High-speed train hacks and homicidal lawnmowers
Smashing Security
Graham Cluley
4.7 • 579 Ratings
🗓️ 20 May 2026
⏱️ 56 minutes
🧾️ Download transcript
Summary
A 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a screeching halt. His defence in court? Possibly the most creative excuse we've heard all year.
Meanwhile, owners of $4,000 robot lawnmowers are discovering that their gadget can be hijacked over the internet, redirected at journalists who foolishly lie down in front of it, and used to harvest Wi-Fi passwords, email addresses, and GPS coordinates. Change the default password? Sure - until the next firmware update silently resets it back.
Plus - don't miss our featured interview with XBOW's Brendan Dolan-Gavitt about how AI is transforming penetration testing.
All this and more in episode 468 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Geoff White.
EPISODE LINKS:
- Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom - TechCrunch.
- Man accused of stealing Beyoncé’s unreleased music takes guilty plea - ABC News.
- Shai-Hulud code drop: Open season for supply chain attacks- ReversingLabs.
- Student hacked Taiwan high-speed rail to trigger emergency brakes - BleepingComputer.
- Polish teen derails tram after hacking train network - The Register.
- The Cheap Radio Hack That Disrupted Poland's Railway System - WIRED.
- The man with an army of Yarbo robot lawn mowers - The Verge.
- Ever been run over by a robot? I have - for science! - TikTok.
- RD280UA 28” WQXGA BenQ Programming Monitor with Backlight and Flexible Arm - BenQ.
- Kai Shun DM-0708 combination sharpening stone, grain 300/1000 - Knives and Tools.
- AI-Assisted ICS Attack on a Water Utility - Dragos.
- Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access - Google Cloud Blog.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
SPONSORS:
- Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- XBOW - The autonomous offensive security platform that helps security teams scale. Start a pentest today.
- OPSWAT - Read Benny Czarny's book, "Cybersecurity Upside Down", to rethink how you protect your organization from file-based threats, including those powered by AI.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!
FOLLOW THE SHOW:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Why am I tempting fate? Don't do this at home. |
| 0:06.1 | Oh, oh yeah. No, that's not comfortable. That is not comfortable. |
| 0:10.2 | Smashing Security, Episode 468, high-speed train hacks and homicidal lawnmowers, with Graham Cluley and special guest Jeff White. |
| 0:30.3 | Hello, hello, and welcome to Smashing Security episode 468. My name's Graham Cluley. |
| 0:34.5 | Hi, and I'm Jeff White. |
| 0:35.7 | Jeff, welcome back to the show. Always a pleasure to have you on. |
| 0:40.2 | Of course, our listeners know you well from your books, your podcasts. |
| 0:45.8 | The Lazarus Heist is probably the most famous one, isn't it? |
| 0:48.7 | Have you got anything else bubbling away, waiting to surprise us? |
| 0:52.5 | There is going to be, I think I can talk about this. Yes, |
| 0:56.8 | no, I can talk about this because we trailed it. There's going to be a new season of the Lazarus Heist. |
| 1:00.7 | Fantastic. Which the BBC has renamed Cyberhack. The problem we had was it was called the Lazarus Heist |
| 1:07.6 | because, as some of you listeners will know, it's about the Lazarus Group, the famous North Korean elite hacking team. |
| 1:13.0 | And so, obviously, the podcast was about that. But the BBC and all of us really wanted to do things other than North Korea. And so I think the challenge was, well, how do we sort of do that? So they renamed it, basically, was the end result. So Joe Tidy, the great Joe T, with another BBC journalist called Sarah Rainsford, did a series about the Zeus gang and about a guy called Maximia Jacobetz. That was sort of series kind of three, basically, Lazarus Highs. We are doing series four, which is going to be out, think early July, late June, early July, but if people subscribe to CyberHack, you can get it. |
| 1:44.7 | And I can't go into details of what we've got, but it's... It's juicy. It's juicy, isn't it? It is juicy. Yeah. Yeah, we've got some absolutely banging stuff. It's really great. Oh, I can't wait for it. Well, before we kick off, let's thank this week's wonderful sponsors, Expo, Opswatt and Vanta. We'll be hearing more about them later on in the podcast. |
| 2:05.5 | This week on Smashing Security. |
| 2:07.9 | We won't be talking about how open-source toolmaker Grafana Labs told hackers who demanded a ransom to get stuffed after they threatened to release code that is largely already public. |
| 2:19.3 | You'll hear no discussion of... |
| 2:22.3 | Oh, a man pled guilty to stealing hard drives containing unreleased tracks by music star Beyonce. |
| 2:28.3 | And we won't even mention... |
| 2:31.3 | How the gang behind the shy hallood worm have released its code as open source, |
| 2:35.7 | providing a blueprint for other attackers. |
... |
Transcript will be available on the free plan in 14 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from Graham Cluley, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Graham Cluley and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.