Skip to main content

tv   Click  BBC News  May 21, 2017 4:30am-4:59am BST

4:30 am
donald trump is now expected to make a key speech on islam in a few hours time. hassan rouhani has been re—elected president of iran. the moderate easily beat his more conservative challenger. he said iranians had chosen a path of greater engagement with the world and had rejected extremism. china is reported to have killed or imprisoned at least 18 cia spies in what's been described as one of the worst breaches of us security in decades. the new york times says the deaths happened during a two—year period from 2010. the agency declined to comment on the report. pippa middleton, the sister of the duchess of cambridge, has married in a traditional english country wedding. she married the financier james matthews. the ceremony was attended by several members of the royal family and media from all over the world. now on bbc news, time tojoin the team from click. guards!
4:31 am
welcome to the south coast of england, and the country's biggest fortification, dover castle. they say a british man's house is his castle. this week, this castle is mine. like every other home in the land, it needs to be well defended, because these days, it is constantly under attack. the walls make it out burglars, but today's digital invader is wily —— the walls may keep out burglars,
4:32 am
but today's digital invader is wily and can worm its way in through the smallest gaps. last week's global cyber attack on companies in around 150 countries shows just how vulnerable systems can be, even if you are not called into clicking dodgy links. —— even if you are not fooled into clicking dodgy links. so this week, we're looking at cyber security. it's me versus the bad guys out there. and they might be small, but there's a lot of them. so what can i do to shore up my defences? one thing is through biometrics. gadgets already recognise our fingerprint, and now banks are starting to identify us using our voices. so, how secure is it? is it possible, for example, to pick someone‘s voice? we asked dan simmons to give it a go — or most precisely, to find the one person who might stand a chance at breaking into his bank account. thanks, ben. well, one of the things that
4:33 am
you might not know about me is that i am the only member of the click team to have a twin brother. hi. his name isjoe, and we kind of sound quite alike. we kind of do sound quite alike. but i came out first, and hejust copied me. yeah, well, for this report, it's going to bejoe trying to copy me... together: ..as we try to break into a bank. but first, we're going to need some help. yep, i really think this guy is going to help us. right, good, good. all right, nice to meet you. if you'd like to sit down... what we're going to do first is i have this analysis tool here. and what this will do is just detect, first of all, the pitch of your voice. this system that you're trying to break in is analysing your voice in lots of different ways. so there will be about 100 different variables it is picking up on. hello, i'd like to access my
4:34 am
account, please, today... hi, i wondered if i could access my account today. you see there are pretty big differences between them. so who do you think has the bigger adam's apple, out of both of you? i can't see mine. together: yayayayahh. .. i wondered if i could make a withdrawal, today, please. a what? laughs. hi, i'd like to make a withdrawal. that's like "gimme the money!" at the same sort of time... together: yayayayahh. .. together: ayayayahh. .. i've not spent two hours not to get your money. you're going to get excited, that's what's going to happen. and your voice — that will raise my voice, so... all i've got to focus on, it's simple, i've just got to go slower. five seconds. just go slower. it's the first time i've tried to use the telephone banking service, and i'm not set up, so i am hoping... laughs. how many — how long do
4:35 am
you want to make this? a bit shorter, 0k, a bit shorter. that wasn't exactly the way you said it the first time. i'd like to take everything out, today, please. that was. well, we're doing a job, aren't we? i've got a gun. you don't need a gun, do you? your voice is your weapon. take that off! erica is the voice of nice — nice is the voice security provider for citibank credit ca rd—holders in the us, among others. hi, nice to meet you, too. joe's going to try to break into my account, what chances do you think he has?
4:36 am
very slim. what advice can you give me to try and break into his account? well, you've known him your entire life, so try to imitate his voice. she seems very confident about this — what — what why is it that you think that, maybe, my twin brother can't break into my account? voice biometrics is the most accurate form of identification there is for access into financial institutions. why? it registers over 100 different characteristics of voice. half of them are personality, and the half are physical. and you do look a little bit different, and your voices are different, so you will have different vocal characteristics. so therefore, what percentage chance you think i have, then? it would be one out of several hundred thousand. how do you make it so that i can access my account, even if, like, at the moment, i have a little bit of a... coughs. as i said, there's over 100 characteristics, and a cough or cold only affects about two. so we still have all those other characteristics to work with,
4:37 am
and we still have identification. and has anybody fooled the system through the front door? basically, pretending to be somebody they're not? no. can i ask another question? it might be a bit out the ballpark, but is this legal? i just don't want to look like a mug. with the niceties out of the way, i got to work giving the system a sample of my voice — by speaking to it. i know that there might be people who might try to access my account, perhaps, so you need to be aware of that... 0h, ok, you are? 0k. i'm here to break into the account of dan simmons.
4:38 am
joe, you really don't need the gun. what do i have to do? let's give this a shot. 0k? hi, yes, i'd like to access my current account, if i can, please? yes, it's probably about £10, something like that. yeah. thanks very much. that's great. thank you. you failed — but close. wow, look at how close this is over here. look at that. if we come over here, it you can see there's the threshold level, and that — that is pretty close. that was not a bad first go. thatjust came out of nowhere. first go, very good. it came out of absolutely nowhere! that is how you test the system, isn't it?
4:39 am
that is how we test the system. we tested with twins, and siblings, and imitators. you know, a fraudster wouldn't get three chances, and the reason a fraudster wouldn't get three cancers is that we would register the multiple failures, and it would dynamically increase the threshold on the third, and put a flag on the account. right, that is not to say, of course, that is impossible, is it? it's not impossible. it's just very improbable. so, dan, your bank account is still safe, even though your twin got away with some pretty cool stationery. yeah, the old fashioned way. were you surprised that the voice attack didn't work? yeah, iwas, actually. because we really tried hard to match up our voices. you know, we used the voice coach and everything, and itjust bubbled under what we needed and couldn't get in. what about the simpler stuff that we have been asked by banks in the last few years, like "my voice
4:40 am
is my password," did you try that? oh yeah. we had a crack at that. to get into my account, my twin needs my code and my account number, two things i have helped him outwith. he also needs to know my birth date, but that's probably something he already knows. the question is, can my voice print give me any extra protection? secret bank, we're not getting any bank names away... good afternoon. welcome to hsbc. oh, it's... please give us your code. 0h. i've got this one. now, interestingly, it is the pin number, and the account number, which, if you are from the days from the old cheque—book, then both of those things you to print objects. —— used to be printed on objects. so if you've got an old cheque from somebody you already know that. ..your date of birth.
4:41 am
he knows my date of birth because we share the same date of birth. after the tone, please repeat the phrase "my voice your password". —— "my voice is my password". my voice is my password. i'm sorry, i didn't quite get that. is my password". my voice is my password. welcome to hsbc advance. the balance of your account is £121p credit. i'm off to the bank! for your available balance... i thought it would be more than that, dan. laughs. evil twin was in — perhaps more surprising when you consider the service providers test their systems with twins to improve security. i can get into other accounts, apparently, dan, so... hsbc told us... sojoe actually did break
4:42 am
into your real bank account? be my guest. i well, i'm thinking tower of london. yeah, the crown jewels. first off, i need to record dan's voice, so i caught him after work, discussing his next big break in. next, i sent the recording to a voice mimicking outfit called lyrebird. here is their version
4:43 am
of donald trump. i am not a robot, my intonation is always different. not bad — in fact, i have to say, great, the best. we are working with security researchers to figure out what is the best way to proceed with this. and this is one of the reasons we have not published to the public yet. the developers hope that the technology could be used to give people their voice back if they lose it to illness or an accident. but they are aware that it could be used to fake a voice id. it's a scary application, but... one idea we are considering is to watermark the audio samples that we produce. so we are able to detect immediately if it was generated by us. oh, so they're not quite ready to help you. close, ben, but no luck. a few years, though. the banks are actually going to.
4:44 am
they have come up with something quite new, that even if you have somebody‘s details, theirfingerprint, you could even perfectly replicate their voice print... all right... ..you'd still not be get in. i know — because i've tried to hack in. major security no—no man works at an undisclosed financial institution... 0h. he manages innovation, because they have an innovation fi‘ifl'é— gfiglifi §rsu m'flf‘ no luck. it's beaten me. that'll be yours, then. thank you very much. brilliant security tips there.
4:45 am
cyber security headlines this week's tech news, and more on wannacry, the spyware attack on windows 7 computers, with the hackers threatening to release the tools used by the nsa. the group threatened to release tools that threatens windows 10 as well as data stolen from central banks. it is also the week that htc released its squeezy selfie phone, with google revealing an app called lens which turns your smartphone camera into search engine. and spacex released a plan to carry your loved ones‘ remains into space. capsules of ashes will orbit for two years before entering the atmosphere
4:46 am
as a shooting star. a reservation of orders out this world flight cost around £2000. the starter‘s previous efforts though did not reach orbit. and finally in lighter news, over in latvia, this man achieved the first ever human parachuting jump from a drone. rising to over 1000 feet with the help of 28 propellers and a communications tower, he landed safely with his parachute. it's not looking good out there. i have retired to the inner sanctum, dover castle was continuously defended for 900 years right up until the 1950s it was a really successful defence. i wonder whether our homes these days are more vulnerable, especially since we are filling them with more and more connected devices. the internet of things. this is the family room
4:47 am
at the heart of the castle, where the lord and his family could relax with some pretty thick walls. the king could unwind with a game of chess. in the 13th century they did not have the internet of things, but they still had things. so how do we make iot more secure. ken munro is my dinner guest, we keep hearing about these connected devices continually being hacked. why is it so hard for manufacturers to make them more secure? it is not hard. itjust needs some thought, some effort and sometimes spent doing it right. the manufacturer of iot thing is trained to get the market —— get it to market, and if someone comprises their security, do they carry on shipping ordered a comp at us as consumers? do they carry on shipping ordered expose us as consumers? i would hope that security is getting better year—on—year
4:48 am
with these things. i don't think so. i think it is getting worse. everyone is piling into the market, everyone wants to jump on the bandwagon, doing cheaper products with less security and it seems like we are buying it. don't worry about that, it's fine. just give me a hand with this... thanks. in here i have got some iot devices. here is one that i really like the look of. this is my wi—fi doorbell. read idea. great idea. it sends an image of what is going on at your door to your phone, fantastic idea. except you can look at the door, press this button and it will give you your wi—fi key, so you can hack the customers network. 0k, right. it beggers belief.
4:49 am
another one i love talking about, here we are in a castle, this is a smart door lock. so you can lock your doorfrom your phone. it also hooks up with voice control. so with amazon eco, you can say "locker door". it doesn't do anything silly like unlock door, unless you hook it up to siri. you could actually shout through the window "unlock door", goes the burglar, and your door opens. this is a smart thermostat, lots of people have got these, the idea being you can control your heating from your phone when you are on the train home. but we found that actually you can hack them and do crazy things like installed ransomware on them. you could hold your heating system to ransom in the middle of the week. ransomware.
4:50 am
you can turn people heating off and demand a ransom to turn back on? it seems these gaps in our defences caused by our connected gadgets are proving to be a gift for attackers. now come on, really? a smart kettle? what is the problem with a smart kettle? you can boil a cuppa from your bed when you wake up. really great idea. but this early version was not secured properly, you could sit outside someone‘s house, steal someone‘s wi—fi keys from their cattle. from their kettle. could you maliciously boil water in someone‘s house? you could steam up their window to your hearts content. this is more secure. i have locked the doors. 0k! right. how can we defend ourselves in our data if we have a home full of connected devices.
4:51 am
most of the toys and things i have shown you have been fixed already. you have to update your mobile app, to the app store, jaguar update. and with the software on your toy, make sure it is up—to—date. the manufacturers may have fixed the bugs. would you buy a connected device for your children? frnkly i wouldn't, i don't think they are safe. frankly i wouldn't, i don't think they are safe. want extra word of advice. i know it is boring, i know it is old hat, but please, please, make sure you have a good strong password on the app you use to talk to your toys. it looks like we have some unwelcome guests. i am going to hand over to laura for some important security that we should have
4:52 am
paid more attention to. ken, it is every gig for himself. ken, it is every geek for himself. the recent ransomware attack showed that you don't have to be personally targeted to end up being a victim. this first step would have protected you against that and many similar attempts to get inside the walls of your castle. one thing you need to do is to update the operating system, the browser and the applications that you use. these softerware are very incompetent, they contain bugs and some of these bugs are security vulnerabilities. there are many other ways that we could be making ourselves vulnerable. whether people say, don'tjailbreak devices. used repeatable download applications because without that you are bypassing all the security that has gone into them.
4:53 am
at some point you will lose one of your devices, when you set up your device in the first place, just ask it to encrypt your storage. even if you don't think you have anything of value, your contacts are worth a lot of money to cyber criminals. if you are putting documents that you really don't want other people to see, then i advise not to put them in the cloud. if a website ask you to download something you are not expecting it, don't do it. protect your family and your friends, protect your school and the companies you work for, remove that risk. brilliant security tips there. unfortunately, i think they've arrived a little bit too late for me. still, there you go. thanks for watching and i really, really hope that i will see you soon! hello, there.
4:54 am
the minority escaped the showers during the day on saturday, but today the majority will stay dry. but just looking back, look at this picture that was sent in of the hailstorm at down district, mid—afternoon on saturday. in contrast, many did enjoy a decent sunset — this was sent in from suffolk — because the showers faded fast through saturday evening. and, although there is cloud waiting in the wings across the atlantic, it willjust brush up the western side of the uk through the day ahead. actually, the main influence will be high pressure, so a much drier and a much brighter day. a chilly start, mind you. 3—4 degrees, probably, in the countryside, even in southern areas. so a risk of some grass frost first thing this morning, a little bit of fog, but that should clear quite quickly, and then it does look like a much drier and a much brighter day. we will really notice the difference, i think.
4:55 am
the winds won't be as lively as they were through the day on saturday, and the may sunshine is strong at this time of year, so high uv levels. so that in itself will allow those temperatures to leap up after the chilly start. not much cloud around initially, apart from the patchy fog and low cloud, but we will see some cloudy weather, even a little bit of patchy rain for a few hours across northern ireland, and later it will migrate into the west of scotland. and we've still got the showery airstream up across the north—east of mainland scotland and noth—east scotland. still the odd sharp shower around, but nothing like the intensity we had on saturday generally, and very few of those around. it brightens up in northern ireland, just the odd shower here, the odd shower perhaps for northern england and western scotland. but on the whole, with more sunshine and fewer showers, and lighter winds, it's going to feel much warmer. and temperaturs will respond, as well. 15—21, significantly higher than saturday for some. of course, it means it will turn quite chilly again through sunday night into monday morning.
4:56 am
again, there could be a little bit of grass frost around and some fog. the main difference as e start the new week is this weather system, albeit relatively weak, it will introduce more cloud into scotland again and it clears later for northern ireland. but for england and wales, here we'll see the temperatures rising further on those that we'll see today. so perhaps as high as the mid—20s. and that upwards trend continues further north as well. in fact, it looks like it should be a warm and a dry start at roland garros for the french open, starting on monday, of course. and that warmth notjust across paris but also spreading northwards, with this area of high pressure. and that's with us, then, for much of the week. and notjust southern areas — the north will enjoy some warmer weather, as well, as temperatures start to get into the high teens for scotland and for northern ireland. so a lot of dry weather on offer through the coming week and probably some very strong may sunshine, too. so it should feel much warmer. this is bbc news.
4:57 am
our top stories — in step in saudi arabia — donald trump and king salman sign multibillion—dollar trade deals in what's described as a turning point in us—arab relations. president trump is also awarded the kingdom's top civilian honour ahead of sunday's major speech on islam. iran's president hassan rouhani says his re—election shows people want reform and greater engagement with the world. an emotional reunion — dozens of schoolgirls kidnapped in nigeria by islamist militants three years ago finally see theirfamilies. and a sister of the duchess of
4:58 am
cambridge gets married
4:59 am
5:00 am
5:01 am
5:02 am
5:03 am

17 Views

info Stream Only

Uploaded by TV Archive on