Taking a screwdriver to unlock your IoT sex toy is nuts

Hi everybody, Carole here on our 199th show, and I'm here to give a shout out to just a few of our very special, very wonderful, very fantastic Patreon supporters. This week's shout-out goes to Irma Gerd, Mo, Dan Allen, Rob Vandewaia, Goran Josipovic, Tim Collinson, Steve Lupton, Jeremy, Maran Cathayer, and Armand. You guys rock. Thanks for your support. If you want to enjoy this very cool group of Patreon supporters, check it out on smashingsecurity.com forward slash Patreon. Now let's get this show on the road.

Some of us from time to time ladies some of us like to dim the lights.

Yes Zoe and I there are men listeners as well I don't know if you know that you just think you're talking to all the ladies.

Some of us like to dim the lights put Barry White on and slip into something a little bit more comfortable maybe a smoking jacket. Maybe some Turkish slippers.

What has happened to this show? I'm sorry, Zoe. I don't remember this the last time. Yeah, no, I'm out of here.

Smashing Security, episode 199. A few tech cock-ups and one cock-lock-up with Carole Theriault and Graham Cluley.

Hello, hello, and welcome to Smashing Security, episode 199. My name's Graham Cluley.

Ever closer to 200, I'm Carole Theriault. Well, Carole, it is episode 199 and we've got a couple of things to get very excited about. First of all is our guest, of course. Hello, Graham and Carole. How are you guys? Fantastic having you here, Zoe. I'm so glad you came on the show. Oh, that's so smooth. Thank you very much.

Well, the other thing that we're excited about is that Carole and I are obviously about to celebrate our 200th episode. We're not going to see each other. Don't panic. And we're thinking, what can we do possibly to enjoy this? See, I was thinking maybe we would make cakes for all of them. Like what? Well, I think we've gained some inspiration, perhaps, by the TV star in our midst. Because what we're going to do is we are going to do, is it called a live stream? A live stream up on YouTube where people can come and join us and ask questions and see us chatting.

YouTube AMA, dudes. Be there, be square.

Oh, that's very cool sounding. Yes. So you will be able to join in. We are going to hold this on Thursday, October 15th at 8 p.m. UK time. That is 3 p.m. Boston. All you have to do to find it. What about the people in California? Oh, for goodness sake. They'll be at noon. They'll be at noon. Okay, so they'll be noon on Thursday the 15th for them. What about Australia? Shut up. To find out when it's happening in your time zone, all you have to do is go to smashingsecurity.com slash live, and that will automatically give you everything that you need to know in order for this wonderful thing to happen. But please be there. Otherwise, I'll be stuck with Carole on my own. Yeah, Graham is really afraid that no one shows up. So I say stay away. OK, what's coming up on this week's show, Carole?

Well, first, let's thank this week's sponsors, LastPass and Immersive Labs. Their support helps us give you this show for free. Now, coming up on today's show, Graham heads to the bedroom. Thank God this is radio, right? Zoe gives us the latest on the UK COVID tracing app. And I take a rather wacky look at automated recruitment tech. All this and much more coming up on this episode of Smashing Security. Chums, chums. Last week, you will remember that we talked about so-called smart coffee makers, right? I hated that you chose that logo for that episode. It's kind of, as a coffee lover and a coffee drinker, I thought that was just uncouth.

Oh, because I used the Chucky doll?

Yes. You didn't like that? No. Okay, sorry about that. Well, if you remember, researchers demonstrated how they were able to create a proof of concept ransomware that could obviously get in the way of you getting your daily swig of Java. What are you talking to Zoe and I? There are men listeners as well. Some of us like to dim the lights, put Barry White on, and slip into something a little bit more comfortable. Maybe a smoking jacket. What has happened to this show? I know.

Well, some of you might like to slip into something comfortable, and some of you might like to slip into something uncomfortable. Because let me introduce you to a Chinese-made gadget called, it comes from a company called Qi, I believe it is. They're spelt Q-I-U-I. I believe it's Qi. And it's the Qi Cellmate. And the Qi Cellmate is a chastity device. What? Designed. What?

We almost made it to 200. Almost.

It is a chastity device designed for men

Who probably need it, to be honest. What does it look like? Do I even want to know what it looks like?

Well, it's a cage for your... Well, not your one, obviously. I imagine you don't have one, Carole, but via proxy maybe you do. But it's a cage. It's the sort of thing which you clamp on to one's... Graham, you're over 50 now. I need you to take a breath. Okay.

You know that we are in 2020. Yes. You are talking about a chastity device, a cage that goes around your...

Your man's Wilbur. Yes, exactly. It is made... Let me explain how it works. You're probably wondering, how doesn't this just fall off, right? Isn't there something? What?

Iron Maiden, there's something. It's not a Merkin. No, there hasn't. Is it like what people wear for sport? Like a jockstrap with spikes.

Let me explain how it attaches to the man. Because my question was, how would it not slip off? There's two parts to the Qi Cellmate. So you get, first of all, this ring attachment made out of toughened steel. And that you put sort of behind the boys, right? So it doesn't fall off. And then there's this other bit, which is like, oh, how can I describe it? Well, it's sort of like a metal sheath, which goes on and locks on to the ring, okay? And that's made out of polycarbonate with that locked on. And by the way, it comes in different sizes. It comes in both long and short models.

Can I interrupt? Is this because the ferocity of their erections is so strong it breaks through jeans? Is that why someone wants this kind of thing?

I believe there used to be this thing called the Prince Albert, didn't there? Maybe there still is where, because gentlemen in Victorian times, you could sort of tie something just so it wouldn't... Anyway, Carole, I'm going to call you after the show. We'll have therapy. You're really distracting me. You're taking me somewhere I don't want to go.

Come on this show, they said. Talk about cyber security, they said. I have nothing to do with this.

I went to Qi's Online Store and I found that the short version was perhaps unsurprisingly completely sold out. There's plenty of long versions.

Oh, no, that does surprise me, actually. Really? Because I would have thought that gentlemen might be a bit more ambitious in their choice of sizes. It'd be a bit bulky, though, if it's all metal and stuff. That's a good point.

Carole, let me take you into the male psyche, Carole.

Oh, do you have to?

You want a small one so that you might appear larger.

Ah-ha. Right? I see.

You want to be able to say, I can barely fit into this.

Is that why you always wear a G-string when you go to the pool, Graham? What?

Anyway, so you can choose what size you want. You can even get it personalized. You can get your name lasered onto it if you want. 110 euros to you, and you can have it shipped to you, of course, from the Netherlands.

What's the tech side of this?

Right. I'm glad you're coming onto that because that is very important.

I'm just going to hide under my desk, so you carry on.

It is, aside from all these other features, it is, of course, connected to the internet.

Oh, my goodness.

And that is where the problems begin. Because the whole point of the Cellmate is that you can give control of your cock lock to somebody else who could be based anywhere in the world. Right. If you're in a relationship where your partner doesn't want you using your penis inappropriately, you can give them the app and they can remotely lock or unlock your doodah via that mobile phone app wherever they are in the world. Question.

Yes. I'm glad you've got one. Go on, Carole. Do you think this is a good idea?

Personally, it's not my cup of tea.

Question two. How is this in your echo chamber? How did you hear about this, Cluley?

I had two separate Smashing Security listeners send me this link earlier today saying, you've got to read about this.

You bunch of grubby-minded. I'm shocked.

They said, perfect for your show, we think. Because what has happened is that the penetration testers...

Oh, for God's sake.

Pen Test Partners, they discovered that the API used to drive these devices and communicate with them had a myriad of flaws.

Oh, dear.

And it actually means that someone could remotely lock all of these devices around the world.

I'm kind of glad they alpha tested this on the penis, not the vagina. I got to say, you know. Can you still pee when you're wearing one?

I haven't tested it.

You sound like you know a lot about it, Graham. That's why I'm asking.

I don't know if Tomorrow's World or The Gadget Show have looked into this. Maybe tune into the YouTube live stream to find out the stream. Now, there's a threat here, right? Because if you could remotely lock anybody's cock lock, as I'm calling it, or Cellmate, then they can't unlock it themselves. That's the thing. Sorry, I haven't really explained this very well. If yours is locked, the only way to get it off is via the mobile phone app.

Wow, there's no manual override?

No, there is not. You're not in the north of England with poor reception because that could get a bit annoying. According to Pen Test Partners, once remotely locked, you cannot unlock it and you would have to take some bolt cutters or an angle grinder to

Oh my word, can you imagine going to the hospital going, look, I know there's a pandemic. I know there's a pandemic, but I have a bit of a situation. I really need to pee. I'm sure you can still pee. It's probably got a hole for that. Otherwise it'd be pointless, wouldn't it? You can't have your partner going off. Do you have a specially chiseled chopstick from the takeaway?

Well, yes, it's probably like if you break your arm and you get a chopstick or a knitting needle, don't you? So I would imagine you would use something or a coat hanger which you could bend into the right shape and you could scratch yourself that way.

I've got a question, thank you.

Let's raise the tone.

I'm going to try. Does it only work with one person's app or could you have multiple people like a WhatsApp group controlling your device?

I don't actually... I mean, I would imagine technologically it's possible, but it's not something I know. But what we do know is that the API also leaked precise location data, personal information, and even private chats and other metadata, including what the company calls the member code.

Hang on, what private chat? Who or what was having a private chat?

So the app communicates with the cage via Bluetooth, but the app also speaks to the Internet. So it gets a command from the internet from the other user who has the app as well, which is sort of coupled up with yours. And then it communicates via Bluetooth telling you to unlock. So I think via this app, you can also say, hey, big boy, or whatever. Have you been behaving yourself? If you have, I'll unlock you.

All right. Okay. People are really bored if they're doing this for kicks. Seriously.

Don't you think? Well, I don't think it's for us to judge, Carole. Everyone's got a different sort of...

Oh, really? You don't think it's for us to judge? Not really. You definitely have one. You definitely 100% have one, and I'm totally 100% judging you. Tell me about the security of the device.

Well, the security is not that good because clearly the API can be exploited. And this is, of course, true of so many IoT devices in the past. There's even a website called the Internet of Dongs, which is all about sex toys connected to the Internet, which have had vulnerabilities in the past. We've seen things like this before. I'm sure you remember, Carole, John Hawes. He came on the show, or he appeared on the show at least a few years ago, telling us about an adult bedroom entertainment system. I wish there was a sound for rolling your eyes. And what that did was it recorded your session with the device without asking permission.

Absolutely astonishing. In all seriousness, it is very easy to snigger at sex tech, isn't it? And we do. But there's a lot of money in it, actually. I went to CES in January. God, that feels like a lifetime ago, but I did. And there was the first time ever they had this little corner, which was devoted to sex tech. And there were half a dozen vendors there showing off what they developed. And actually, it was thriving. It was doing really well. I mean, CES, they've got a really funny history with sex tech, where they kind of like it, and then they get a bit freaked out by it. And there was a horrible story where they'd given an innovation award to a woman who designed a smart vibrator, and then they took it off her again.

Yes, I remember that story. It was shocking.

Yeah, then they gave it back to her at the end though, didn't they?

Yeah, and then it all kicked off because she was horrified and then they gave it back to her but it was all really awkward. And then this was the following year that I went, January just gone, and they had... I guess because they were trying to show how open-minded they were, they were like yeah this year we're having a sex tech section because we're fine with it. And it was kind of hard to find, it was sort of tucked away in the corner. And I think there was a sense that they were sort of trying to make an effort but didn't really want anyone to see it. There must be IoT toilets.

Oh, there are. My whole life right now, I don't know.

I remember there was a story about a Japanese IoT-connected toilet, which could be hacked and it could squirt you in an uncomfortable place. We've covered a lot of really important stories. We do cover the really important ones. Anyway, Pen Test Partners found this security hole. They wanted to obviously bung it up and prevent it causing any problems. And so they tried for months to get the manufacturers at Qiui, this Chinese company, to fix it, and they weren't really getting very far. One of the problems appears to be that the manufacturers said, well, we can't really replace the API because if we do, there's a danger we could unintentionally lock everyone into their cock cage, which you wouldn't want, or maybe you would. I don't know. But now, details of this problem have been released because other researchers have stumbled across other vulnerabilities in these particular male chastity devices. And there's also concern because the manufacturer said that they're going to produce one of these devices with an internal element, I think to make it even harder to take it off. So you can just imagine that's probably your knitting needle, Carole. But you wouldn't... you would... I mean, you don't really want that kind of device going wrong.

However, what that kind of device? Full stop. No.

Well, there are some people who do, Carole. We're not really to judge, right? If someone gets... Do you want to be an alpha?

Tester of a male chastity belt? Hands up, hands up if they—

Want to sponsor us, we'll consider.

But isn't this a classic example, though? It's amazing, I think, how much trust people put in tech, isn't it? In a way that you think, if you think about this for a minute, my goodness, that's a leap of faith, isn't it? To put that on and trust that it's fine. But then, you know, do you remember all those stories about people driving their cars into lakes because they were following the sat-nav? Even though they can see that in front of them is a lake and your rational brain is going, "No, I don't want to drive into the lake," and then your other brain is going, "Oh, but the sat-nav says it's in the lake," and they all go. It's a really interesting bit of human psychology, isn't it? How much we trust in the tech that we get.

So I want to hear from our listeners. I want to hear from you guys, not a—

Single one. Not a single listener would fall for this.

If you do know somebody who's got one of these devices and they do happen to get locked in either because of the vulnerability or they've got a partner... You want them to send a picture? No, no, no, no, no. Good. There is a way which doesn't involve an angle grinder to get it off. And the guys at Pentest Partners have produced a video showing you. Basically, you break— Laser your balls. Well, almost. You break open a battery compartment and you have to apply some voltage to two particular wires to unlock the old chap. If you're comfortable doing that, that is a way out.

Graham, this is a health warning. Do not do that. No one do that. Absolutely do not listen to Graham. He's insane.

Moving on. Zoe, what's your story for us this week? Well, I'm not really sure how to follow that, actually, Graham. We're going to have to segue quite rapidly into a completely different subject. Making the mistake of calling it the UK COVID-19 contact tracing. Oh, no, no, no, no. And you get so many Scottish people annoyed with you at that point. And Northern Irish people. What's it called? Like the song Hotel California. You can check in any time you like, but you can never leave. Can I just be clear? So if I go to a coffee shop and I check in at the coffee shop and then I don't check out and I stay home for five days before I go out next again, I am basically at that coffee shop for five days. Yes, that's what happened to him. That is what happened to my neighbor.

Well, I'm not surprised. Why did he do that? When it happened to me, it panics me and I know what it does. So what this is, this is not actually part of the app. The app is built using this tool that was developed by Google and Apple that enables the phones to communicate with each other. We weren't going to use it in England. And then we decided, "OK, it's there. Why are we reinventing the wheel here? We'll use what's already there. We'll use that." So what that notification is, it's coming from the Apple and Google API rather than coming from the app. And it basically, what it means is you have been around somebody who's tested positive potentially, but not for long enough for it to be a threat. So not to the point where you have to do anything about it.

Unless they sneeze. Again, it's why do you need to know that? You know, I don't need to know that. I think this would freak you out. You're off to the dentist tomorrow, aren't you? Well, I don't want to go to a dentist. No one wants to go to a dentist, but I particularly don't want to go to a dentist now. And you're going to install this app, I presume, and you might get one of these weird alerts.

Honestly, though, we've said before, it's probably the least of my worries right now. You know, I'll just install the app, do the thing, come home, uninstall the app.

But you can imagine people just have the bejesus scared out to them.

Well, not anymore, because Zoe has explained what's going on.

So are they fixing these issues? Well, the thing with the test results not quite working, it's kind of going to resolve itself because if you book a test through the app, then it will update automatically for you. So this is slightly historic because people had booked tests before the app came out, because it hasn't been out for that long. So that will kind of resolve itself. Presumably going to require some kind of OS update to be pushed out.

Yeah, so that's an Apple Google issue to resolve. Honestly though, these are going to be complicated apps and I can totally see that there's going to be teething problems between the UK kind of crowbarring what it requires with the Apple and Google technology. I'm not surprised that there's a few niggles at this stage. I just hope that they go away soon. I mean, I think it's worth saying that I would love to be able to point you to one particular country's app and go, here you go, they've got it right, this is brilliant. But there isn't one. Nobody's really got it right, and nobody's is working brilliantly. But I thought it's quite interesting what Matt Hancock said, the Secretary of Health here. They were talking about how many people need to have this app in order for it to be any good. You'd think you need a lot of the population to have it, but he sort of said well do you know what, it's kind of a prompt really to get people to think differently and change their behavior. We've been doing this now for months, we're all sick of it, the rules keep changing, and it's easy to sort of feel a bit complacent about it. But he said if only two people downloaded this app and it stopped one of them going around spreading coronavirus, then it's done its job.

He set himself quite a low bar there though. So no journalist can come up to him later and say, you said two would be a success.

What is it they say? Set people's expectations low and then over deliver.

This is all via Bluetooth, isn't it? This magic which is going on to work out people who've been in range. I wonder if that could be applied to other purposes once all this coronavirus pandemic is over or we've moved on a bit, because I'm thinking about, once again, these cock locks, which are running on Bluetooth as well. I would be quite interested if someone has come into a restaurant and is wearing one of those.

That's a great segue, Graham. Bluetooth is amazing though, isn't it? It's been around for so long and it's never really sort of shone, has it? And now, this is its moment.

My word. Well, Carole, good luck at the dentist tomorrow. I'm saying that for the dentist, obviously.

You're saying that just before I tell my story as well, which, you know.

Giving you a bit of a downer, has it?

Well, I still have to talk a bit. Is that why you're going tomorrow, so you could do this first? Yeah, no, I have a little tooth issue. If I'm a little grumpy, that's why.

I don't think you're a little grumpy. Yeah, well, just wait until my story starts. Come on, enthusiasm middle. Carole, what's your topic this week? I've gone to very few job interviews. I've been very lucky.

My husband has this great one. I think it was a university interview, and he was up north and he had to wear his suit from Burton's and he had slippy shoes on and he'd taken the train all the way up and it was snowing and full of ice and he slid down the hill completely in his suit and then had to show up and kind of go, hi.

Did he get the job?

Yeah, he did.

Oh, it worked.

But there you go. You didn't do any jobs, Graham? You didn't actually work, did you?

No, I haven't. When I was at Polytechnic, I tried to get a job at a computer game magazine because I'd written computer games and things.

You thought you were a shoo-in.

I thought, wouldn't it be great? Because I quite liked writing. I thought, that way I can play computer games all day and then write about them and that would be a job. But I made the mistake of turning up in a suit, which I assumed was the thing to do. And they looked at me like I was a complete weirdo in this computer game magazine place.

Oh, they probably just thought you were an important man.

They did. Yeah, but being interviewed is horrid, but being the interviewer is also horrible.

Yes.

You used to hire real characters. I was going to say it's different. I'm sorry, you had some curious people who worked for you, Carole.

What, like you?

No, no, no, no. Well, when you worked for me. Yeah, I didn't interview you. I should have. You worked for me first.

Yes. Did you make more money than I did when I worked for you? Because that's not the case when you worked for me. I would never put up with that today. Do you know that? I'm shocked I put up with that. It's true, Zoe. He used to work for me and he made way more money than I did. And I knew that because I was the boss. How did you let that happen? Exactly. I was in a male-dominated environment and I somehow got talked into, wouldn't it be great to manage Graham?

It wasn't. It's probably people who work for Boris Johnson who earn more than him. It just happens. Yeah, yeah, yeah. You're Boris. When I was a manager, it was just a nightmare. Tell me about it, trying to find good people to come. And you'd invite people in to talk to them. And some of them were real weirdos. I remember one guy. Now, I don't know if this is inappropriate or against the law or whatever. There was a chap who came in and he had an unusual name. And so I thought, oh, I'll just Google him. And it turned out he had, he would have been in the news because of some sort of shooting incident. He was an animal rights activist in his spare time and he tried to free some wombats or whatever the animal was. And the farmer had shot at him and he'd been hurt by this, right? And I was thinking, well, this is more interesting than the interview and talking about programming or web development or whatever. And so I kept on trying to find out from him, is there anything you're really passionate about?

You're trying to get him to come clean? Are you a pet owner? I'm just trying to test. This was before people knew how to Google people, right? Why not?

Because I had no intention of giving him the job because I'd already decided I didn't him. But he might have thought that was the reason, right? That I was discriminating against him because he was a human dartboard. I've got a story. Oh, yes. Oh, wonderful. I've got to be careful about telling this story. I'm going to be very vague. Oh, I think it's really cute. Do you know when you get in trouble with HR and HR say, would you like to bring a friend in with you or a colleague? I've always wanted to say, can I bring my mum in?

Oh, I thought you were going to say me.

Because you're bud-bud. Hey, Zoe, I once applied for a job at the BBC. Oh, yeah, did you? Which one? My job? I think Alistair Milne had just resigned or retired or something as Director General. And Mama Duke Hussey was on the Board of Governors. This was when I was about 15 or 16. And I took it upon myself, because I was busy not studying for exams, to get upon myself to adopt a pseudonym and to keep on applying. I got lovely letters back from him, but they never actually brought me in for an interview.

They probably recognised that the only thing that changed was the name that was crossed out in crayon. Hank, clearly.

No, my name was Guy Scott Tremblowe, actually, was the name I was using at the time.

That sounds a very strong name for a director general now.

Yeah, I thought so. Should I get back to my story?

Yes, let's get back to that. Let's get back to that. So in the early days, the pre-LinkedIn, pre-Monster, pre-everything, you would just get this deluge of resumes. And then if your company, you know, succeeded, I guess, and your HR department got busier and you got more staff, the HR department took on that job, right? So they would weed out some of the candidates for you. Yes. They did this for me for a time. And, you know, in hindsight, it bothers me that they let them do that because you never see the resumes they deemed unsuitable. And how would they know? How would they really know? Exactly. They're not experts in my field. Well, when I first started working, But later on, I was managing your ass.

Getting a computer an algorithm to choose who would be a good hire for you, or just to weed out the chat?

Yeah, so I guess they must do a search on you based on your socials and where you are on the web. They must ask you questions. They must record those answers. They're probably looking for keywords. There's this other one called Predictive Hire. They do top of funnel interviews for you, saving you time. Everyone gets the same interview anywhere, anytime and untimed. Doesn't care for what you are, just who you are. And according to Slate, it's kind of like humans interviewing because these bot recruiters have their own unique styles for interviewing. Some are merely seeking logistical information where are you available, are you really interested in this job, while others are looking to assess the drive, initiative, you know, your team building skills, your adaptability. So like a chatbot, yes. Like a chatbot? Do you actually see someone? Yeah. Okay, I'm going to give you guys a scenario, okay? The tooth does hurt, Carole. The tooth does hurt. It's 2025, okay? Yes.

I've been fired. Podcast is in ruins. We're not talking. Yeah, we all hate each other. What do you mean, you know? Well, you're a big personality, right? Would you worry about that? Oh, I see, because I'm old and annoying.

You know, you've been around the block maybe 100 times.

Well, yeah, I think that's quite possible. I think I am getting that age where I think people would think, he's a bit old hat.

So do you think maybe an automated interview might work better for you?

Well, wouldn't it know how old I was as well? Maybe it would be biased.

Yeah, but maybe it doesn't judge. It's not like some, you know, 25-year-old who's interviewing you to work at Costco and they're thinking, oh, wow, check out this old boomer. Maybe I could subvert the algorithm. Maybe I could go in with different personas and work out a bit like one of those choose your own adventure books. And so we like, you know, we're both girls. We know that often we've probably gone for jobs and you're just thinking this guy does not, yeah, he doesn't want a woman working for this role at all.

Hi. My name is Tengai. Wow. I'm a social interview robot. What is this? Would you like to answer one of my interview questions? That is who's interviewing you. I would like to talk about problem solving. Can you tell me about a work or school related situation where you had to come up with a solution on your own? And why it was a problem to begin with?

It looks like a piece out of the Cluedo game, doesn't it?

Can you elaborate? What was the result of your actions?

Oh, well, that doesn't freak me out at all. Thinking back on this situation, could you have acted in a different way? Can you elaborate?

I know, right? It's Fucking insane. I'll tell our listeners what they're missing. This is Tengai, a 16-inch tall robot recruiter. Hi. That could be the future of job interviews. Tengai is programmed to conduct every interview exactly the same way.

16 inches. Does it also come in a small size?

Can you put it in a cage?

Can you elaborate? This is a little peculiar, Carole.

It's really weird. So they can change the face in print on it.

I don't think just changing the face is going to reassure me, to be honest.

Really? So got anyone out there interested in seeing this for yourself, there are going to be tons of links in the show notes. But it is really weird. Imagine this kind of physical robot interviewing you and looking empathetic with its facial expressions as you try to answer. I still don't quite get this humanoid robot business, do you? I mean, why are we making robots that look like us? We don't need to do that. They don't need to look human, do they? I think we should make all robots look like Yogi Bear because everyone loves Yogi Bear and he does have human characteristics. I kind of married Yogi Bear, actually.

I agree. I like so many of these robots. There's a sort of uncanny valley about them, isn't there? Because they look human, but they're not. And I feel like that detracts. You know, robotics has got a long way to go, but it's amazing. All of these robots have evolved far more dramatically than I have in the last five years. You know, it is impressive. But there's just no need for them to look weirdly half human. And then there's all these little weird security questions. So I'm thinking if you don't actually have a very strong online presence, you could be penalized for not having enough of a public footprint when you were going through one of these automated recruitment processes. That would suck.

I wonder why this whole physical robot element is required at all. Oh, I think it's just a gimmick. I would feel so much more comfortable if it was a telephone interview, even if it was a telephone interview with a robot. You know I feel that that would put me at ease.

You know I'm having Invisalign at the moment. I'm getting my teeth straightened during lockdown and so I've got these braces and I can't go to the orthodontist very often. They don't want to see me. So I've got this amazing thing. It looks like a VR headset but you put your phone into it and there's an app that you use and when you put it in and you start the app basically you put this thing up by your mouth. The camera of the phone and the light of the phone take these pictures from side to side of your teeth and you have to do this with the braces in, the braces out once a week and then you get a little message about how your teeth are going. And I've got because with these Invisalign things you have to change them every week or 10 days or whatever and I get a little message going right you're ready for your next retainer. So I've literally only been once to the orthodontist. So you don't have a problem putting your gnashers into an IoT device. No, exactly. And sharing all of that data. So she wouldn't put her penis in. Well, I was just leaving a dot, dot, dot there, Graham. Thank you for finishing that sentence. I think it's pronounced ver-gene anyway.

This episode of Smashing Security is sponsored by LastPass. Now everyone knows about LastPass's password manager for end users, but it's also a great solution for businesses. In fact, tens of thousands of companies rely upon LastPass to protect themselves. LastPass Enterprise simplifies password management for companies of all sizes and helps you secure your workforce. So whatever the size of your business, go and check it out. Go and visit lastpass.com/smashing to find out more. And thanks to LastPass for supporting the show. Attacks and breaches are sadly a fact of life. They happen. What's most important is how well your organization responds. And technology isn't really enough. Your staff must be ready too. Immersive Labs delivers hands-on challenge-based training and exercises to make your team ready to fight real-world threats. Check out their free ebook all about the MITRE ATT&CK framework and how you can use it as a part of your cyber skills strategy and improve your security posture by identifying weaknesses. Go to immersivelabs.com/smashing right now to download your free ebook. That's immersivelabs.com/smashing. And thanks to Immersive Labs for supporting the show. And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week. Pick of the Week. Pick of the Week. Pick of the Week is the part of the show where everyone chooses to say anything they like. It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security-related, necessarily. Better not be. Well, this week, my Pick of the Week is, again, something musical. This week would have seen the 80th birthday of John Lennon. And in honor of that, Sean Ono Lennon, his son with Yoko Ono, has created a little show on BBC Sounds, a two-part show where he speaks to Elton John and Paul McCartney and his half-brother Julian Lennon and obviously Sir Paul McCartney as well about their memories of John Lennon because obviously John Lennon tragically died when Sean was just five years old. You call him Sir? Sir Paul McCartney. You call him Sir Paul. You don't call him just Paul. I don't feel that familiar with him. I think we still need some decorum. I quite enjoyed this. And obviously, I'm a huge John Lennon fan. And maybe some of you are as well. So you might want to listen to Sean O'Neill on John Lennon 80. And you can find it for the next 30 days or so on BBC Sounds. And that is my pick of the week. Zoe, what's your pick of the week?

Mine is a bit of a personal revelation to me. And that is, I think the last time I spoke to you, too, actually, I was telling you that I was a very proud owner of a 12-year-old television. And I put on social media that, you know, that it was my oldest working gadget and it wasn't a smart TV and I had to use a Chromecast. But, you know, it was doing its job and I was very proud of it. And then hundreds and hundreds of people got in touch and shared with me their oldest working devices. And it was all enormous fun. And I thought that this was marvelous. But I've got a confession to make moving on from that story because I am now the owner of a new television. What? Which was, I know, I feel like a traitor, but it was a gift. It's very decadent. It was. It was a gift. Someone gave you a television. Yeah, my partner bought me a new television for my birthday. And I have to say, it's a bit like, you know, when you get new glasses and you say, I don't need new glasses. I'm fine. I can see. I'm fine. And then you put on your new glasses and you're like, whoa, this is what eyesight is about. I can see through the matrix now. This is incredible. That's kind of the experience I'm currently having with my new television. And it's changed the way I view television. I'm watching more TV. See it's really a surprising revelation to nobody apart from myself that having a good bit of kit does make a difference.

It hasn't really changed the way you view television has it? I mean you're still using the same method but it has it has some kind of new fit. I mean does this one get Channel Four or something? What's the what's the revelation?

I asked my children what we should call it because we had to come up with a name and they've come up with the name She-Ra and I have to say that saying Alexa turn on She-Ra is never ever going to get old. Glorious.

I like that. I like that. So what who's the manufacturer of this TV?

It's a Hisense TV. It's ultra HD. It's got a really crisp picture. I mean it's not it's not bank breaking but obviously a new TV is a treat. I appreciate that. Yeah.

And that's that would be probably 4K is it?

It is yeah yeah and and you know if it lasts 12 years... Exactly.

So if anyone else is out there who's got a 12 or 15-year-old TV your recommendation is go and grab a new one because they're so cheap these days as well aren't they and that is my pick of the week. Well it's actually Zoe's. Yes so Carole what have you got for us?

Okay so I'm a little bit arty or trying to be as some of our regular listeners know and actually you know what watch Graham I'll show a few on the if we do the YouTube AMA live stream.

Oh yes on October 15th 8 p.m. UK time. I'll show one or two of the pieces and you can kind of go "oh my god so bad." Anyway, part of my self-education learning how to improve my drawing and painting skills is obviously consuming loads of online content. And some of them are very bad and some of them are very good. Yeah, there's quite a few there.

There's probably maybe 50 different documentaries, all about an hour long. And I'm particularly fond of those presented by the wonderful Valdemar Januszczyk. Oh, Valdemar Januszczyk. You will know him. He was the art critic for The Guardian and then The Sunday Times. He's just got a really good presentation style and he's very salt of the earth. "This is why it's good. This is why it's not." He knows his onions and he's just great. I love him.

That sounds really good.

Yeah, no, totally. And I wouldn't say he's up with Sister Wendy just yet, who is basically the god of all art documentaries, in my opinion.

What about Brian Sewell? Don't you think Brian Sewell?

There's not very much video of Brian Sewell, actually. There's only one that I found, a two-parter, which is actually incredible and really interesting, but it was right before he died. But he didn't do a lot of television. He did much more writing. Anyway, so there you go. And I want to give a shout out to our local art store, Broad Canvas. This is our Oxford art shop, because I had to order some supplies. And then I got a phone call from the owner saying that he needed, you know, he didn't have whatever I wanted. And he was going to give me a better and bigger product. And he was going to drop it off himself later in the day, which he did. So I got same day delivery from the owner delivered to my door and I got way more than I'd even bargained for. So thank you very much Broad Canvas.

That's nice shop local don't shop at Amazon that's what your message is.

Yeah, Broad Canvas are awesome, they're awesome. So if you're in Oxford check them out. So my pick of the week this week is Perspective channel on YouTube. Get yourself a bowl of huge popcorn and get yourself educated and cultured.

That just about wraps it up this week. Zoe, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?

Please do. I'm on Twitter at ZSK. Oh so cool, so cool.

And you can follow us on Twitter at smashsecurity, no G, Twitter and LastPass have a G. And you can also join the Smashing Security subreddit. And don't forget if you want to be sure never to miss another episode, subscribe in your favorite podcast apps such as Spotify, Apple Podcasts, or Pocket Casts.

Remember to clear your calendar and join us for a live video session to celebrate our 200th show. 200 times guys, Thursday 15th of October at 8 p.m. UK time. Be there, be square Graham, the link.

Yes, the link is smashingsecurity.com/live.

That will, okay. And socially responsible ankle wiggles to all of you for listening, supporting the show via Patreon, and sharing this podcast with your entourage. And special thanks to you out there who've left us reviews. They keep me smiling in between shows, even when this show is not very funny, Graham. Also, high five to this week's Smashing Security sponsors, Immersive Labs and LastPass. Their support help us give you this show for free. Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.

Until next time, cheerio. Bye-bye. Bye. Bye-bye. Oh, thank you so much, Zoe, for joining us today. Really appreciate it.

My pleasure. A little baptism of fire there for you, Zoe, with Graham's whole IoT cock blocks. I'm gonna hit stop.