay. It's very cool. Great. Very, very nice. Well, that just about wraps up the show for this week.
Carole, you can go out now and quieten those dogs barking away. And it's not a euphemism.
Listeners, you can— and listeners, you can follow us on Twitter @SmashingSecurity, no G, Twitter announced it'd have a G.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Pocket Casts.
Carole, you can go out now and quieten those dogs barking away. And it's not a euphemism.
Listeners, you can— and listeners, you can follow us on Twitter @SmashingSecurity, no G, Twitter announced it'd have a G.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Pocket Casts.
And thank you to our episode sponsors, Material Security, Vanta, and Kolide, and to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 374 episodes, check out smashingsecurity.com. Until next time, cheerio, bye-bye.
Bye-bye!
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 374 episodes, check out smashingsecurity.com. Until next time, cheerio, bye-bye.
Bye-bye!
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Episode links:
- Riding Baidu’s self-driving robo-taxi – YouTube.
- Malicious Attacks against Multi-Sensor Fusion in Autonomous Driving – Research paper.
- Researchers warn robot cars can be crashed with tinfoil and paint daubed on cardboard – The Register.
- Gang of Hackers Tries to Steal Baidu’s Driverless Car Secrets – Bloomberg.
- Rapper Sean Kingston agrees to return to Florida, where he and mother are charged with $1M in fraud – AP News.
- Sean Kingston Extradited From California to Florida in Fraud and Theft Case – Entertainment Tonight.
- Rapper Sean Kingston, his mother arrested on fraud charges after SWAT raid at his Southwest Ranches home – Sun Sentinel.
- What is fraudulent use of personal identification information? – Pumphrey Law.
- Google’s AI really is that stupid, feeds people answers from The Onion – AV Club.
- Some of Google’s “best” AI search results – Twitter.
- Google Rolls Back A.I. Search Feature After Flubs and Flaws – NY Times.
- Sure, Google’s AI overviews could be useful – if you like eating rocks – The Guardian.
- Citymapper.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Material – email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
