the father and a brother of the manchester bomber, salman abedi, have been detained in libya. police have now arrested a total of seven people in britain. they think a network was behind the bombing which killed twenty—two people at a ariana grande concert. british police have condemned the publication by the new york times of leaked photos from the scene of the bombing. officials say it undermines the investigation and eroded trust with us intelligence partners. the british prime minister is expected to raise the issue with president trump at a nato summit on thursday. more tributes have been paid to the victims. so far 16 have been named but police say they know the identities of everyone who was killed. a vigil in the centre of the city brought together representatives of manchester's muslim, christian, jewish and sikh communities in a show of defiance and unity. now on bbc news it's time for click. guards!

welcome to the south coast of england, and the country's biggest fortification, dover castle. they say a british man's house is his castle. this week, this castle is mine. like every other home in the land, it needs to be well defended, because these days, it is constantly under attack. the walls may keep out burglars,

but today's digital invader is wily and can worm its way in through the smallest gaps. last week's global cyber attack on companies in around 150 countries shows just how vulnerable systems can be, even if you are not fooled into clicking dodgy links. so this week, we're looking at cyber security. it's me versus the bad guys out there. and they might be small, but there's a lot of them. so what can i do to shore up my defences? one way is through biometrics. gadgets already recognise our fingerprint, and now banks are starting to identify us by using our voices. so, how secure is it? is it possible, for example, to pick someone‘s voice? we asked dan simmons to give it a go — or most precisely, to find the one person who might stand a chance of breaking into his bank account. thanks, ben.

well, one of the things that you might not know about me is that i am the only member of the click team to have a twin brother. hi. his name isjoe, and we kind of sound quite alike. we kind of do sound quite alike. but i came out first, and hejust copied me. yeah, well, for this report, it's going to bejoe trying to copy me... together: ..as we try to break into a bank. but first, we're going to need some help. yep, i really think this guy is going to help us. right, good, good. all right, nice to meet you. if you'd like to sit down... what we're going to do first is i have this little analysis tool here. and what this will do is just detect, first of all, the pitch of your voice. this system that you're trying to break in is analysing your voice in lots and lots of different ways. so there will be about 100 different

variables it is picking up on. hello, i'd like to access my account, please, today... hi, i wondered if i could access my account today. you see there are pretty big differences between them. so who do you think has the bigger adam's apple, out of both of you? i can't see mine. together: yayayayahh. .. i wondered if i could make a withdrawal, today, please. a what? laughs. hi, i'd like to make a withdrawal. that's like "gimme the money!" at the same sort of time... together: yayayayahh. .. together: ayayayahh. .. i've not spent two hours not to get your money. you're going to get excited, that's what's going to happen. and your voice — that will raise my voice, so... all i've got to focus on, it's simple, i've just got to go slower. five seconds. just go slower. it's the first time i've tried to use the telephone banking service, and i'm not set up, so i am hoping... laughs.

how many — how long do you want to make this? a bit shorter, ok, a bit shorter. that wasn't exactly the way you said it the first time. i'd like to take everything out, today, please. that was. i'd like to take everything out, today, please. that is — that is gross. that's not true. that is not true. excellent, that is brilliant. thank you very much. no worries at all! what're you dressed like that for? well, we're doing a job, aren't we? i've got a gun. you don't need a gun, do you? your voice is your weapon. take that off! erica is the voice of nice — nice is the voice security provider for citibank credit ca rd—holders in the us, among others. hi, nice to meet you, too.

joe's going to try to break into my account, what chances do you think he has? very slim. what advice can you give me to try and break into his account? well, you've known him your entire life, so try to imitate his voice. she seems very confident about this — what — what why is it that you think that, maybe, my twin brother can't break into my account? voice biometrics is the most accurate form of identification there is for access into financial institutions. why? it registers over 100 different characteristics of voice. half of them are personality, and the half are physical. and you do look a little bit different, and your voices are different, so you will have different vocal characteristics. so therefore, what percentage chance you think i have, then? it would be one out of several hundred thousand. how do you make it so that i can access my account, even if, like, at the moment, i have a little bit of a... coughs. as i said, there's over 100 characteristics, and a cough or cold

only affects about two. so we still have all those other characteristics to work with, and we still have identification. and has anybody fooled the system through the front door? basically, pretending to be somebody they're not? no. can i ask another question? it might be a bit out the ballpark, but is this legal? i just don't want to look like a mug. with the niceties out of the way, i got to work giving the system a sample of my voice — by speaking to it. i know that there might be people who might try to access my account, perhaps, so you need to be aware of that... oh, ok, you are? 0k. ..whilejoe kept himself busy. i'm here to break into the account of dan simmons.

joe, you really don't need the gun. what do i have to do? let's give this a shot. 0k? hi, yes, i'd like to access my current account, if i can, please? yes, it's probably about £10, something like that. yeah. thanks very much. that's great. thank you. you failed — but close. wow, look at how close this is over here. look at that. if we come over here, it you can see there's the threshold level, and that — that is pretty close. that was not a bad first go. thatjust came out of nowhere. first go, very good. it came out of absolutely nowhere! that is how you test

the system, isn't it? that is how we test the system. we tested with twins, and siblings, and imitators. you know, a fraudster wouldn't get three chances, and the reason a fraudster wouldn't get three cancers is that we would register the multiple failures, and it would dynamically increase the threshold on the third, and put a flag on the account. right, that is not to say, of course, that is impossible, is it? it's not impossible. it's just very improbable. so, dan, your bank account is still safe, even though your twin got away with some pretty cool stationery. yeah, the old fashioned way. were you surprised that the voice attack didn't work? yeah, iwas, actually. because we really tried hard to match up our voices. you know, we used the voice coach and everything, and itjust bubbled under what we needed and couldn't get in. what about the simpler stuff that we have been asked by banks in the last few years, like "my voice is my password," did

you try that? oh yeah. we had a crack at that. to get into my account, my twin needs my code and my account number, two things i have helped him outwith. he also needs to know my birth date, but that's probably something he already knows. the question is, can my voice print give me any extra protection? secret bank, we're not getting any bank names away... good afternoon. welcome to hsbc. oh, it's... please give us your code. 0h. i've got this one. now, interestingly, it is the pin number, and the account number, which, if you are from the days from the old cheque—book, then both of those things used to be printed on objects. so if you've got an old cheque from somebody you already know that. ..your date of birth. he knows my date of birth because we share the same date of birth.

after the tone, please repeat the phrase "my voice is my password". my voice is my password. i'm sorry, i didn't quite get that. after the tone, please repeat the phrase "my voice is my password". my voice is my password. welcome to hsbc advance. the balance of your account is £121p credit. i'm off to the bank! for your available balance... i thought it would be more than that, dan. laughs. evil twin was in — perhaps more surprising when you consider the service providers test their systems with twins to improve security. i can get into other accounts, apparently, dan, so... hsbc told us... sojoe actually did break

into your real bank account? yeah, my real bank account. so in this particular case, that wouldn't be a great defence. you need to remember he is my twin, and not many people have one of those. good point. but computers can emulate people's voices, these days, we've seen people being fooled in the same way as we have by photoshop pictures. yeah, i — i don't think that's going to work. do you mind if it we give it a go? be my guest. well, i'm thinking tower of london. yeah, the crown jewels. first off, i need to record dan's voice, so i caught him after work, discussing his next big break in. next, i sent the recording to a voice mimicking outfit called lyrebird.

here is their version of donald trump. i am not a robot, my intonation is always different. not bad — in fact, i have to say, great, the best. we are working with security researchers to figure out what is the best way to proceed with this. and this is one of the reasons we have not published to the public yet. the developers hope that the technology could be used to give people their voice back if they lose it to illness or an accident. but they are aware that it could be used to fake a voice id. it's a scary application, but... one idea we are considering is to watermark the audio samples that we produce. so we are able to detect immediately if it was generated by us. oh, so they're not quite ready to help you. close, ben, but no luck.

a few years, though. the banks are actually going to. they have come up with something quite new, that even if you have somebody‘s details, theirfingerprint, you could even perfectly replicate their voice print... all right... ..you'd still not be get in. i know — because i've tried to hack in. major security no—no man works at an undisclosed financial institution... 0h. he manages innovation, because they have an innovation unit. so what's he been innovating? just watch the way he uses his phone, because his security system is doing just that. and even with all his login details, i'll need to replicate how he holds, taps, and tilts his device. ha, hi! chris, would you mind lending me that for a moment?

no luck. it's beaten me. that'll be yours, then. thank you very much. cyber security headlines this week's tech news, and more on wannacry, the spyware attack on windows 7 computers, with the hackers threatening to release the tools used by the nsa. the group threatened to release tools that threatens windows 10 as well as data stolen from central banks. it is also the week that htc

released its squeezy selfie phone, with google revealing an app called lens which turns your smartphone camera into search engine. and spacex released a plan to carry your loved ones‘ remains into space. capsules of ashes will orbit for two years before entering the atmosphere as a shooting star. a reservation of orders out this world flight cost around £2000. the starter‘s previous efforts though did not reach orbit. and finally in lighter news, over in latvia, this man achieved the first ever human parachuting jump from a drone. rising to over 1000 feet with the help of 28 propellers and a communications tower, he landed safely

with his parachute. (gunfire) it's not looking good out there. i have retired to the inner sanctum. dover castle was continuously defended for 900 years right up until the 19505. it was a really successful defence. but i wonder whether our homes these days are more vulnerable,

especially since we are filling them with more and more connected devices. the internet of things. this is the family room at the heart of the castle where the lord and his family could relax with some pretty thick walls. the king could unwind with a game of chess. in the 13th century they did not have the internet of things, but they still had things. so how do we make iot more secure. ken munro is my dinner guest, we keep hearing about these connected devices continually being hacked. why is it so hard for manufacturers to make them more secure? it is not hard. itjust needs some thought, some effort and sometimes spent doing it right. the manufacturer of iot things are trying to get to the market. and if someone comprises their security, do they carry on shipping 01’ expose us as consumers?

i would hope that security is getting better year—on—year with these things. i don't think so. i think it is getting worse. everyone is piling into the market, everyone wants to jump on the bandwagon, doing cheaper products with less security and it seems like we are buying it. don't worry about that, it's fine. just give me a hand with this... thanks. in here i have got some iot devices. here is one that i really like the look of. this is my wi—fi doorbell. great idea. it sends an image of what is going on at your door to your phone, fantastic idea. you can answer it when you're not home. except you can look at the door, press this button and it will give you your wi—fi key so you can hack the customers network.

ok, right. it beggars belief. another one i love talking about, here we are in a castle, this is a smart door lock. so you can lock your doorfrom your phone. it also hooks up with voice control. so with amazon eco, you can say "lock door". it doesn't do anything silly like unlock door, unless you hook it up to siri. there was an error on first commission. you could actually shout through the window "unlock door", goes the burglar, and your door opens. this is a smart thermostat, lots of people have got these, the idea being you can control your heating from your phone when you are on the train home. but we found that actually you can hack them and do crazy things like install ransomware on them. you could hold your heating system to ransom in the middle of winter. you can turn people heating off and demand a ransom to turn back on? it seems these gaps in our defences

caused by our connected gadgets are proving to be a gift for attackers. now, come on, really? a smart kettle? what is the problem with a smart kettle? you can boil a cuppa from your bed when you wake up. really great idea. but this early version was not secured properly. you could sit outside someone‘s house, point an aerial at the kitchen, and steal someone‘s wi—fi keys from their kettle. could you maliciously boil water in someone‘s house? you could steam up their window to your hearts content. good lord. this is more secure. i have locked the doors. 0k! right. how can we defend ourselves in our data if we have a home full of connected devices. most of the toys and things i have shown you have been fixed already.

you have to update your mobile app, to the app store, get your update. and with the software on your toy, make sure it is up—to—date. the manufacturers may have fixed the bugs. would you buy a connected device for your children? frankly i wouldn't, i don't think they are safe. one extra word of advice. i know it is boring, i know it is old hat, but please, please, make sure you have a good strong password on the app you use to talk to your toys. it looks like we have some unwelcome guests. i am going to hand over to laura for some important security

that we should have paid more attention to. ken, it is every geek for himself. the recent ransomware attack showed that you don't have to be personally targeted to end up being a victim. this first step would have protected you against that and many similar attempts to get inside the walls of your castle. one thing you need to do is to update the operating system, the browser and the applications that you use. these softerware are very incompetent, they contain bugs and some of these bugs are security vulnerabilities. there are many other ways that we could be making ourselves vulnerable. whether people say, don'tjailbreak devices. used repeatable download applications because without that you are bypassing all the security that has gone into them. at some point you will lose one of your devices, when you set up your device

in the first place, just ask it to encrypt your storage. even if you don't think you have anything of value, your contacts are worth a lot of money to cyber criminals. if you are putting documents that you really don't want other people to see, then i advise not to put them in the cloud. if a website asks you to download something you are not expecting it, don't do it. protect your family and your friends, protect your school and the companies you work for, remove that risk. brilliant security tips there. unfortunately, i think they've arrived a little bit too late for me. still, there you go. thanks for watching and i really, really hope that i will see you soon! good morning.

wednesday was a dry, settled, sunny day for most of us and we have some weather watchers pictures which help to illustrate that point, as you can see in worcester, with blue skies and sunshine, and also in the london area. these two places were the hotspots through the day, with 26 celsius. it's worth just pointing out though, in wednesday's satellite picture we had some cloud up into the far north—west and by the end of the day we also had some sea fog through the irish sea. now that is going to be a bit of a nuisance over the next few hours and linger during the early morning. it is going to be a pretty muggy start to the day as well, temperatures widely into the mid—high teens. so there's only one place for those temparatures to go, when we get that sunshine coming through. the fog will take its time to clear but it will do so and as we go through the morning,

it will be a beautiful picture. a little bit of fairweather cloud developing into the afternoon, which may well be welcome news as those temperatures continue to climb. it is going to be a hot day in the south—east. one or two spots generally into the mid 20s, maybe as high as 28 degrees and not much of a breeze either. a noticeable breeze down towards the south—west and into south wales, but head further north ans west, again, we could see temperatures into the high 20s not out of the question. northern ireland and western of scotland, a better day in comparison to yesterday and there'll be more sunshine and more warmth as well. 25 for glasgow. we do it all again on friday. that south—easterly breeze driving that heat further north. by the end of the day though, signs of a few showers gathering into the western part of northern ireland but it looks as though in sheltered areas of scotland, in the north—west, we could see temperatures into the high 20s. somewhere like inverness could see 29, maybe 30 degrees. widely a very warm if not hot day across england and wales as well. that's worth bearing in mind as well if you have any time outside, the uv level are going to be pretty high across the country,

very high in the south—east, and certainly worth bearing in mind. as we move out of friday, into saturday, we still keep the heat but there is a potential for these showers that i pointed out in northern ireland to become fairly widespread into the far north—west. some of these heavy and thundery as well. so the potential for some sharpish showers, a fresher feel here, but we still keep the heat. 28—30 degrees not out off the question into the south—east corner. it is bank holiday weekend this weekend so it is going to be a hot and humid start but it looks as though that thundery breakdown will arrive and then behind it somewhat fresher conditions look likely to follow on. take care. hello i'm tom donkin, welcome to bbc news broadcasting to viewers in north america and around the world. our top stories: more raids and arrests in the uk

as police confirm their belief — a network of accomplices helped the manchester bomber. salman abedi's father and brother have been detained in libya — they deny allegations of any connection to extremist groups. leaked photos from the scene of the bombing are published in the new york times. british investigators have expressed "fury" and "astonishment. more tributes for the victims: 16 have been named so far — police say they know the identities of everyone who was killed.