GRAHAM CLULEY
I didn’t know that e-rickshaws existed.
GEOFF WHITE
Surely that’s an Eric Shaw. But it only gives rides to people called Eric. That’s a tiny market, particularly in India.
GRAHAM CLULEY
I suppose. I suppose.
GEOFF WHITE
I took an Eric Shaw here. I took a Geoff Shaw, but that’s fine.
Unknown
Hello, hello, and welcome to Smashing Security episode 476. My name’s Graham Cluley.
GEOFF WHITE
And I’m Geoff White.
GRAHAM CLULEY
Now, you’ve been a busy chap, haven’t you, in the last week or two with your latest — well, do you consider yourself a content creator or does that gag slightly at the back of your throat?
GEOFF WHITE
It just sounds a bit clinical, you know, a real person.
But yes, I’ve been creating content, specifically a new series of what was the Lazarus Heist podcast and has now been renamed Cyber Hack.
We’re on season 4 of Cyber Hack now, actually. So just published, which is all about a gang that will be very familiar to you, Graham, the Conti ransomware gang.
It’s always irked me that there was this amazing leak of internal chats from Conti.
All the things they typed to each other for two years basically spilled all over the internet, for reasons that we go into in the podcast.
And I’d always sort of wondered — I’d seen people like Brian Krebs had done articles and people had sort of done things with it, but nobody seemed to kind of really do something exciting with it and get to grips with it.
So I thought, well, this is great. The podcast has got an opportunity to go back to those leaks and really mine them.
And I instantly realised why no one had done anything with it really impressive — it’s because it’s horrible. It’s all in Russian. It’s hacker slang Russian.
Instead of having the chats though, they chatted to each other, it’s just all in one continuous order. It is honestly eye-bleedingly difficult to go through.
I went through 47,000 of the messages before I gave up. I was like, I’ve done enough. I’ve done my job. But what you get is amazing.
You get the actual people talking themselves as they were doing the crime, bitching, slagging each other off, talking about their wives, their girlfriends. It’s amazing stuff.
It is genuinely amazing.
GRAHAM CLULEY
Fantastic. So that’s all in the latest episodes of Cyber Hack right now, which you can access via BBC Sounds, I imagine.
GEOFF WHITE
Yeah, and Apple Podcasts and Spotify and other places like that. It’s everywhere.
GRAHAM CLULEY
We’ll be hearing about them some more later on in the podcast.
This week on Smashing Security, we won’t be talking about how a ransomware negotiator has been jailed after working with hackers to extort clients.
You’ll hear no discussion of how users of LastPass and Bitwarden have been targeted with fake security alerts.
And we won’t even mention how a German textile firm has filed for insolvency, blaming a ransomware attack which shut down production.
So Geoff, what are you going to be talking about this week?
GEOFF WHITE
And what I’ve been doing back to the scammers.
GRAHAM CLULEY
All this and much more coming up in this episode of Smashing Security.
JOE
This week’s episode is supported by NordLayer.
GRAHAM CLULEY
NordLayer. And before anyone says anything, no, it’s not NordVPN.
JOE
I wasn’t going to say that.
GRAHAM CLULEY
NordLayer is a network security platform built for businesses. Right.
JOE
So what does NordLayer actually do?
GRAHAM CLULEY
Well, think about how your team works today. People logging in from home, from hotel Wi-Fi, from coffee shops, from wherever.
JOE
From a sun lounger, hopefully.
GRAHAM CLULEY
It’s a scary world out there for travelling workers.
JOE
So NordLayer fixes that.
GRAHAM CLULEY
But it goes well beyond just encrypting the connection.
You get centralised control over who can access what based on their identity, their device, whether their device is actually compliant.
And if someone leaves the company, you revoke their access immediately.
JOE
No more ex-employees still wandering around your systems 6 months later.
GRAHAM CLULEY
So if someone on your team has started using some AI tool that your security team hasn’t approved—
GRAHAM CLULEY
Yeah, well, whatever. NordLayer can spot that too. And there’s no complex infrastructure to set up. Apparently you can be up and running in just about 10 minutes.
GRAHAM CLULEY
Use the code NLsummer26 at checkout.
JOE
Whoa, all I have to do is type in that code at nordlayer.com/smashing and I can get a great deal? Let me write that down.
GRAHAM CLULEY
Yep, go ahead, write it down.
JOE
What’s the code again? I forgot.
GRAHAM CLULEY
Oh, Joe. NLsummer26.
JOE
Got it. Off to nordlayer.com/smashingigo.
GRAHAM CLULEY
And thanks to NordLayer for supporting the show. Now, chums, quick question for you. Have you ever played a prank with a smartphone or somebody else’s smartphone, Geoff?
GEOFF WHITE
When somebody’s been stupid enough to leave their phone unlocked on the desk next to me, I’ve usually taken a couple of suspect selfies or something, or sent a stupid message to somebody.
Just to remind them that you should lock your phone when it’s not attended. That level.
GRAHAM CLULEY
And I thought, well, it kind of makes the point, but at the same time, it’s a bit of a dickish move. I don’t—
GEOFF WHITE
You’re the office dick at that point. And I was entirely happy with that.
GRAHAM CLULEY
I mean, you could take someone else’s phone, you could change their autocorrect settings. So every time they type “regards”, it changes it to “love and kisses” or something.
One I heard about is you can take a screenshot of someone’s home screen on their phone and set it as their wallpaper.
So their wallpaper is all their icons, and then you move all their apps into a folder on their own. And of course they’re clicking on things, thinking, why doesn’t this work?
Why, what’s wrong with my phone? Is my screen not working?
GEOFF WHITE
I love that. I really love that. That is next level nasty.
GRAHAM CLULEY
I tut away and shake my head disapprovingly. It’s all very juvenile. You shouldn’t fiddle with someone else’s phone.
But what if people were to use their own phone to pull a prank on someone else? That is something which has been happening lately in India.
In fact, a few thousand people in India found out in recent weeks that something rather bad has been going on.
And it’s been rather worse than changing someone’s phone so it rings an alarm at 3 o’clock in the morning and wakes them up.
You know, it’s worse than that kind of dirty trick you can do. What they’re doing is they’re standing on a busy street, right? Imagine the scene.
You’re in North India, you’re standing on a busy street. Saw the traffic going past. And—
GEOFF WHITE
That is a really, really busy street potentially.
GRAHAM CLULEY
Wouldn’t you have loved the powers? A bit like Moses, Geoff. Wouldn’t you have loved to be able to part the seas of traffic so that you could walk safely across?
GEOFF WHITE
Yes, yes, I really would.
GRAHAM CLULEY
Well, something a little bit like that has been going on because there have been people who found that all they need to do is open up an app and then with a single tap, they can stop a stranger’s vehicle dead in its tracks as it goes past them.
And they don’t need any special privileges. They don’t need any special permissions. They don’t need to know any passwords or anything like that. You just tap.
And the particular type of vehicle that they have been stopping dead in its tracks is an e-rickshaw. I didn’t know that e-rickshaws existed.
GEOFF WHITE
Surely that’s an Eric Shaw. It only gives rides to people called Eric. It’s a tiny market, particularly in India.
GRAHAM CLULEY
I suppose. I suppose.
GEOFF WHITE
I took an Eric Shaw here. I took a Geoff Shaw, but that’s fine. Yeah, yeah. Got a Graham Shaw. That’s fine.
GRAHAM CLULEY
Well, so this thing, a rickshaw, Geoff, a rickshaw. A rickshaw, obviously.
GEOFF WHITE
Electronic rickshaw.
GRAHAM CLULEY
It’s the same kind of thing. But this is one which is powered by a battery rather than by a little petrol motor. And it’s a three-wheeled little vehicle.
And these are really popular in South Asia. They’re lightweight. They’re not very expensive. They’re powered by battery.
And for millions of people across North India, including Delhi and the like, they are part of people’s daily commute.
And for the drivers of these vehicles, that is their livelihood.
If their rickshaw isn’t running and they don’t earn a wage, that means they’re not earning any cash, not able to buy any food.
It’s pretty serious if someone can stop it dead in its tracks without you expecting it while you’re driving along.
Potentially also a safety hazard as well, because if you are going a fair clip on one of these things and it screeches to a halt, because of course, you know, think of what electric motors are like.
It’s not like, you know, you’re— it’s dead. It’s not moving any longer. So this is a prank which has emerged.
Teenagers standing near moving e-rickshaws open an app on their smartphone. They remotely cut off the vehicle’s power. Suddenly stops.
And may not surprise you to know that a lot of people think this is not something to be universally applauded.
Some people are even saying this is the worst thing to have happened since hoodie-wearing, happy-slapping teenagers started downloading ringtones.
This seems to be the new habit which has emerged, and it’s made all possible, Geoff, by an app called BatBMS.
GEOFF WHITE
Ah, I was wondering how they were doing this. Okay, right.
GRAHAM CLULEY
Yeah. So have you heard of BatBMS?
GEOFF WHITE
I have not. Not an app I’ve got on my phone?
GRAHAM CLULEY
No, not to be confused with BatPMS. That’s an entirely different issue.
GEOFF WHITE
The bat’s menstruating.
GRAHAM CLULEY
But BatBMS, that stands for Battery Alarm Telematics Battery Management System.
GRAHAM CLULEY
It was actually built for solar panels and marine batteries, off-grid power systems. So if you, for instance, Geoff, I can imagine you going on very glamorous holidays.
GRAHAM CLULEY
So I can imagine you may be hiring— keep imagining, because it doesn’t happen, but I can imagine you going up and down the waterways of England, for instance, in a canal boat, a narrowboat.
GEOFF WHITE
Oh yeah, yeah.
GRAHAM CLULEY
And you may have this app because what this app allows you to do is to control its management system via Bluetooth.
GRAHAM CLULEY
So it’ll tell you its charge level.
GRAHAM CLULEY
Its voltage, its temperature. And if you wanted, for instance, to do a little bit of maintenance, there is a thing for completely shutting off the power in the battery.
GEOFF WHITE
Ah, there’s the one. There we are. I was like, I wonder where we’re going. Okay. Now this is making a bit more sense.
GRAHAM CLULEY
So they’re running on compatible hardware, same kind of thing which you’ll be finding in other places.
And so a perfectly respectable app, which you can use for checking your solar battery storage, can end up being a weapon in the hands of a pedestrian or the person behind you who wants to — gosh, you know, wants to cause your little e-rickshaw to come crashing to a halt in the streets of Delhi.
GEOFF WHITE
And you think, well, yeah, I’ll need to monitor the battery, and there’s probably a little light on the battery somewhere, but it’s much easier.
And you can imagine how the person who sold you the battery would say, well, don’t worry, there’s an app, you can just monitor the batteries on your phone.
And you think, that’s great, it’s like a dashboard readout of how my battery’s doing. I’ll install it.
But what they don’t tell you is, oh, there’s a function there that can kill the battery.
But how are the strangers connecting to someone else’s rickshaws’ Bluetooth to get to the battery. Is Bluetooth just connectable by anybody?
GRAHAM CLULEY
Yes. It turns out it is. It turns out there’s no password. It turns out—
GRAHAM CLULEY
And then you can just simply scan for nearby batteries and say, which one do you want to connect to?
GEOFF WHITE
That’s brilliant, because it’s like war driving, only it’s war not driving. Yes, I couldn’t resist. The joke was there, I had to have it.
GRAHAM CLULEY
Well, hopefully not boom, but you’ve got full access to the control panel and you can instantly disable it.
And the firm that made this battery system, they obviously assumed that whoever was standing near the battery was the person who owned it.
And they thought, well, why would we put a password on it?
GRAHAM CLULEY
Not such a great idea. And people are finding this hilarious. Presumably not the people who own the rickshaws.
GEOFF WHITE
I was gonna say, yeah, some people find it hilarious, yeah.
GRAHAM CLULEY
I’ve done a bit of searching on YouTube and Instagram and the like and the TikToks, and lots of people are posting up videos now of this going on.
And some of them are painting it as, I can get revenge now on these rickshaw drivers, ’cause I get fed up, you know, you get fed up with the other rickshaw drivers or how they’re driving or whatever.
And so you can stop them in their tracks. And some people are even reportedly paying strangers so that the drivers get stranded, right? They just think, well, what’s going on?
I don’t understand why my rickshaw keeps conking out.
GEOFF WHITE
I’ve got Eric in the back and he’s angry. He’s not happy anywhere.
GRAHAM CLULEY
And they’re charging 200-odd rupees or whatever for the fix. But of course, it’s them who’ve actually done the darn thing.
GRAHAM CLULEY
There’s a video of one guy, he looks like an elderly chap, he’s driving around his little rickshaw, and you see him pushing it by hand for about 3 kilometres in the heat of Delhi.
GRAHAM CLULEY
I guess just for the clicks because people are sharing them and watching them and being outraged by them. All because of an app. An app, Geoff.
GRAHAM CLULEY
Which they downloaded from the official App Store or the Google Play Store. So it’s available to everybody.
GRAHAM CLULEY
So I wonder, you know, legally, where do you think they stand on this?
GEOFF WHITE
The thought that goes to my mind is, if this was the UK, for example, you’ve got a vehicle on the street, vehicles on the street are under the Highway Code, they’re often licensed and regulated.
If there’s a component in the vehicles that’s that vulnerable, I think that would fall under some kind of UK legislation.
We have UK legislation about default passwords, I’m pretty sure that got passed recently. But immediately I’m thinking India. I mean, for a start, Indian states work differently.
It’s a federal, you know, thing. And secondly, from my visits to India, the writ of the government and its legislation enforcement does not run very far.
So the idea of regulating all the rickshaw drivers, I don’t know legally where you’d — and to be honest, I don’t think anyone’s got any legal comeback on anybody for this.
It just seems like one of those grey areas.
GRAHAM CLULEY
There is some sort of computing device in there which is managing the battery, and anyone accessing it without the permission and knowledge of the owner of that device is committing an offence.
GRAHAM CLULEY
Now, good luck.
GRAHAM CLULEY
Identifying who it was and bringing them to justice and getting the police to understand what has happened.
GEOFF WHITE
It’s the guy standing nearby laughing hysterically with his phone in his hand. That’s the one who got your Bluetooth battery compromised. Yeah.
GRAHAM CLULEY
So technically it is a crime, so we have to do our tut-tutting. Yes.
GEOFF WHITE
Or tock-tocking.
GRAHAM CLULEY
And the Chinese makers of this battery system have apparently pushed down an update which patches the app, and now requires a password to be entered to access the battery.
Now the problem is, the firmware on the rickshaws, on their batteries — how’s that going to get updated?
And are people going to know to update it so that it requires the password? So it’s all very well updating the app.
GRAHAM CLULEY
So it demands a password.
GRAHAM CLULEY
But you’ve got to do both sides of it, haven’t you?
GEOFF WHITE
Oh, I see. Because the battery communicates with the app, so there must be some Bluetooth transmitter or some connection.
GEOFF WHITE
Yeah, it’s got to be a Bluetooth transmitter from the battery, and within the battery there’s an operating system or something that’ll need updating.
GRAHAM CLULEY
That’s right.
GEOFF WHITE
To require the password on that side as well as the phone side. Now I see.
GRAHAM CLULEY
And what’s the likelihood of people knowing about this problem, or knowing how to fix it, of it being easy to fix? I suspect it’s pretty remote.
GEOFF WHITE
And by the way, in order to communicate with your battery, plug in the battery and upload the — can you do something like that? I don’t know.
GRAHAM CLULEY
And, you know, is this going to cause us more support queries? I don’t know if it’s going to happen or not. The good news is not all e-rickshaws are affected.
If anyone out there has even called Eric — yes, if we have an Eric Shaw listening.
GEOFF WHITE
Eric Shaw. Wait, I’m searching my LinkedIn now.
JOE
Graham, am I right in thinking that Arctic Wolf are sponsoring the show this week?
GRAHAM CLULEY
They’ve just published a new report, 2026 State of the Cybersecurity Attack Surface, and they analysed over 800,000 real IT assets to find out how exposed organisations actually are.
JOE
And I’m guessing everything is hunky-dory.
GRAHAM CLULEY
No, not so much. The reality is they found 1 in 3 IT assets is missing at least one critical security control.
JOE
1 in 3? That’s terrible.
GRAHAM CLULEY
Isn’t it just? 10% of assets have no endpoint security at all. 17% are completely invisible to the tools that are supposed to be monitoring them.
JOE
So the tools don’t even know those assets exist.
GRAHAM CLULEY
Right. Ghost assets wandering around your network, unprotected, unmonitored.
JOE
Nobody added him, nobody removed him, and he’s been quietly in there for 11 years downloading maps of Paraguay.
GRAHAM CLULEY
That’s the path of least resistance.
JOE
So what does the report tell us to actually do about it?
GRAHAM CLULEY
And the report is free to download.
JOE
And please keep an eye on your IT assets and retired geography teachers.
GRAHAM CLULEY
Geoff, what have you got for us this week?
GEOFF WHITE
As you know, Graham, I am an internationally renowned author with a string of immensely successful books to my name. Which means, of course, I am swimming in money.
GRAHAM CLULEY
Yes, like all authors. Authors are very rich.
GEOFF WHITE
Yeah. Mainly my problem is where I’m going to park all of these Lamborghinis, you know, just running out of space for my Gucci suits.
GRAHAM CLULEY
The thing with writing a book is it’s very easy and quick to write a book, and you just earn a mountain of cash.
GEOFF WHITE
No, obviously this is all — look, I’ve written 3 books and they’ve done pretty well by all standards.
But if you buy a copy of my paperback book for like 7 or 8 quid on Amazon, I think I maybe get about 50p, 70p, something like that.
So, you know, you really would not make a lot of money, which is why it’s been intriguing over the last few months to start receiving message upon message upon message from book marketing experts as they declare themselves.
And they’re really interesting because they all kind of run to a pattern. Emails are clearly AI-generated because there’s loads of it.
I think one of the giveaways now with AI-generated messages is nobody writes that much, you know?
And it starts out with, “Geoff White, your books deal with the intersection of organised crime and technology.
You have covered fraud and money laundering and stuff.” And I’m like, yeah, I know, because I wrote them. I wrote that blurb.
And they say, “But Geoff, you’re missing out on a huge audience of people.
And we book marketing experts can, you know, link you in with this as well.” So I did go back to one of these people at one stage and sort of said, well, what does this sort of involve?
The reply to my messages again was so painfully AI-generated.
GEOFF WHITE
It’s one of my favourite questions to answer.” And basically it was a kind of stage one, pay us $500, we’ll do a book competition marketplace analysis.
GEOFF WHITE
And I was like, you’ll put my book into ChatGPT and ask for a market analysis and send it to me. That’s what you’ll do.
GRAHAM CLULEY
It’s a bit like going to the Amazon site and seeing other books a bit like this — “you might also like,” isn’t it?
GEOFF WHITE
They’re basically trying to escalate you up. Now, reading around this, I wouldn’t say this is necessarily a scam per se.
Some of it is just shoddy, you know, you’re getting just bad service, crap service, and you’re paying through the nose for it.
Which already makes me think, why have they identified authors for this? We don’t have a lot of money, you know.
But interestingly, when I asked what titles this person had worked with, they gave me a whole bunch of Kickstarter titles, you know, authors who’ve gone on Kickstarter.
And I think on Kickstarter, some authors maybe do have the idea that if you pay for marketing, you’ll somehow sell loads of books and be the next Dan Brown or whatever, you know.
Anyway, I started seeing these coming through and I found them quite intriguing. And then one of them got in touch with me and said, “My name is Robert.
I run the London Wine and Dine Book Club.”
GRAHAM CLULEY
Right. Lovely.
GEOFF WHITE
Meanwhile, I found the real London Wine and Dine Book Club, which is a real book club and does exist and is run by a man called Robert.
GEOFF WHITE
I have nothing to do with this whatsoever.” So I went back to Fake Robert and said, you know, how does this book club opportunity sort of work?
And Fake Robert said, well, what I do is I organise a Zoom meeting with all of my thousands of members and you appear on the Zoom meeting and you can talk about your book and then I will buy your book.
And I said, “Oh, right. Will you be at this Zoom meeting? Are you asking the questions?” And Fake Robert said yes.
GEOFF WHITE
Now, frustratingly, what I wanted to do was obviously not pay them before this happened.
GEOFF WHITE
You know, “I’m a Nigerian prince, I’ve got a million pounds. I need to get out the country.
If you can pay me $1,000, I will get the money out and I’ll pay you.” I mean, these are literally hundreds of years old, these scams. So this is an advance fee scam.
They want money up front and then they’re gonna give me the Zoom session later on.
What I wanted to do was try and egg them along and see if I could nail them to do the Zoom session before paying them money.
GEOFF WHITE
Have you got another way that I can pay you?” And so they came back and I kept delaying it, delaying it till the Zoom meeting got closer and closer.
Frustratingly, I said, “Look, let’s just do the Zoom session. I’ll pay you afterwards.” Right.
And they said, “No, there’s a whole bunch of preparation we have to do for this Zoom meeting.” So they’d sussed out they shouldn’t do the Zoom meeting before they got the money.
However, there is a sort of postscript to this, which is quite intriguing. They have so far given me no less than 5 different bank accounts and payment methods, right, to pay them.
All of which, of course, I have prima facie evidence, are being used to launder the money from a fraud. Clear evidence they’re not the London Wine and Dime Box Club.
And therefore, my next step, obviously, is to go and report each of these accounts to the relevant banks and get them shut down in connection with money laundering.
I then intend to contact fake Robert and say, “Did you Google me before you got in touch with me to find out the stuff that I do?” ‘Cause I’m pretty sure Robert is going to shit his pants — fuck off.
Sorry, you’ll have to bleep that out, but I just hate people like this.
This poor guy, Robert — he set up this book club and now his good name and his — I’ve met Robert, we met face to face in London.
I met the book club members and their name is now being used by some slummy scammer to defraud book authors.
I hate all of this and the more pain I can cause this person, the better. So for listeners, please watch out for my post on LinkedIn.
If you’re connected to one of the banks or know someone at one of the banks that I post, ’cause I’ll be posting the names of them.
Let me know who’s in the fraud department or the AML department so I can get these accounts shut down so we can at least cause this guy some pain.
GRAHAM CLULEY
Well, we’ll include a link to that LinkedIn post in our show notes so that listeners can — oh God, there’s another one.
GEOFF WHITE
And again, I’ve done the same thing, but this time I said to them at the beginning, “Have you Googled me? Do you know who I am and what I do?
And are you confident you want to give me your payment details?” They came straight back with a bank account and I’ve gone back and said, “I need another one,” and I will keep rinsing them for bank account after bank account.
I know I can’t stop the problem. I know it’s a Sisyphean task, but damn it, if just to cause them a bit of pain and make their day worse, I just can’t resist.
JOE
This week’s episode is supported by Vanta.
GRAHAM CLULEY
Joe, what’s your 2 AM security worry?
JOE
Honestly, whether I remembered to hit the record button. No, no, no.
GRAHAM CLULEY
What’s your proper security worry? Like, do I have the right controls in place? Are my vendors secure?
JOE
Nope. I’m still worried we might not actually be recording. Okay.
GRAHAM CLULEY
Look, how about the really scary one? How on earth do I dig myself out from under all of these ancient tools and manual processes?
JOE
Okay. Fair enough. That does sound scary.
GRAHAM CLULEY
Well, enter Vanta. Vanta automates the manual misery, so you can stop sweating over spreadsheets, chasing audit evidence, and filling in endless questionnaires.
JOE
That’s right. Their trust management platform continuously monitors your systems, centralises your data, and uses AI to flag risks and keep you audit ready all the time.
GRAHAM CLULEY
That’s V-A-N-T-A.com/smashing. And listeners, you can get $1,000 off.
JOE
And thanks to Vanta for supporting the show.
GRAHAM CLULEY
Joe, you did hit record, didn’t you? Me? Yeah, it was your job.
JOE
I thought it was you.
GRAHAM CLULEY
Pick of the Week is the part of the show where everyone chooses something they like.
It could be a funny story, a book that they’ve read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish.
It doesn’t have to be security-related necessarily. Well, my Pick of the Week this week is not security-related.
My Pick of the Week this week is a little gadget which I have in my office. You know, I’m kind of against all this IoT stuff, Geoff, you know.
GEOFF WHITE
Given what we’ve talked about with the rickshaws, I think you’re right.
GRAHAM CLULEY
Exactly. It’s not that I now have a rickshaw on my driveway, but what I do have now is I have a smart plug.
GRAHAM CLULEY
Well, yes, I am a bit of a late adopter, but I found it rather useful. So I have a nice-ish DSLR camera, right?
Which I use as my webcam, which is back there somewhere, behind this screen. That’s fabulous, but it’s all the way back there.
And to try and turn it on and off, I’ve got to find the little on/off button.
And when I try and hit it on the camera, I inevitably change the zoom or I fiddle around with it or I knock it so it’s no longer pointing in the right direction, which meant that I was just leaving my camera on all the time and it was plugged into the mains or whatever, but it was just always on.
And then I thought, well, I don’t want my camera on all the time. That’s not a very good idea for a security professional, is it? Precisely.
And so I thought, oh, what I’ll do is I’ll have a smart plug which I can programmatically turn on and off.
And so I did a little bit of vibe coding with the old AI, and I wrote myself a little tool which can turn that plug on and off again.
I’ve got a little thing in my menu bar and it’s flashing a red camera icon in my menu bar at the moment, which says, your camera is on, Graham. And I can just flick it off again.
So with the smart plug, I can control this device and I’ve found it quite handy. So I’ve actually found a use for it. Whereas normally I think, who needs a smart plug?
But actually, yeah, it’s something that’s been useful to me. And so that is my pick of the week. It is from Tapo. Others are available.
I’m sure it didn’t cost very much money, but it was actually really the coding — it was doing all the work with the bits of string and the pipe cleaner.
That was the fascinating bit, actually getting the code to work properly.
With a lot of help from AI to do the coding for me, to programmatically get it to work efficiently and effectively and reliably as well.
GEOFF WHITE
I was on OnlyFans with it, I had a couple of other platforms, and now the well has run dry.
GRAHAM CLULEY
Sorry about that. If you become a Patreon supporter, you can get access to all of that content. Not really. Geoff, what’s your pick of the week?
GEOFF WHITE
And oh, it’s just brilliant when you have time off, because I got up in the morning, had a crumpet and a cup of tea, and I sat on the sofa with my little niece watching satisfying videos on YouTube.
Have you come across these, the satisfying videos?
GRAHAM CLULEY
No, what’s a satisfying video?
GEOFF WHITE
If you just search satisfying videos, there’s loads of different things. So for example, you might have heard of videos where people pressure wash their patio.
GEOFF WHITE
It goes over into sort of slime and gunk videos because some of it’s about people digging their hands into slime or making slime.
There’s a whole rug cleaning YouTube culture where people get rugs that are dirty and then clean them with things.
And then there’s this whole other meta layer where there are people who have entire YouTube careers commenting on other people’s YouTube videos of cleaning rugs.
We are just through the rabbit hole, but I gotta say, it’s a hell of a way to spend 3 hours in the morning. It’s really, really great.
GRAHAM CLULEY
I can’t believe that I didn’t do that.
GEOFF WHITE
You’ve got a DSLR. You just sellotape the DSLR camera, Graham, to your head and then point it downwards as you— and you’re quids in, you’re monetised, baby.
GRAHAM CLULEY
You’re an influencer. So your pick of the week are these satisfying videos on YouTube.
GEOFF WHITE
Satisfying videos.
GRAHAM CLULEY
And hanging out with Anice and having a couple of days off.
GEOFF WHITE
Lovely family moments.
GRAHAM CLULEY
I’m sure lots of our listeners would love to follow you and find out what you’re up to — what is the best way for them to do that?
GEOFF WHITE
Best way is probably LinkedIn. Just search Geoff White. It’s Geoff with a G, G-E-O-F-F, and White like the colour, and I am there.
GRAHAM CLULEY
And don’t forget to ensure that you never miss another episode.
Follow Smashing Security in your favourite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts — for episode show notes, sponsorship info, and the back catalog of 476 episodes, check out smashingsecurity.com.
Until next time, cheerio. Bye-bye. Bye. You’ve been listening to Smashing Security with me, Graham Cluley. Huge thanks, of course, to Geoff White for joining us this week.
Marvellous stuff as always. Thank you, Geoff. And also big thanks as well to this episode’s sponsors, Arctic Wolf, NordLayer, and Vanta.
And also to the following fine folks who are amongst our fantastic Smashing Security patrons. So big cheers go to Saitel, Andrew Davison, Lisa.
Thank you to Robert Øjdegård — his surname looks like it was assembled by someone who really wanted to use up all their vowels.
Robert Martin, proof that you can have two Roberts in a shout-out, both equally appreciated.
Huge thanks also to Scotia, Greg Bailey, Christof Goossens, and final one for this week, Bravo Whiskey. We salute you in whatever phonetic alphabet you prefer.
Those are just a few members of Smashing Security Plus, which means that they get their episodes ad-free, earlier than the general public as well, by a couple of days, and they can have their names pulled out at random to be mercilessly mocked at the end of the show.
If you fancy a bit of that, just head over to smashingsecurity.com/plus for all the details where you can become a patron.
And there are other ways you can support the show as well, of course. Like you can, well, like the podcast, subscribe, leave a 5-star review — go on, why don’t you do it?
I know I say this every week, but it really does make a big difference. And tell your friends about the podcast as well. Go on, spread the word.
The more people who listen, the more encouraged we will be to get up to number 500. Not too far off, are we? So until next week, thanks for tuning in.
Until next time, toodaloo, bye-bye.
