Whopper Hackers, and AI Whoppers

14 snips

Sep 10, 2025

Lianne Potter, a cyber anthropologist and host of the Compromising Positions podcast, joins to explore fascinating cybersecurity themes. They discuss ethical hackers revealing alarming vulnerabilities in Burger King's systems, including the ability to manipulate reviews. The conversation also dives into a lawsuit involving AI trade secrets and the challenges of retaining talent in the tech industry. With humor, they address the bizarre metrics monitored in fast food and the ethics surrounding insider threats, highlighting the need for better workplace culture.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

AI Monitors Customer Sentiment And Scripts

RBI used AI to analyse customer sentiment and staff friendliness from drive‑thru audio.
This tied intrusive surveillance to performance metrics like greeting scripts and upsell attempts.

ANECDOTE

Admins Could Alter Stores And Reviews Worldwide

Researchers could spam bathroom ratings, edit store listings or even create a fictional Burger King on the moon.
They showed how admin access enabled mass manipulation of customer-facing data globally.

ADVICE

Acknowledge And Reward Responsible Disclosure

Disclose vulnerabilities responsibly and acknowledge researchers promptly.
Public gratitude and remediation beats censorship and the Streisand effect.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Ever wondered what would happen if Burger King left the keys to the kingdom lying around for anyone to use? Ethical hackers did - and uncovered drive-thru recordings, hard-coded passwords, and even the power to open a Whopper outlet on the moon.

Meanwhile, over in Silicon Valley, one AI wunderkind managed to turn a $7 million payday into a career-ending lawsuit by allegedly walking trade secrets straight out the door as he jumped ship for a rival.

All this and much more is discussed in episode 434 of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by special guest Lianne Potter. Hear them they chew over catastrophic fast-food security, insider threats with extra fries, and why even the biggest brains in AI can't stop themselves from doing something utterly stupid.

EPISODE LINKS:

We Hacked Burger King: How Authentication Bypass Led to Drive-Thru Audio Surveillance - Internet archive wayback machine.
DMCA notice - Bobdahacker.
xAI sues former engineer, alleging he stole trade secrets after being paid $7M - San Francisco Standard.
xAI vs Xuechen Li - Court documents.
Classic Reload.
Digger - Classic Reload.
Kingdom of Kroz - Classic Reload.
The Bad Movie Bible - YouTube.
Shark Attack 3: Megalodon - YouTube.
Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORED BY:

Drata - The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.
Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.
Vanta - Expand the scope of your security program with market-leading compliance automation... while saving time and money. Smashing Security listeners get $1000 off!

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".

Privacy & Opt-Out: https://redcircle.com/privacy