Skip to main content

tv   Click  BBC News  May 20, 2017 3:30pm-4:01pm BST

3:30 pm
start for many of lovely, a bright start for many of you. quickly clouding over in northern ireland, some patchy rain and drizzle, and after a bright start in western scotland, cloudy with a chance of rain. northern england and wales, isolated showers through the afternoon. mostly a dry day and it will feel warmer, temperatures in the south and east may it 21 degrees. it is set to get warm on monday and tuesday, some rain around, especially western scotla nd rain around, especially western scotland and northern ireland but dry and bright weather as well. hello. this is bbc news. the headlines. the us president flies to saudi arabia but as he leaves there's another twist in the controversial sacking of fbi chiefjames comey. jeremy corbyn insists his party is committed to trident after members of the shadow cabinet publicly disagree over the issue. the tories defend their pledge to cut net migration to "tens of thousands" after it comes under fire from former chancellor george osborne. and here comes the bride —
3:31 pm
the duchess of cambridge's sister, pippa, marries in berkshire. now on bbc news, it's time for click. guards! welcome to the south coast of england, and the country's
3:32 pm
biggest fortification, dover castle. they say an englishman's house is his castle. this week, this castle is mine. like every other home in the land, it needs to be well defended, because these days, it is constantly under attack. the walls may keep out burglars, but today's digital invader is wily, and can worm its way in through the smallest gaps. last week's global cyber attack on companies in around 150 countries shows just how vulnerable systems can be, even if you are not called into clicking dodgy links. so this week, we're looking at cybersecurity. it's me versus the bad guys out there. and they might be small, but there's a lot of them. so what can i do to shore up my defences? one thing is through biometrics. gadgets already recognise our fingerprint, and now banks are starting to identify us using our voices. so how secure is it?
3:33 pm
is it possible, for example, to fake someone's voice? we asked dan simmons to give it a go, or most precisely, to find the one person who might stand a chance at breaking into his bank account. thanks, ben. well, one of the things that you might not know about me is that i am the only member of the click team to have a twin brother. hi. his name isjoe, and we kind of sound quite alike. we kind of do sound quite alike. but i came out first, and hejust copied me. yeah, well, for this report, it's going to bejoe trying to copy me... together: ..as we try to break into a bank. but first, we're going to need some help. yep, i really think this guy is going to help us. right, good, good. all right, nice to meet you.
3:34 pm
if you'd like to sit down... what we're going to do first is i have this little analysis tool here. and what this will do is just detect, first of all, the pitch of your voice. this system that you're trying to break in is analysing your voice in lots of different ways. so there will be about 100 different variables it is picking up on. hello, i'd like to access my account, please, today... hello, i wondered if i could access my account today. you see there are pretty big differences between them. so who do you think is the bigger adam's apple, out of both of you? i can't see mine. together: yayayayahh. .. you are going to get excited and you
3:35 pm
will raise your voice. you are going to get excited and you will raise your voice. it's the first time i've tried to use the telephone banking service, and i'm not set up, so i am hoping... laughs. how many — how long do you want to make this? a bit shorter, ok, a bit shorter. that wasn't axactly the way you said it the first time. i'd like to take everything out, today, please. that was. i'd like to take everything out, today, please. that is — that is close. out, today, please. that's not true. out, today, please. that is not true. out, today, please. excellent, that is brilliant. out, today, please. thank you very much. out, today, please. no worries at all! out, today, please. what are you dressed like that for?
3:36 pm
well, we're doing a job, aren't we? i've got a gun. you don't need a gun, do you? your voice is your weapon. take that off! erica is the voice of nice — nice is the voice security provider for citibank credit ca rd—holders in the us, among others. hi, nice to meet you, too. joe's going to try to break into my account, what chances do you think he has? very slim. what advice can you give me to try and break into his account? well, you've known him your entire life, so try to imitate his voice. she seems very confident about this — what — what why is it that you think that, maybe, my twin brother can't break into my account? voice biometrics is the most accurate form of identification there is for access into financial institutions. why? it registers over 100 different characteristics with voice. half of them personality and the half are physical. and you do look a little bit different, and your voices are different, so you will have different vocal characteristics.
3:37 pm
so therefore, what percentage chance do you think i have? it would be one out of several hundred thousand. how do you make it so that i can access my account, even if, like, at the moment, i have a little bit of a... coughs. as i said, there's over 100 characteristics, and a cough or cold only affects about two. so we still have all those other characteristics to work with, and we can use those for identification. and has anybody fooled the system through the front door? basically, pretending to be somebody they're not? no. can i ask another question? it mightjust be a bit out the ballpark, but is this legal? with the niceties out of their way, i gave the sample of my voice to the system. i know people might try and
3:38 pm
access system. i know people might try and a ccess my system. i know people might try and access my account, you need to be aware of it. joe kept himself busy. i'm here to break into the account of dan simmons. joe, you really don't need the gun. what do i have to do? let's give this a shot. 0k? hi, yes, i'd like to access my current account, if i can, please? yes, it's probably about £10, something like that. yeah. thanks very much. yeah, that's great. thank you. you failed — but close.
3:39 pm
wow, look at how close this is over here. look at that! if we come over here, it you can see there's the threshold level, and that — that is pretty close. that was not a bad first go. thatjust came out of nowhere. first go, very good. it came out of absolutely nowhere! very good. but that's how you test the system, isn't it? yes, that's how we test the system. we test it with twins, and siblings, and imitators. you know, a fraudster wouldn't get three chances, and the reason a fraudster wouldn't get three chances is that we would register the multiple failures, and it would dynamically increase the threshold on the third, and put a flag on the account. right, that is not to say, of course, that it's impossible, is it? it's not impossible, it's just very improbable. so, dan, your bank account is still safe, although your twin got away with some pretty cool stationery. yeah, the old fashioned way. were you surprised that the voice
3:40 pm
attack didn't work? yeah, iwas, actually. we really tried hard to match up our voices. you know, we used the voice coach and the rest of it, and itjust bubbled under what we needed and couldn't get in. what about the simpler stuff that we have been asked by banks in the last few years, like "my voice is my password," did you try that? oh yeah, we had a crack at that. to get into my account, my twin needs my sort code and my account number, things i have already helped him outwith. he also needs to know my birthdate, but that's probably something he already knows. the question is, can my voiceprint give me any extra protection? secret bank, we're not getting any bank names away. good afternoon. welcome to hsbc. oh, it's... please enter your sort code, or... oh, i've got this one. now, interestingly, it's the pin number,
3:41 pm
and the account number, which, if you are from the days from the old cheque—book, then both of those things you'd use to print objects. so if you've got an old cheque from somebody you already know that. ..your date of birth. he knows my date of birth because we share the same date of birth. after the tone, please repeat the phrase "my voice your password". my voice is my password. i'm sorry, i didn't catch that. after the tone, please repeat the phrase "my voice your password". my voice is my password. welcome to hsbc advance. the balance of your account is £1.21p credit. i'm off to the bank! for your available balance...
3:42 pm
i thought it would be more than that, dan. laughs. evil twin was in. perhaps more surprising when you consider the service providers test their systems with twins to improve security. i can get into other accounts, apparently, dan, so... hsbc told us. he did break into your real bank account. that wouldn't be a great defence. he is my twin and not many people have one of those. computers can emulate and clone voices. we have started to see people fooled in the same way we have been fooled by photo shop pictures. i don't think that will work. do you mind if we give that a go? be my guest. i'm thinking tower of london and the
3:43 pm
crown jewels. i am thinking i'm thinking tower of london and the crownjewels. i am thinking of recording his voice and i caught him after work. i record his voice and sent his recording to canada. here is there a version of donald trump. not bad. not bad. i would have to say great, the best. we are working with security searches to find out what is the best way to send. this is why we haven't made it public yet. the developers hope it will give someone back their voice if they lose it through illness or an accident that they are aware it could be used to fake a voice id. one idea i have to work on is to mark the samples.
3:44 pm
we have to detect this. they are not quite ready to help you. close but not yet, give it a few years. the bank have come up with something quite new. even if you have the details of someone, you have the details of someone, you have their fingerprints. you could replicate their voice print. you still wouldn't be able to get in. i know because i've tried to hack in. major security no no man works at an undisclosed financial institution. 0h. he manages innovation, because they have an innovation unit. so what's he been innovating? just watch the way he uses his
3:45 pm
phone, because his security system is doing just that. and even with all his login details, i'll need to replicate how he holds, taps, and tilts his device. ha, hi! chris, would you mind lending me that for a moment? no luck. it's beaten me. that'll be yours, then. thank you very much. cyber security headlines this week.
3:46 pm
things could get work —— worse if shadow group goes ahead with its promise to release fresh batches of tools each month. spying tools go ahead with its promise to release fresh batches of tools each month. it threatens to sell new code that could compromise phone handsets and windows temp as well as data stolen from banks. it was also revealed the squeeze selfie phone. there was an app called lens which turns your smart code camera into a search engine. and space x offered to take your loved one's remains into space. capsules of ashes will orbit earth for two years before re—entering the atmosphere as a shooting star. it costs around £2000.
3:47 pm
the previous efforts didn't reach orbit. finally, over latvia, this man achieved the first—ever parachute jump from a drone. he landed safely with his parachute. not looking good out there.
3:48 pm
i've retired to the inner sanctum. dover castle was continuously defended the 900 years, right up until the 19505. it was a successful defence. i wonder whether our homes are more ballmer both. —— vulnerable. we are filling them with more and more connected devices. this is the family room at the heart of the castle where the lord and his family can relax between some thick walls. the king can unwind with a game of chess. in the 13th century, they didn't have the internet of things but they still have things. how do we make iot more secure? we have a security expert as our guest. we have a security expert as our guest. we keep hearing about these connected devices continually being hacked. why is it so hard for manufacturers to make them more secure? it is not hard.
3:49 pm
itjust needs thought, effort and time to do it right. they have to get their product to market and somewhere, someone says security. do they carry on chipping or ship it out and expose us as consumers? that is shocking. i like to think security is getting better. i think it is getting worse at the moment. everyone wants to jump on the bandwagon. there is less security, cheaper products and people are buying it. don't worry about that. it's fine. give me a hand with this chest, please. in here, i've got some iot devices. here is one i like the look of.
3:50 pm
it sends an image of what is going on at your door to your phone so you can answer the door when you are not at home. you can unhook it from the door, press this button and it'll give you a wi—fi key so you can hack the customer's network. ok, right. beggars belief. here we are in a castle. this is a smart door lock. you can lock your door from your phone but it hooks up with voice control. with amazon eco, you can go, lock door. it locks the door for you. it doesn't do anything silly unless you hooked it up to siri. you could shout through the door, "unlock door," says the burglar and it unlocks the door. this is the next thing. this is a thermostat and you can control your heating from your home. we found that you could hack them
3:51 pm
and do crazy things like install ransomeware on them so they could hold your heating system to ransom in the middle of winter. so you can turn the heating off and demand money to turn it back on. yeah. buy yourself a fan, like we've got. it seems these gaps in our defences are proving to be a gift for our attackers. really? a smart kettle? what's the problem with a smart kettle? you can boil a cuppa from your bed when you wake up. unfortunately, this early version wasn't secure and you could sit outside someone's house, point an aerial at your kitchen and get your wi—fi keys. good lord. not safe any more.
3:52 pm
let's go to the throne room. this is more secure. i've locked the doors. ok, right, how can we defend ourselves and our data if we have a home full of connected devices? you have to update your phone. check the software is bang up—to—date because the manufacturers may have fixed the bugs. would you buy a connected device for your children? i wouldn't. i don't think they are safe enough yet. one extra word of advice. it is boring but please make sure you got a good strong password on app that you'd use to talk
3:53 pm
to your toys. ok, looks like we have some unwelcome guests. i will hand you over to lara who has some important security tips that we may be should have paid more attention to. it is every geek for himself. the recent ransomware attack showed you don't have to be personally targeted to end up being a victim. this first tip would have protected you against that and many similar attempts to get inside the walls of your castle. one thing you need to do is to update the operating system, the browser and the applications you use. these pieces of software are complicated and they contain bugs. there are other ways we could be leaving ourselves vulnerable.
3:54 pm
don't jailbreak devices. use download applications because without that, you are bypassing the security that has gone into them. at one point, you will lose your devices. when you set it up, ask it to encrypt all the stores. if you don't think you've got anything of value, your contacts are worth a lot of money to cyber criminals. if you are putting documents that you don't want other people to see, i say don't do it. if you download something and you are not expecting it, don't do it. protect your family and friends. remove that risk. brilliant security tips there. unfortunately, i think they've arrived a little bit too late for me. still, there you go.
3:55 pm
thanks for watching and i really, really hope that i will see you soon! hello there, weather conditions are more like cornwall this afternoon, dry with sunny spells and feeling warmer. less like they are staying. one to downpours still around a wetter end to the day for the east. still wet across the northern half
3:56 pm
of scotland, that rain will ease a week tonight. showers becoming fewer in number, mostly drier on sunday morning. colder than it was. three 01’4 morning. colder than it was. three or 4 degrees in scotland. into sunday morning, this is the view across the south, a dry start for the vast majority. the odd isolated shower out in the west and over the hills in wales and maybe north—west england. winds will be lighter than today so quite quickly temperatures will rise. a lovely start across scotland. northern ireland, thick cloud spreading end. a bright start. patchy rain. sunshine in western scotla nd patchy rain. sunshine in western scotland but cloud will increase, bringing patchy rain or drizzle. the odd shower across eastern shop —— scotla nd odd shower across eastern shop —— scotland and across wales but they will be liked and few in number,
3:57 pm
mainly over the hills. for the vast majority on sunday, a dry day and temperatures get a welcome boost, perhaps up to 21 degrees in the south—east corner. a fine end to date, patchy rain in the north west of scotland. patches of rain across north than ireland and scotland. moreover please on monday and temperatures still limited to the mid teens in scotland but further south, widely into the 20s across england and wales. for some it will reach mid—20s. these weak weather fronts push of the atlantic which will produce thicker cloud and patchy drizzle in the west. high pressure from mid week onwards so the week ahead will be a good deal drier and set to be warmer as well with temperatures over 20. goodbye for no. —— now.
3:58 pm
this is bbc news. i'm sophie long. the headlines at 4pm... a grand welcome for donald trump in saudi arabia, where the us president is making his first foreign trip. he was greeted by king salman at riyadh airport. mr trump is leaving behind fresh controversy in washington. there's claims he said firing the fbi chiefjames comey, relieved him of great pressure. jeremy corbyn insists his party is committed to trident after members of the shadow cabinet publicly disagree over the issue. the tories defend their pledge to cut net migration to tens of thousands after it comes under fire from former chancellor george osborne. hassan rouhani is re—elected as iranian president, defeating his conservative rival in a comfortable margin.
3:59 pm
4:00 pm

40 Views

info Stream Only

Uploaded by TV Archive on