This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

GRAHAM CLULEY. I don't know about you, Carole, but when you've been in a relationship for a while, things can begin to get a little bit dull, can't they? And I wondered whether pretending to be a pizza delivery man could spice up my love life.

---

CAROLE THERIAULT. You know, my first boyfriend was a pizza delivery guy.

---

GRAHAM CLULEY. What, is that how you met him?

---

CAROLE THERIAULT. No, I was a cook at the same place. When the moon hits your eye— Right, okay.

---

UNKNOWN. Smashing Security. Smashing Security Episode 336: Pizza Pests and Securing Your Wearables with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security Episode 336. My name's Graham Cluley.

---

CAROLE THERIAULT. And I'm Carole Theriault.

---

GRAHAM CLULEY. Carole, you're back from your secret mission. That is fantastic.

---

CAROLE THERIAULT. Yes, it is fantastic. The sun is shining in the UK. Fantastic, I love it.

---

GRAHAM CLULEY. Well, you know, I'm not a big fan of sunshine and— What? Well, you know, obviously it does provide life on Earth and all that, but generally I prefer it a bit chillier rather than warmer. But I've just spent a few days on a beach and I hate beaches.

And historically I've hated sand. But I have to say, for the first time in my 50-something years, I quite enjoyed being on a beach and it was quite pleasant being in the sea.

Sand just reminds me of building sites normally, but I can recommend Woolacombe Bay in Devon if anyone's passing. Lovely waves.

---

CAROLE THERIAULT. Yeah, where the sand hater just learns to love it. Okay, fantastic.

---

GRAHAM CLULEY. It's taken me a long time.

---

CAROLE THERIAULT. Shall we get this show on the road, Graham?

---

GRAHAM CLULEY. Go on then.

---

CAROLE THERIAULT. But before we kick off, let's thank this week's great sponsors, Collide and Beyond Identity. It's their support that helps us give you this show for free.

Now, coming up in today's show, Graham, what do you got?

---

GRAHAM CLULEY. I'm going to be delivering a slice of text pest with your pizza.

---

CAROLE THERIAULT. Okay. And I'm gonna welcome you to self-health management, population you.

All this and much more coming up on this episode of Smashing Security.

---

GRAHAM CLULEY. Now, Chum Chum, I wonder, have you ever had a bad pizza experience?

---

CAROLE THERIAULT. Yeah. Someone ordered a Hawaiian once. Really?

---

GRAHAM CLULEY. Have you got a problem with the Hawaiian?

---

CAROLE THERIAULT. Yeah, it's not for me.

---

GRAHAM CLULEY. I quite a bit of pineapple on my pizza, actually. I think it's quite good.

---

CAROLE THERIAULT. Well, you're a child of the '60s, so, you know.

---

GRAHAM CLULEY. Well, I'm surprised you don't Hawaiian pizza, because where do you think it comes from?

---

CAROLE THERIAULT. What?

---

GRAHAM CLULEY. Canada. Ontario, Canada.

---

CAROLE THERIAULT. Well, I live here, so, you know, maybe that's why.

---

GRAHAM CLULEY. It's the home of the Hawaiian pizza.

---

CAROLE THERIAULT. Shame of Ontario. Shame, shame, shame.

---

GRAHAM CLULEY. A chap called Sam Panopoulos invented the Hawaiian pizza.

---

CAROLE THERIAULT. And there you go.

---

GRAHAM CLULEY. I think it's all right. It's much better than anchovies.

---

CAROLE THERIAULT. Oh no, I love anchovies.

---

GRAHAM CLULEY. Clams still in their shells.

---

CAROLE THERIAULT. And I love clams. Love that.

---

GRAHAM CLULEY. Really? On your pizza? Isn't that a bit clacky?

Oh no, I'm not sure about that. Anyway, I think Hawaiian pizza gets a bad rap.

Well, lucky you if you've avoided bad pizza experiences, because many people are having bad pizza delivery experiences, regardless of the quality of the pizza. Now, we're all familiar with the ICO, Britain's data regulator.

In the past, they've taken a close look at the likes of Facebook and Cambridge Analytica and all those sort of things. But now it's turned its eye of Sauron at pizza delivery services and other companies that might be abusing your personal information.

---

CAROLE THERIAULT. Hmm.

---

GRAHAM CLULEY. What am I talking about?

---

CAROLE THERIAULT. I rarely know what you're talking about, to be honest.

---

GRAHAM CLULEY. Well, according to research done by the ICO, one in three young people have fallen prey to text pests.

---

CAROLE THERIAULT. Text pests. I've never heard that term.

---

GRAHAM CLULEY. People who pester. Well, they text-er. So people who send you pesky messages.

So what the issue is, is that when you order a pizza, you hand over some of your personal information, right? You say, "Hi, it's Carole. Here's my phone number," or, "Here's my email address."

---

CAROLE THERIAULT. Yeah, deliver to this address, right?

---

GRAHAM CLULEY. Deliver to this address, exactly. They need to know your address. You don't meet them on some dark corner, do you?

It's not a spy drop-off point down the park. It's, you know, they do deliver to your door when you want a takeaway delivered. And what's happening is people who work at these companies, these delivery companies, are abusing this information for their own romantic or sexual gains.

---

CAROLE THERIAULT. See, I was thinking something much more financially heisty, the Deliveroo guy is sending on this information for ten cents return to God knows who, as you know, getting money back. But no, it's for love they're doing it.

---

GRAHAM CLULEY. We've got a cheese lover at number fourteen. That kind of information, they could pass that on.

---

CAROLE THERIAULT. Well, no, they could confirm my name, address, phone number to a third party saying it's active.

---

GRAHAM CLULEY. I suppose they could. Well, yeah, no, wait. It seems to be rather more driven by the loins. So let me give you a few examples.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. There is a thirty-something singleton. Her name is Sonia Dillon.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. She comes from Ealing in West London. She was tucking into her takeaway pizza, you know, chomping away, had her mouth in the trough, and her phone goes off.

---

CAROLE THERIAULT. Right.

---

GRAHAM CLULEY. And it was the manager of the pizza restaurant asking if she was happy with her order.

---

CAROLE THERIAULT. What?

---

GRAHAM CLULEY. And so she tentatively said, "Yes, thank you."

---

CAROLE THERIAULT. Not why? What would you do to it? Did you drop it or something?

---

GRAHAM CLULEY. Well, that's the thing. Did you give it some of that special dressing?

---

CAROLE THERIAULT. Oh God. Come on.

---

GRAHAM CLULEY. Doesn't that happen in Betty Blue? Anyway, so she said yes, was perhaps slightly worried. Then for the next couple of days, she continued to receive what she called flirtatious messages.

---

CAROLE THERIAULT. Shut up!

---

GRAHAM CLULEY. Suggesting that she could thank him in person if she was enjoying his lovingly made cheesy crust.

---

CAROLE THERIAULT. What? So this is the—sorry, sorry. So is this the driver? Because he presumably is the delivery guy, is the person who saw, you know, the—

---

GRAHAM CLULEY. According to Sonia, she says it was the pizza takeaway manager who might have been the driver. Who knows? Right? It could have been majority as well. Yeah, yeah.

---

CAROLE THERIAULT. Mom-and-pop shop. Yeah. Okay. Okay, great. This is fun. This is fun. Okay.

---

GRAHAM CLULEY. Maybe if he sees it's Sonia who wants the delivery, he said, "Oh, I'll take out that one." Yeah, I got this.

---

CAROLE THERIAULT. I got this. Don't worry, Dave. Don't worry. You have a breather.

---

GRAHAM CLULEY. Now, I don't know about you, Carole, but when you've been in a relationship for a while, things can begin to get a little bit dull, can't they? You might need to spice up your love life a little bit. And I wondered whether pretending to be a pizza delivery man could spice up my love life.

---

CAROLE THERIAULT. You know, my first boyfriend was a pizza delivery guy.

---

GRAHAM CLULEY. Is that how you met him?

---

CAROLE THERIAULT. No, I was a cook at the same place.

---

GRAHAM CLULEY. Did you have a huge crust? Is that how it all began?

---

CAROLE THERIAULT. What has happened to you? You're over 50. You can't talk like this.

---

GRAHAM CLULEY. Well, I found a website which appears to be dedicated to offering advice for pizza delivery people who want to chat up their clients. It is giving lines, like chat-up lines, for pizza delivery people to use in those kind of scenarios.

---

CAROLE THERIAULT. Is this funded by Domino's? They had a rebrand recently.

---

GRAHAM CLULEY. Maybe they're trying to recruit new drivers.

---

CAROLE THERIAULT. Okay, I'm trying to think of some pizza innuendos without cheating.

---

GRAHAM CLULEY. All right. Okay.

---

CAROLE THERIAULT. Nice pepperoni?

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. Is that what you have? Yeah.

---

GRAHAM CLULEY. So, you know, you're hot enough to burn the roof of my mouth. That's one I rate.

---

CAROLE THERIAULT. I love that. That's so nice. That's what I look for.

---

GRAHAM CLULEY. One which was listed was, "Your eyes look like pepperonis." Now that doesn't sound to me like a good thing.

---

CAROLE THERIAULT. Yeah, I don't know if I'd be flattered. Bloodshot.

---

GRAHAM CLULEY. Huge. I want to give you olive, my love.

---

CAROLE THERIAULT. Ugh, lame.

---

GRAHAM CLULEY. It's quite clever. Oh, right. Yeah.

---

CAROLE THERIAULT. Okra. You could do them with okra.

---

GRAHAM CLULEY. Oh yeah.

---

CAROLE THERIAULT. I don't know why.

---

GRAHAM CLULEY. Stole a pizza my heart.

---

CAROLE THERIAULT. When the moon hits your eye. Right. Okay.

---

GRAHAM CLULEY. There was one person who said, I'm like pizza. You can have me all at once or save me for the morning. Presumably not going to taste that good in the morning, are you?

---

CAROLE THERIAULT. Oh, I don't know. I quite, I like morning pizza occasionally. That's a dirty secret, but yeah.

---

GRAHAM CLULEY. Okay. Okay. Anyway, so poor old Sonia, poor old— back to the real life rather than my love life. Poor old Sonia, she found that this guy started sending her messages on other messaging apps as well. He found her on Telegram, which automatically deletes messages, which meant that she didn't have an audit trail of them.

Anyway, she wasn't sure what to do, and she was going to report it to the company, and the rest of her family said, don't do that because he could lose his job. So she left it. She didn't complain. It seems to me—

---

CAROLE THERIAULT. What? So the parents were worried about his employment as opposed to the harassment of their daughter? OK. Yeah. Great.

---

GRAHAM CLULEY. Because presumably he's not just doing it to Sonia, right? He's probably doing it to many other women, you'd imagine.

---

CAROLE THERIAULT. You know, I wonder if this affects his books, though. You know, because I'm assuming Sonia ain't going back to this pizza joint.

---

GRAHAM CLULEY. But if they do the best pizza in town—

---

CAROLE THERIAULT. Do you put up with a bit of harassment? Is that your question?

---

GRAHAM CLULEY. Or do you call up calling yourself Bernard with a deep voice? And when they come to deliver it, not answer the door, just ask them to stick it through the letterbox. The pizza, that is.

---

CAROLE THERIAULT. I'm sure you can get a voice regulator jobby on Amazon for a few bucks, right?

---

GRAHAM CLULEY. You could. It's Bernard. Bernard. It is scary, 'cause obviously, as you mentioned, they know your address.

And if you take contact details, if contact details are provided to a business and then used to chat someone up, or used in a way people weren't expecting to be used, that is a breach of data protection law.

---

CAROLE THERIAULT. I'm fine with the guy calling up going, "Hey, is my pie tasty?" Right? And then you're like 8 out of 10.

---

GRAHAM CLULEY. You're fine with that? Yeah, I'm fine with one call.

---

CAROLE THERIAULT. I would actually be touched. I'd be like, "There you go, very much." Eight out of ten. You know, next time, you know, make sure the crust, you know, this cheese isn't sticking to the roof of the box. Otherwise, A-okay.

---

GRAHAM CLULEY. I think you're just too sad and pepper lonely. That's what your issue is.

---

CAROLE THERIAULT. How cheesy.

---

GRAHAM CLULEY. So some other people have had problems with this. Breakfast TV presenter Naga Munchetty, she says that she's received unsolicited and unwanted attention from taxi drivers who've picked her up because they had her phone number. You know, when you book a taxi, they have your phone number and it's made her feel unsafe.

---

CAROLE THERIAULT. What, so they call her up afterwards and go, hey, this is Ron, your cab driver from last week, just checking in. If you need a cab, let me know.

---

GRAHAM CLULEY. Or maybe saying, I loved what you wore on the TV the other day. Or, you know, just trying to— you know, people act inappropriately.

---

CAROLE THERIAULT. I don't know. Come on. If someone texts you, if someone emails you, right, about the podcast saying, hey, really nice episode, Graham. Carole didn't really know what she was talking about, but you were fabulous. You are fabulous.

---

GRAHAM CLULEY. Okay, I'm warming to this now.

---

CAROLE THERIAULT. Love Charlotte, right?

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. So if she emails you, you're cool with that. You respond and go, I agree, Charlotte. I am very good and Carole's not so great. If she texted you that, you'd be like, how'd she get my number?

---

GRAHAM CLULEY. Yes, I would.

---

CAROLE THERIAULT. Although you've given your number to loads of people that you don't really know, like loads of businesses and people.

---

GRAHAM CLULEY. Perhaps, but yeah, it's not something that's—

---

CAROLE THERIAULT. You'd be weirded out. You'd be weirded out.

---

GRAHAM CLULEY. It'd be weird. And if she knew my address?

---

CAROLE THERIAULT. What, she's knocking on the door?

---

GRAHAM CLULEY. She might be. Charlotte the Harlot.

---

CAROLE THERIAULT. Graham, you're the best! I've got a banner.

---

GRAHAM CLULEY. Courtney Sherwell is a school support worker from London. She says that she was using this weekly meal delivery service. One day the delivery driver changed, and she began to receive unwanted messages. And again, she was nervous of reporting it, but this time because she thought the delivery person would know the complaint was from her.

There's another woman Lisa from Manchester, I was reading about, she used an airport parking service and the shuttle bus driver who was taking her to the terminal, he said, "Oh, give me your mobile number because that'll speed the pickup when you get to come and get your car later." So she did. And during the holiday, she kept on receiving messages from the shuttle bus driver asking her how the holiday was going. And this freaked her out. And she had to get a friend to come with her to collect her car because she felt uncomfortable when she returned.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. Another woman, Helen, she got messages from a takeaway pizza employee, explicit ones. You know, saying, "Oh, hey, I'm just cooking your pizza. Looking forward to seeing you soon."

---

CAROLE THERIAULT. That's not explicit, Graham. I don't know where you live.

---

GRAHAM CLULEY. No, no. But when he delivered the food, he complained that she hadn't replied. And she said to him, well, you've been in a breach of GDPR, which I have to say does kill most romantic flirtations dead, doesn't it?

---

CAROLE THERIAULT. Depends who you hang out with, Graham Cluley. I have much success with GDPR lines in my life. Oh yeah, oh yeah.

---

GRAHAM CLULEY. Anyway, she ended up slamming the door on him and then was bombarded with messages.

---

CAROLE THERIAULT. Okay, that one's different. This is different, don't you think, from the other stories?

---

GRAHAM CLULEY. Well, yeah, she ended up getting a dick pic sent to her on Facebook as well by this guy. So what do you do about that?

---

CAROLE THERIAULT. Nothing, right? Is it harassment?

---

GRAHAM CLULEY. Well, 66% of people, according to the ICO research, believe that it is not morally right to use personal details given for business purposes for romantic or sexual purposes.

---

CAROLE THERIAULT. 100%. Yeah.

---

GRAHAM CLULEY. Right? Well, no, not 100% Carole, 66%. 5% say it's totally all right. So 1 in 20 say it's absolutely acceptable. Because if she's hot, then you can send her a message.

---

CAROLE THERIAULT. But it's a gray area, right? Because I may decide to have a party, right? And you and I are effectively work colleagues. And I can call you up and say, hey, hey, hey, want to come to my party? And you'd be, how dare you use this line of communication for non-business affairs? I'm going to report you, right?

---

GRAHAM CLULEY. I should report you for a GDPR breach, you reckon?

---

CAROLE THERIAULT. Do you know what I mean, though? And we've had people call us up and go, hi, we provided you with a service or a product. How's it going? Basically phishing for more business, right? For example, I was with a friend yesterday and she got a call from HelloFresh, right? Now she happens to be a hospital.

---

GRAHAM CLULEY. But that's still business related, right? You could argue that that's still—

---

CAROLE THERIAULT. What if he said, how are you today? Bit personal, bit personal, sir. Step off. So I'm just saying it's a gray area. It's complicated.

---

GRAHAM CLULEY. So according to the ICO, it's not a gray area. They say if you're being charming, and arguably that was charming or romantic, it's against the law because the personal details is only supposed to be used in a business context.

---

CAROLE THERIAULT. So, okay, what if— sorry, but what if— what if— come on then, what if—

---

CAROLE THERIAULT. Okay, I'm a sales head honcho and I know how to build the relationship is to do the personal stuff to start with. How are the kids? Right? How's little Jimmy? You know, how's the football? That's how you, how's the car going? You had car engine the other, with your Datsun the other day, the old Datsun. I understand what the ICO is saying. I'm just saying there's a bit of gray. It's all I'm trying to prove. Listeners, you know, I don't know, assess if you agree.

---

GRAHAM CLULEY. If I can bring this back for a moment. The ICO are now calling for evidence on unwanted employee contact, and they're asking for people to report their experiences. They've set up an online form until the 15th of September. You can fill in this form and tell them about how someone gave you a pizza and then tried to give you something more instead. So they've set that up. So, Carole, if you've been upset with any of the messages I may have sent you of a personal nature—

---

CAROLE THERIAULT. Of which there are 1,000, probably.

---

GRAHAM CLULEY. Carole, what's your story for us this week?

---

CAROLE THERIAULT. Wearables. So have you, or do you sport a wearable, Graham? A wearable.

---

GRAHAM CLULEY. I do, actually. My watch is connected to my phone and things these days.

---

CAROLE THERIAULT. And you've had that for a while, or is this new, or?

---

GRAHAM CLULEY. No, I've had it for a while, and I've had those sort of step tracker things for many years. They've done me a lot of good.

---

CAROLE THERIAULT. All right, so for health, use it for health primarily and telling the time, presumably.

---

GRAHAM CLULEY. Telling the time is a helpful thing that you can do. And also, one of the primary things I use my watch for is if I can't find my phone, I can press a button on my watch and my phone will ring. So I'll find out where I left my phone around the house because I've got to that age.

---

CAROLE THERIAULT. Yeah, I do that every day as well. I don't know if it's an age thing. Okay, but you love it, right? So if you lost it and couldn't find it, how long before you would replace your existing watch, do you think?

---

GRAHAM CLULEY. Oh, I don't think I'd be desperate to. I'd maybe wait a month or two.

---

CAROLE THERIAULT. Okay, so you wouldn't be chomping at the bit, but you would definitely replace it.

---

GRAHAM CLULEY. It wouldn't be like losing my phone. It's like if I haven't got a phone, then it's like, how am I going to live? How will I know where I'm meant to be? I need my phone. But my watch, no, I wouldn't feel like that.

---

CAROLE THERIAULT. Okay. So, but basically, you know, most people I know in the UK at least have one. I don't, nor does my Yeti, right? And maybe, well, he doesn't, but maybe it's a tech thing. 'Cause obviously I know a lot of people in the tech industry. So maybe that skews things. US people seem to have it a lot. Actually, most of my US friends have one. And the market research folks say that wearables are a market to keep an eye on 'cause it slowed down a little during the pando, but it's predicted to have a serious uptick. So at the end of last year, more than 1.1 billion people globally probably apparently use their wearables to stay connected.

---

GRAHAM CLULEY. Wow. That's incredible because these things aren't cheap.

---

CAROLE THERIAULT. No, it's 1 in 8 on the planet. Yeah.

---

GRAHAM CLULEY. I mean, they're not really a necessity, are they?

---

CAROLE THERIAULT. I don't— I guess you don't miss— No, but I guess you don't miss what you don't know. I do live by that. But it's not just smartwatches, right? Though that is big news too, because there's so many different providers of smartwatches. You've got Garmin and Fitbit and Google Pixel and Samsung Galaxy and of course Apple. You know, smartwatches themselves have been around for what, about a decade, I guess? 'Cause the Apple Watch X or X started getting some news last week, even though Apple Watch 9 isn't even out yet. So I think this is because whilst 9 is expected to be more of the same, maybe with a few tweaks and a few, you know, flurries, there's gonna be a major redesign for the Apple Watch X, à la iPhone X, if you remember.

---

GRAHAM CLULEY. Oh, who cares? I mean, I don't understand people who have to have the latest watch. It's daft enough that people need the latest phone, but I think a watch, I mean, it's fairly rudimentary what you're doing with it, most people, isn't it? I don't know why people would upgrade.

---

CAROLE THERIAULT. Well, new features that have been predicted is that there's a brand new watch band overhaul. So it's going to use this magnetic system, which of course means that all your existing bands, especially if you've bought dozens of them, will no longer work.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. But there's also whispers of a blood pressure monitoring system as well. As you know, there's more out there than smartwatches. We have, of course, augmented and VR headsets. Okay, so still considered quite big and clunky from the people that have them. But I say watch this space because it's expected in the next few years, we should expect to see these combined with other devices such as your watch or glasses or headphones.

---

GRAHAM CLULEY. Or guillotines. I think that's what they should be combined with. Anyone who's wearing one of those, you just think, oh, for God's sake, just leave planet Earth, please.

---

CAROLE THERIAULT. Have you heard of hearables?

---

GRAHAM CLULEY. Hearables?

---

CAROLE THERIAULT. Hearables.

---

GRAHAM CLULEY. Well, there are very— do you mean like hearing aids? Because there are very cool hearing aids these days, aren't there? They can be tiny. I mean, I think people were embarrassed wearing hearing aids at one time, or some people were, but now they're quite remarkable how small they can be and how clever. And I imagine they would be connected, as it were.

---

CAROLE THERIAULT. Exactly. So they're one part hearing aid and one part headphone. So typically these devices are Bluetooth streaming with hearing aid functionality or health tracking information.

And there's apparently the opportunities grew because hearing aids were declassified as— how do I explain this? So they were declassified in a medical sense, so meaning they could be sold over the counter and there were less stringent regulations. So all this has apparently boosted innovation in the hearable market.

---

GRAHAM CLULEY. I was always told never put anything smaller than your elbow in your ear hole. So I would be nervous of wearing a hearing aid if it was in my ear.

---

CAROLE THERIAULT. Do you wear headphones?

---

GRAHAM CLULEY. As it were. Well, that's over. I don't mind if it's over. Yeah, but they don't go in my ear.

---

CAROLE THERIAULT. Oh, you don't wear little Apple AirPods?

---

GRAHAM CLULEY. I don't like to. I don't like to, no. Right.

---

CAROLE THERIAULT. So things like hearables with biometric or proximity or movement and those kinds of sensors is going to enable them to gather contextual information about the user. So it can do things like mapping. So contextual location-based suggestions.

---

GRAHAM CLULEY. Oh, that sounds scary. That sounds like—

---

CAROLE THERIAULT. Well, you know, just say, hey, don't you want to pop into Boots?

---

GRAHAM CLULEY. Exactly. That's what I mean is the advertisers. They're the ones who are driving this, aren't they?

---

CAROLE THERIAULT. Yeah, well, there's also environment-based noise suppression. So say you're, you know, a few buses go by or something, it'll change the sound to enhance your audio. And there's even things like heart rate tracking and voice-based personal assistance. So all kinds of stuff.

But there was one that kind of blew my mind, and this was smart fabrics and textiles. Have you heard about these? They are known as e-textiles. And the idea is to integrate electronics within the fabric itself, which can then be used for sensing or communication purposes, right?

So this opens up a whole world of possibilities for creating interactive garments. Like, hey, I stink, wash me.

---

GRAHAM CLULEY. Oh, you're so much cleaner than me. Where my mind was going was quite filthy.

---

CAROLE THERIAULT. I'm not surprised. Or your shoes could be like, you only walked 100 steps today, you lazy, you know.

---

GRAHAM CLULEY. I was imagining something with arrows which said, down a bit, down a bit. You're almost there. There. Bing, bing. Thank you. Yes, sorry.

---

CAROLE THERIAULT. I don't know what you're talking about.

---

GRAHAM CLULEY. Nor me.

---

CAROLE THERIAULT. But seriously, so Science Daily have a story about fiber optic pants to offer low-cost way of monitoring movements.

---

GRAHAM CLULEY. Hang on. When you say pants, do you mean American pants or British pants? I don't know.

---

CAROLE THERIAULT. I don't know. I'm leaving that to— I couldn't tell. They also had another story about researchers who developed a fully knitted circuit-embedded knee wearable for wireless sensing of joint motion in real time. How cool is that?

---

GRAHAM CLULEY. What's the purpose of that?

---

CAROLE THERIAULT. Well, say you had osteoporosis or you had the meniscus tearing on your knee. So they were saying, well, do you need an operation? Do you not? Let's put this on, wear it for a week. And we'll see what's going on in there.

---

GRAHAM CLULEY. Okay. All right.

---

CAROLE THERIAULT. And another recent study, researchers from Japan developed a novel wearable chemical sensor capable of measuring the concentration of chloride ions in sweat. So seriously, by using a heat transfer printing technique, the proposed sensor can be applied to the outer surface of common textiles to prevent skin irritation and allergies.

---

GRAHAM CLULEY. I think clothes can already detect when I'm sweating a lot. I think they've got a sort of built-in method.

---

CAROLE THERIAULT. By analysing your sweat, it can tell you, uh-oh, you're near a heat stroke or you're dehydrated, right? Go have a drink, guy. So these are all kinds of wearables.

I haven't even mentioned the Ray-Ban Facebook Stories eyeglasses or the Amazon Echo Frames. So basically the upshot is IoT wearables continue to be big business. And not only do you have a strong hardware market, right, but you have a strong software one, which means that I feel confident in predicting that there's gonna be an increase in IoT hacks — be it device vulnerability, a software one or hardware one, privacy oversight, user error. Do you think?

---

GRAHAM CLULEY. Things could be hijacked, maybe. You could be held ransomware — your knee or your nose or your ear or some part of your body could be seized control.

Didn't this happen? Wasn't there a sex toy? Do you remember the sex toy?

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. Where people got their— they sort of put their cock in a cage.

---

CAROLE THERIAULT. They got taken over. Yeah, it got taken over or something.

---

GRAHAM CLULEY. Yes. Sure, we spoke about that.

---

CAROLE THERIAULT. The thing is, is in all my examples, there was a bit of a health thread, wasn't there?

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. Jesus. And that's the big focus. I know sex is a big focus for lots of people, Graham, so don't feel weird.

But another big money focus is health information and what's available with this new wearable, I don't know what you call it, evolution.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. Because the health data is big business. So who do you think might want to buy, collect, collate, crunch, and analyze health — Google, Facebook, the usual suspects. That's interesting.

I think you're totally right. Amazon as well — I don't even have them in my list, but I think that's absolutely true. Another one is Big Pharma.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. Right? Because wearables can be used for collecting all kinds of real-world data on medications.

---

GRAHAM CLULEY. Or insurance companies.

---

CAROLE THERIAULT. Yes, insurers. Because the insights they derive — tracking everything from your activity levels to resting heart rate, sleep patterns — means that they can refine pricing, right, for you and make more unique risk classes. So it'd be more competitive and it would be more priced for you is the way they're selling it.

---

GRAHAM CLULEY. Employers — they might want to know that you're sweating enough, so you're working hard enough.

---

CAROLE THERIAULT. Right. And also one that might surprise you is healthcare providers. So people like hospitals, like the NHS, because so long as they de-identify records, right, so patients can't easily be identified, they can sell it for big wonga to the big pharmas, to the insurance providers.

Now, one of the problems is this de-identification stuff because according to one expert, he calls it a privacy placebo because it works as well as the thermostat in a hotel room, he says. There's a lot of ways around it. And if the data is re-identified and is hacked or exposed or something, there's a few that could go on, right?

So a few examples he gives: you have medical data that could be used to make fraudulent medical claims. And then what happens is the victim of the identity theft gets all the bills.

---

GRAHAM CLULEY. Yeah. Yeah.

---

CAROLE THERIAULT. Your medical records often contain financial information. So you put yourself at risk of financial theft in that area. So in other words, once the data's out, it's out.

---

GRAHAM CLULEY. Oh yeah.

---

CAROLE THERIAULT. There's no putting the genie back in the box. So yeah, for all these reasons, I think you listeners, you glorious listeners, those of you in the security market might want to pay careful attention to this whole IoT wearable evolution because they're putting a lot of cash in it. And if the explosive growth continues and you have a glut of tech players that don't necessarily see security and privacy as the be-all and end-all, they need someone to help them out. And they'll probably make a buck or two in the process. Do you agree?

---

GRAHAM CLULEY. I think you're probably right. So is there any wearable you think you might consider, Carole, in the future, maybe for you or your Yeti?

---

CAROLE THERIAULT. No, but if you're worried about your own wearable, you might want to visit Mozilla's Privacy Not Included website. We have a link in the show notes because they've done quite a bit of wearable research into a number of popular wearables, and quite a few of them get high creepiness ratings on how much data they hoover up from the user. So check it out. That's me. Carole out. Off the floor.

---

GRAHAM CLULEY. 80% of breaches are the result of stolen credentials. Why does your organization still rely on passwords? Hackers don't break in, they log in, which is why organizations are moving to zero trust authentication, a key requirement for zero trust architecture. What if you could continuously authenticate every user and device accessing your system, ensuring that they are who they say they are and that they are using secure devices? Well, Beyond Identity gives companies the ability to eliminate reliance on passwords and protect against password-based breaches, fraud, and ransomware attacks. Go to smashingsecurity.com/beyondidentity for a free demo. That's smashingsecurity.com/beyondidentity. And thanks to Beyond Identity for sponsoring the show.

---

CAROLE THERIAULT. If you work in security or IT and your company has Okta, this message is for you. For the past few years, the majority of data breaches and hacks you read about have something in common. It's employees. Hackers absolutely love exploiting vulnerable employee devices and credentials. But imagine a world where only secure devices can access your cloud apps. Here, credentials are useless to hackers, and you can manage every OS, even Linux, from a single dashboard. Best of all, you can get employees to fix their own device security issues without creating more work for IT. The good news is you don't have to imagine this world. You can just start using Kolide. Kolide is a device trust solution for companies with Okta, and it makes sure that if a device is not trusted or secure, it can't log into your cloud apps. Visit kolide.com/smashing to watch a demo and see how it works.

---

GRAHAM CLULEY. That's K-O-L-I-D-E.com/smashing and welcome back and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.

---

CAROLE THERIAULT. Pick of the week?

---

GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security-related necessarily.

---

CAROLE THERIAULT. Better not be.

---

GRAHAM CLULEY. Well, my Pick of the Week this week is not security-related.

---

CAROLE THERIAULT. Good.

---

GRAHAM CLULEY. It is possibly privacy-related.

---

CAROLE THERIAULT. Hmm, so is mine actually. I'm just seeing that now. Yeah.

---

GRAHAM CLULEY. My Pick of the Week is a website called Legal Lullabies. I will put a link to the show notes. The domain name, though, is zzzuckerberg.com.

Legal Lullabies is a project created by the TLDR Institute, which stands for the Lazy Data Research Institute. And what they do is they have a lovely voice which reads you, Carole, the entirety of Instagram's terms of service.

---

CAROLE THERIAULT. Oh my God. Let's listen to some right now. No, don't fall asleep, guys.

---

GRAHAM CLULEY. Instagram terms of use. Welcome to Instagram.

---

CAROLE THERIAULT. Oh, this is heaven to me.

---

GRAHAM CLULEY. These terms of use— Exactly. Or terms—

---

CAROLE THERIAULT. These terms— Govern your use of Instagram, except— Brilliant.

---

GRAHAM CLULEY. You close your eyes, you drift away while the terms of service of Instagram are read out to you. There's also a version for TikTok as well.

In all, there's 51 minutes, 43 seconds of this. They really do read out the entire— I was actually surprised it could be all read in less than an hour.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. Out loud. But apparently it can be. And I thought, because a lot of people struggle getting to sleep, don't they? They worry about things.

---

CAROLE THERIAULT. You could have kept this for my birthday. Do you know that? You would have saved yourself a huge amount of stress. Beautiful. Love it.

---

GRAHAM CLULEY. That would have been a bit personal though for me to have known when your birthday was. So I might have got into GDPR trouble if I'd done that.

Anyway, Legal Lullabies at zzzuckerberg.com is my pick of the week.

---

CAROLE THERIAULT. Oh, I just get it now. Zzz like snooze. Got it. Exactly.

---

GRAHAM CLULEY. Yeah, yeah. Got it, got it. Yeah, yeah, yeah. Carole, what's your pick of the week?

---

CAROLE THERIAULT. What do you know of the Havana syndrome, if anything at all? Because I didn't.

---

GRAHAM CLULEY. The Havana syndrome?

---

CAROLE THERIAULT. Yeah. Have you heard of it?

---

GRAHAM CLULEY. Is it something to do with cigars?

---

CAROLE THERIAULT. No. It's a cluster of what can be called idiopathic symptoms. Okay, so it's better to tell you the story.

So in December 2016, a US official in Havana went to the embassy medical center to report this debilitating and confounding illness, I guess. So the symptoms included headaches and nausea, hearing loss, problems with memory and vision, and its onset was characterized by hearing something like a buzzing or hissing or grinding sound.

---

GRAHAM CLULEY. Ah, I think I might have heard about this.

---

CAROLE THERIAULT. Okay, and a year later, so 2017, reports were coming in from US intelligence and military personnel and their families. And these people weren't in Cuba, they were in places like China, New Delhi, India, Europe, Washington, DC.

So there's been loads of reports, there's been 1,000 reports of this. And various federal entities refer to it as an AHI, so anomalous health incident.

---

GRAHAM CLULEY. Right?

---

CAROLE THERIAULT. And I don't know, you can't help but put your conspiracy hat on. And because we're talking spies here, and you're going, what's going on?

And you can learn all about it in an investigative podcast called The Sound: Mystery of the Havana Syndrome. So we have 8 episodes hosted by a UK journalist by name of Nikki Wolff. And he conducts interviews, they do investigative research, there's some theorizing, and there's even some crazy DIY projects that you can listen in on.

But you also have the to-ing and fro-ing from the powers that be, the FBI, CIA, and so on, because they seem to be having a lot of trouble defining and explaining just what's going on. Anyway, really enjoyed it.

So this is called The Sound: Mystery of the Havana Syndrome. Find it wherever you get your podcasts. Or you can find a link in the show notes of Smashing Security.

---

GRAHAM CLULEY. So don't give away any spoilers, Carole, but as I recall, one of the theories was that maybe an enemy state was beaming this sound into US embassies or embassies of countries it didn't like.

---

CAROLE THERIAULT. Potentially.

---

GRAHAM CLULEY. To mess with people's heads.

---

CAROLE THERIAULT. You could be right, Graham, or wrong.

---

GRAHAM CLULEY. Or I could be very wrong. I guess I'd have to listen to the podcast to find out what Nikki Wolff has learned.

---

CAROLE THERIAULT. Yes, that's exactly right. So, Sound's Mystery of the Havana Syndrome. Check it out. I think you'd like it, Clue.

---

GRAHAM CLULEY. Okay. Very interesting. Well, that just about wraps up the show this week. You can follow us on Twitter @SmashingSecurity, no G, Twitter doesn't ask to have a G. We also have a Mastodon account. And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Overcast.

---

CAROLE THERIAULT. And shout out to this episode's sponsors, Kolide and Beyond Identity, and of course to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 335 episodes, check out smashingsecurity.com.

---

GRAHAM CLULEY. Until next time, cheerio, bye-bye.

---

CAROLE THERIAULT. Bye-bye.

---

GRAHAM CLULEY. So this noise, what does it sound like?

---

CAROLE THERIAULT. It's awful. It sounds a bit like a drone. So, like a cicada, really crazy, like a microwave-y. It's basically, it's down to microwaves is some of the theories.

---

GRAHAM CLULEY. Oh, it's not just people with tinnitus or something, is it? It's not, or is it?

---

CAROLE THERIAULT. Well, depends who you ask. Oh, I know. Don't worry, you'll like it. You'll like it. It's good.

-- TRANSCRIPT ENDS --