The secret Strava service, deepfakes, and crocodiles
35:10 Share

I'm like, afraid of crocodile .

should be and you .

know what I should be because their jazz are like nothing s they can just cut you and .

and they're just down the road from u coral.

They have very little legs. It'll take them a while if they all, they could swim.

Yes.

my nights tonight, could they? Clive stairs.

Smashing security episode three hundred and ninety one the secret rava service deep fakes and crocodile with carta o and gram clue hello, hello, welcome to the smashing security epi de three hundred and ninety one .

my names going clue and .

i'm Carol ario.

yes hello oh.

oh.

are you leaving the show?

No, no, no, no. The A I fix isn't quite that popular yet. So now still.

can we believe out the name?

why?

Why would you want to believe the name? I don't know. You get a lot mention ons.

well, I don't know that we do not as many sticky pickles gets, what would you like, say.

the A I fix? no. But i'd like to kick off the show and think this week's wonderful spotters, one password, blackberry and vento, is their support that helps us give you the show for free. Now, coming up today, show me what you got.

I'm going going. We talking about driving for security.

okay? And i'm gonna asking whether we are deep, faking our way into a hole. All this and much were coming up in this episode, is machine security.

Now chm jumps IT may well have a scape your notice because it's been hidden er a bush about this statical news but there are some elections just around the corner in particular in the united states who you wear of these great oh yes.

my story touches upon them as well because big, big news and that has a global impact on whatever happens. So I think everyone ce watching IT and paying attention to IT. So apologies if you're bored up to your right poles. We hearing about the election.

but it's a big deal. So like camera Harris and don't they're oil in themselves up in regius for their tussle, which is going to be caring on .

november the fifth.

It's not W W E did well, maybe IT is as we know, it's very, very close. The two candidates very close in the post. It's hard to predict the result of the election at this point. One thing we can be absolutely certain of is that Donald trump will be announcing that he won live in hours of the polls closing.

So joe bayden, Donald trump, t camera Harris, these are the very, very, very important people protected by the secret service as our as well that partners millenia trump, joe biden and whoever kalas married to. They are all protective because they're people uh, we don't want them being locked off and it's just about the data at the heart of your company. You don't want your country's leaders or the potential next present to be deleted.

And simply, you don't want your data wipes to you don't want you to be wiped out. Now IT looks like the trump has survived. I think we are pretty clear about that at least.

And tough one assassination attempt against you could be considered misfortune, but to have two begins to look like carelessness by your security team, particularly so close to each other. So I think the question we have to ask ourselves is how well these individuals being protected? Well, okay.

I have no idea where are going with. This is first thing. Well.

according to a report in french newspaper lemond, state of security is less than so. So you know, it's becoming come. okay. This is not a brilliant or fantastic, yes, that that is a new french word, magnetic, magnetic in india. Uh, because lemond says that body guards of world leading political figures are carefully leaking the location.

These are the people unwinged.

yes OK one more carelessly leak in this information. Of course, they are shadowing these top bods IT turns out highly confidential movements of the U. S.

President joe biden, the two people campaigning to be the next present. Don't trump in camera. Harris and other world leaders can be easily tracked online through the straw I knew is going to .

be strapped fit I knew is going na be star. I was gonna, say, driver thirty seconds ago.

So the body guards are used in strada, lemon says. But the whereabout ts, not only of those people, but also millenia trump on biden, can be easily pinpointed by tracking their body guards. Rava profiles.

We have talked about this before with military, yes. And why aren't they listening .

to the show? Six, three, almost seven years ago, we explained how strawy was revealing the movement patterns of soldiers at military bases about a year. O, we scout how russian command was shot dead while out for a joke, seemingly by ukraine, because he was posted his runs on straw.

A, you think if you're going to be protecting in being a body guard for A V, V, V. I P, as you said, yes, you would think maybe i'll leave my I O T watch at home. No, they want to get their steps in.

They want to get their steps in. They're at the pentax. Maybe there's a lot of steps they have to do. They don't. Anna waste IT.

And if you're a body guard, you want to be fate. You're probably into fitness and running around to fit this.

And you're proving you're probably showing your mates right, your other security bad. But I did more. You did. I am smarter and cooler. I'm stronger.

Do you think they do special exercises to strengthen them, their ears because I have those the pieces in all the time. Don't to actually um you .

know what I bet they do because your piece is falling out of my ears all the time. When I had ear buds, they just follow the floor constantly because my ear s at the wrong shape so I bet I could probably build in my cartilage somehow.

So it's not just the president and world leaders are said, it's outside their partners. So yeah millia trun, like I said, Normally, of course, that's not a problem with melani trun because she's highly unlikely to be in the same places her husband, but is still a risk that he could be kidnapped, which could be very unpleasant for her. Special for ransom is pay and she's returned to my local so no.

I was going to say i'm sure he has security but then there there's a catch twenty two there .

yeah that probably quite hunky I would expect.

Yes, with the travel watches.

So sta, anyone who doesn't know is the athletic social network. So rather than showing off your perfect, your room nuts that you're eating, you upload details of your workout and excise regimes and compete against others. See who can do a circuit, the pastors.

And yes, I can be handy to find out other people in your city where they're running, where a good run or a track might be. But of course, if you're sharing this information a little bit carelessly, if you ever got your privacy lock down, a long come journalist from the mind and they find out what you're up to. And it's not just american. Lemon d found out the body cards of french president, a manual macro me. What is there up to?

Is he having long lunches like glass of wine at some beast hole in value.

maybe some cheesy french canion soup? Wonderful night and also glad a mir putin wow. Now I don't think it's his straw as well as I know.

Lemon says IT has traced the driver movements of the manual microns body guards to determine that the french president spent a weekend in a NorMandy sea resort in twenty twenty one. The trip was meant to be private, wasn't listed on his official agenda. They knew he was there because his body guards were there.

In another example, they used an agent draga profile, to reveal the location of the hotel where joe biden stayed in 3Francis scope for talks with the chinese president last year。 Few hours before burden arrival, the agent went joggin from the hotel, and you strive to trace his room. In all, they identify twenty six U. S. Agents, twelve members of the presidential security group, six members of the russian federal protection service, all with public profiles on driver, all sharing their locations online, even during official trips.

You know.

what do you make? vitro?

Two things, one, wow, like wow in this N H other side of me, yeah, totally can see that happening hundred percent.

even though each years of this was first revealed. And he's the thing, right? He's the thing. If the mom is able to work out, unable to track where these people are, this must surely be known about by intelligence agencies of other countries. So i'm sure other countries are tracking.

You got got to find out which countries don't have straw leaking body guards yeah and they're the ones we've been told.

But seeing the intellect, I just we must know about this. While they ensure in that their own leaders are Better defended by their security teams and are not allowing this to happen, the U. S.

Secret service says its staff aren't allowed to use these kind of devices while on duty, but they don't prohibit them for personal use world off duty, so have cautioned on duty twenty four hours a day. You will be doing shifts. So you may go out for a bit of exercise after looking after the president for a bit, and you go for a run round .

the block and means for open profiles, completely open, not like shared with my contacts that you travel to.

apparently completely open.

And I wonder if that is actually not done on purpose, but actually just because a lot of these things that config options are difficult to set up.

right? I was wondering whether this is actually a crafty scheme by the body guards to send attackers off the scent, all they actually attaching their drovers to, like a dog or or something, or a kid on a sky board.

Got.

he's moving fast. Yes.

this is a greyhound. Well.

was he doing going around that lamppost so much? Grow what your story for us this week.

I decided, for Better, for worse, to cover deep fix this week. Part of the reason is because the topic is right in the news at the moment, guessing because of the upcoming elections in the U. S, V, A, yes, deep picks are big.

Ein deal. Deep breaks are granted as a top global risk in twenty four. This all according to the world economic forum.

okay. So I was happy to see some non partisan public service announcements in the U. S. This week warning people about deep fakes trying to dup into not voting.

So we got a series of celebrities have set up a desk telling us to watch up, I unctions the faces business like this, a bit interference or something.

artificial .

intelligence so advanced. You probably can tell that some of us are at real.

Definitely, that's a problem because this election.

bad actors are going to use A I to trick .

you into not voting.

not voting.

Luckily, we hardly know what they are going to do. Use fake phone calls with OS or messages to try to change when, how or where you vote. For example, a fake message saying voting has been accepted.

your polling location has closed or change due to an emergency or you need new documentation .

to vote israel scans designed to trick you into not voting.

don't fall for IT what .

do you think? What do you make of IT clear?

The first thing is, is that what Michael dulas looks like these days? I wouldn't recognize Michael gags.

He's an old gentleman.

Well, no, I know he is, you know, I know he is. O, K. I wouldn't recognize a lot of these people even when they put their names up.

I'm not actually sure they are. But I guess states though, i'm not american. I'm not american.

That's true. That is orlando blue. I don't recognize him without a bow and arrow. So celebs aside.

do you think it's a good add that educates people about ai and deep fakes .

is a very simple message, but is basically saying is A I can be pretty convincing doesn't yes and maybe .

try to convince you not to vote because you think .

all these famous people are talking to but in fact, IT turns out at the end that there, I do know some cheap action or something.

Well, you see, that was my kind of problem with that. So a lot of people have loaded. This is a really great ad.

And yes, okay, I think it's great. The ridge kidding people, but it's a long ad. It's like a one minute thirty seven. Yes, it's too long listeners you didn't hear at all yeah. And I worry that people will lose interest staff way through because people's attention spans are like those of nuts.

And it's only at the end of the ad that they kind of explain how deep fakes work and how someone can appear to be someone else. But for the first minute or so, the deep fake effects are a bit max headroom. Me to my mind. And I wonder if people are going .

to look at glitch. IT is a course is be that obvious.

but get the problem. Like, how do you show how you know how effective deep fakes are by showing a person that looks so real?

Like, know, yeah.

And the thing is, we are pretty crap at telling what a deep fake is, and what a deep fake is not what a real person is. According to a new study by utah valley university, fifty six percent and more than half of U. S.

Test subjects couldn't tell the difference between deep, vacant real content. And that's something that seeing your project analyst said was a bit of a surprise. quote. One of the questions we've been asking as when deep fakes are going to a get good enough that they're actually convincing the day is today.

Now I I heard this, but i'm thinking I remember researched in twenty twenty one that found that as humans, we are biased towards mistaking deep fakes for real people. Because typically when we see a person on the screen, we think is a real person. And we also over restin ate our ability to tell whether something is deep, vague from real.

And I think went some thing is moving as well. Video, you're less likely to think it's fake than a photograph on one because we're used to things being photoshopped. But okay, the truth is that deep fake now. But when you have a deep fake video, if there are not any obvious glitches, you do kind of believe IT o.

let's see how good you actually are. Why don't we go the north western AI generated or real experiment? They're gona show you a series of images.

You have to guess whether it's real or fake, and they'll tell you whether you're right or wrong. Listeners, this isn't the show notes if you want to try IT for yourselves. So if you see my link in the show notes there, right?

So i've got this page where showing me a photograph, and it's asked me, is this a really limit to so i've got a picture here of six, six people, far too attractive. Well, I can tell they're not english first. Well, because they are teeth are too.

These are probably americans are expecting. In fact, they're all far too beautiful. So i'm going .

to say this is fight. This is because he looks in the miro every day and can't imagine that people would be that good looking. You write wrong.

Okay, i'm going to say fake, i'm going to click next. Sin, oh, I was right. okay. OK next. right.

Here's a chap who is sort of doing some kind of exercise on some stones steps looks very uncomfortable. His legs look a bit weird. I'm, hey, on those arms.

I'm not shopping. I'm onna save. Fake, okay? Fake, okay. He was a really image. I've gone wrong already, so i've got a fifty percent hit, right?

It's the same as me. That is what I got. The second image I got, I was like, this is definitely real.

I really looked at IT. I was wrong OK. So misleading. Deep fakes are, I think you and I agree, a seriously big problem. So what do you think a particular wing of the pentagon might want to do with .

them with deep fakes?

yeah. Why would a counter terrorism group within the U. S. Department of defense, the D, O D, have on its wishlist the ability to create a fix? But I imagine they might .

want to use them as, uh, for misinformation purposes, is a weapon which you could use against other countries. That's one reason for the military would want deep fakes, just like they may be worried about them being against them.

They didn't say that those .

words they never do.

Do I think what they said is pretty interesting in itself, though? So what they say is in this, which is they're reportedly seeking quote technologies that can generate convincing online personals for use on social media platforms, social networking sites and other online content for use by special Operation forces. This solution they add should include facial and background imagery, facial and background video and audio layers. The point use this capability to gather information from public online forms to create .

sort of like sock puppets or things or .

faker accounts, to flood social media with these AI bots, to interact and imagine with people to try get real information from real people. But how are they gonna know they are not talking to another boat?

yeah. And on there, bit late to the game here. Have they have been on twitter to late? This I mean that that's it's mostly populated by box, isn't IT.

So why are you still .

there that i'm cleaning on by my finger to the bus numbers? You no, I I am, I am still there are at the moment. But oh my goodness, using IT lesson less.

I was thinking, like what would social media companies say to this, right, to have their like media platforms flooded with boats? But then I certainly cut to me, maybe they don't care at all, because they can just say, oh, that person or that account view this many ads pay me.

absolutely. If the boat goes about attempting to appear authentic as a user, exactly, we'll be clicking on that. So I will will be interacting with them. We'll be replying. And so advertisers, they're going to find IT more and more difficile to tell if someone to .

human or not exactly, they are going to have all these profiles of, like beautiful people. Yes, the ages of nineteen, twenty nine. Okay, so what is the solution here? What is the solution? So I I went around looking around the instead now I found a few cute things. So one was from we forum .

we for um yeah .

that's a .

community for people who enjoy, okay, Carrier.

I didn't you want to see that? Can I onest ly say I didn't even so they're list four things. So when they say technology, that's really important, right?

So basically, detection systems to help identify whether something is a real or not real. The problem with antidetection ke tech, if I can call IT, that is, you know, the false positive thing. So if they get one wrong, a user might get duped.

Yeah, it's going to make mistakes in both directions. IT will incorrectly say legitimate photos and legitimate.

of course, in two policy efforts. So regulation, right? And they're talking about meeting a global stance because obviously deep fakes don't respect you graphical borders.

Yeah, everyone's going to respect regulations. I mean, that's how the internetworking isn't. Everyone played no. But I.

for example, would like IT if an artist selling a piece of work, they can say, A I generated first is not no IT would be nice. Or if a company was saying, hey, look at all the symmetry, you could be AI generated or not or is that crazy?

If no, that would be great. Good luck with that would be my response .

yeah but even if eighty percent follow IT is get me way Better than now. Number three, public awareness, which is you know basically what I am talking about IT now and why we're seeing public services warning people because the more you can look at these people and realize how easy is to fall over like you saw great and I do, the more carefully you might be. And number four is having a zero trust mindset.

Gram, so they write that the zero trust approach in cybersecurity means not trusting anything by default, and instead verifying everything when applied to humans consuming information online, IT calls for a healthy dose of skepticism and constant verification. And they go on. They say, zero trust mindset will become an essential tool to distinguish between what is authentic and what is synthetic, an increasingly immersive online environments.

So okay, wow, right. Basically there's saying trust, no one, right? And that's great for society. Super cool actually. Gram, i'm not even sure you are who you say you are like I have, you know, like I have met you a thousand times, but I think healthy skepticism and with zero trust mindset. Maybe you can fire over two pieces of official ID so I can verify your identity.

And how do I double check every email, every comment that I read? Do I fact? C everything? I read an article every single time to make sure it's from a trusted .

or all we really think people who are browsing tiktok could scrolling on instagram are going to, I don't believe this video, I don't believe this video i'm going to spend no, that is gonna laugh at the cats doing some more sorts.

You say I have no problem, people looking at cats doing some results on social s that's probably what therefore I do one of you know, say be cautious about getting news from those areas yeah because maybe getting news from a non parties of news organizations that are held accountable when they get facts wrong and may have to face, you know, litigation if they are libelous or don't admit their mistakes, means they have a requirement to try and present the news as most honest they can.

And it's just, it's just depressing. M. I, T. Labs says, look, this is how you can actually do this.

Look at the face, look at the cheeks and forehead, look for walls and eyes and eyebrows, and to shadows work like you. And I got fooled on the second one. This is pay attention to blinking. You know, aren't you going to look like a weird w of the person's actually real? So the person on the screen and you're sit, they're scrutinising their moves and looking at their teeth in their airline.

You know our admission impossible. They they they wear those masks and you think of grab them if a neck and turn ripped off, that's what's gonna happening. What would be going up to people in real life? Thing I got might not be really for.

like santa's beard. Yeah, you gonna pull IT just to see if it's actually santa. yes.

Wouldn't IT be nice to have .

secure communications through a critical event, be at a cyber attack, extreme weather event or even civil unrest? Wouldn't IT be nice to know that you are communicating to the right people so you can deploy resources to areas where they are most needed. And wouldn't IT be nice to have all this delivered out of band.

So there is continued communication, even if if your own infrastructure is compromised. The answer is yes. yes.

IT would say hello of blackberry. Thank you. sweet. Certified to meet the highest security requirements. Thank you. Sweet protects against threats to enterprise and local and national security by enabling secure communications on conventional mobile devices with black, very secure. Sweet employees can make secure phone calls and exchange secure messages, including group chats on the devices that they already Carry. How ool is find out more at matching security com slash blackberry and thanks to blackberry for sponsoring the show.

Whether austerity nor scaling your company's security program, demonstrating top note security practice and establishing trust is more important than ever. Venter automates complaints for sock to I saw twenty seven O O one and more, saving you time and money while helping you build customer trust.

Plus, you can stream line security reviews by automating questionnaire and demonstrating your security posture with a customer facing trust center, all powered by venture ai. Over seven thousand global companies like at asian flow health and cora use water to manage risk and prove security in real time. Get one thousand dollars of venture when you go to venture dot com slash smashing that da don't come flash smashing, but one thousand dollars of.

Quick question. Do your end users always and I mean, always, without exception, work on company owned devices and IT approved apps? I didn't think so.

So my next question is, how do you keep your company's data safe when it's sitting on all of and devices? Well, one password has an answer this question, and it's called extended access management. One password extended access management helps you secure every signing that every APP on every device.

Because IT solves the problems. Traditional I A M and M D M can't touch, go and check IT out yourself at one password. Don't calm slash smashing that one password.

Don't come slash smashing. And thanks to the folks of one password, the support in the show. And welcome back. You just saw our favorite part of the show, the part of the show that we like to call, pick the week, pick three.

Big the week is the part to show everyone who is something like to be a funny story, a books that they read, A T, V show movie, a record to podcast, to website, or an APP, whatever they wish. IT doesn't have to be security related necessarily. Better not be my pick the week this week isn't security related. Um I had some children come to is IT me a friend popped round with some children over the half term holidays. And I thought, what shall I do with .

these children first? Kids.

oh, they're about ten and eight.

I think, right? Okay.

yes. And so I thought, okay, I know what to do. I'm gna take them to see the crocodile. And so if we went to this place near where I live in oxford, share could crocodile of the world.

I have seen that sign every single time i've driven that. I've never been .

been before this. Yes, this is my second trip to crow of the world. They have an extraordinary number of crocodile, and they feed crocodile. I am not quite sure what they're feeding them.

Probably not human leg well.

or eight year old children, but they basically dangle food above a huge swimming pool full of crocodile. And these crocodile leap into the air. They probably leave about two or three meters into the air and go through with a greatly clock.

You know, people say, all my free spider ah these right i'm like afraid of crocodiles and you know .

what I should .

be because their jaws are like mEthane SE. They can just cut you in hf.

and they're just down the road from U K.

They have very little legs. It'll take to a while .

if they all, they could swim. Yes.

the nightstand, nightstand. They climb stairs.

So the average strength .

of a human bite.

sixty two pounds per square in hundred and sixty two P. I right? Crocodile have a bite over five thousand pounds.

But I know the guy you have with a little mouse.

they have possibly got the strongest bite of any animal, much more than high, as much more than sharks. Some people say killed whales. Sorry, I should not come that OK. I believe it's politically correct term.

yeah.

Theyve been pretty angry recently, pretty moody. I don't blame them. Some people say they've got A, A, P, S. So I have twenty thousand, which is over, is about four times what .

the core people are. A, I.

no, no, no. This is A B, B, C news report. I was read, I was investigated, so I trust them. Now I don't have you measure the bites over of an orca illae, or indeed a crocodile mp in next time.

And sea IT hurts.

I can tell you the crows got A D clack on them. I don't know if it's cruel. Maybe it's cruel.

Keep them in captivity to be onest. I don't think this crocodile would survive in england if they weren't in this particular environment. And IT seems like they are fed quite well anyway. If you're half term a holiday with your kids, go check out crocodile of the world and not so cheer.

I went there and the kids loved him.

They did. They're probably have no mess tonight. Co, what's your pick the week?

Okay, for this weeks, pick of the week. I would like you all, gram darling listeners, all of you to stand up if you cannot obviously don't do this. If you're driving a upper letter or having sexy times, if you you're having sexy time that you're listen to this show, I can say, wow, okay, cheese.

Now if I stand up, i'm going to further away from the microphone. Okay.

we can still hear you. We can still hear you.

still hear me OK OK.

So i'm gna count. You win three, two, one go and i'm explain first what you're going to do. Okay, yes, I want you to put your hands on your and I want you to stand on one leg for as long as you can kind of like a flamingo, but the other way so you're building you need the Normal way, not like the backward way from, oh, oh, yes, okay, yes, okay.

There's no cheating. Do you wants to put your video once so I can see you because then i'll know if you're cheating or not yeah, okay, I see you perfectly. yes.

Hi, all right. So hands on hips, eyes open. Timers start when I say go and it's gonna stop. If I see gram, your hands move from your hips or you lower your foot. Okay, okay.

ready for eti. Three.

two, one. Go one. Mississippi, two. Mississip, three missions, four, mississippi five has a feeling.

well, a little bit wobbly. It's a little scarier with you do in the countdown .

of this sy twelve, insipid. You're just very well, thirteen, fourteen or you is your is your foot up? I can see your foot.

Yes.

it's is IT just above the ground though?

No, no, it's like perpendicular.

Kay, good.

I look like a number four. Yeah.

you're doing amazing.

Kay, still standard.

How long you think you can go?

You think all day, if that's all right.

so you don't have a nissho. This is very excEllent program.

impressed. I'm still doing IT.

okay? And i'm just checking age. Okay, you're fine. You're fine. Gram, you've passed. You have passed.

congratulation. Okay, alright.

Put my foot down. Well done. So what we were doing, everybody is according to the N.

H S, apparently bounce more than any other activity changes with age, and scientists have reportedly said that he might be because he uses so many different parts of the brain and the body at once. Like, you got got to focus. So you held IT for seconds.

What should you be aiming for? right? So if you're eighteen to forty, you should be aiming for forty three seconds.

that's me.

Forty to forty nine, forty seconds.

right?

Fifty to fifty nine, thirty seven seconds, which you did gram easily.

He said, I have done longer.

7 to sixty nine， thirty seconds, yes, seventy, seventy nine, nine seconds and over eighty, a little over five seconds. So really drops between seven eighty. So if you didn't perform while listener, don't worry, you can improve your baLance and my tip, case practice while you brush your teeth yeah right because you'll see a huge difference in a mere week er or two. That's how I got my baLance going.

Chances are people have one stronger leg than the other as well. I know, so you need to switch IT up a bit.

I didn't tell you use your left lic because I know that would have been much china.

Well, actually, I did use my left leg. How did you? Yes.

oh yeah.

Is marred.

Okay, you know, that's my pick of the week standing on one mag. No, I am not desperate for big as the weeks. Uh, please. Nobody sent me any good ideas ever, please. Thank you.

And that just about rap up the show for this week. You can follow us on twitter at smash insecurity, no jet, which also have a and don't forget to ensure you never missing a episode. Follow smashing security in your favorite podcast APP such as apple podcast spotify and pocket cast .

and giant normous. Thank you to our episode sponsors, fanta, blackberry and one password and of course to our wonderful page yonan community is thanks to them all that this show is free for episode showed tes sponsorship and for and the entire back catalogue more than three hundred and ninety episodes check out smashing security .

dot com until next time Cherry o byebye by.