the idea, suggested by his national security advisor, had alarmed pyongyang which threatened to pull out of the summit planned forjune. you are up—to—date with the headlines. now on bbc news — panorama. it's the household tech we're told makes our lives easier, and safer, but does it? the more devices you have in your house, the more vulnerable you potentially are, the bigger the chance that one of those devices has a big security problem. tonight, we reveal the hidden dangers in this so—called smart technology, as we uncover how products designed to protect are being hacked. these devices are made by companies that haven't put enough effort or thought into the security. we meet a couple who had no idea they've been watched by thousands of strangers online. oh my gosh. unbelievable, isn't it? i'm really shocked. and many others being

watched are children. what we're seeing here is truly terrible, it's a gross invasion of privacy. we live in an era of technological change. our cars are getting smarter... turn on the kettle. and everything from kettles to curtains can work remotely. 0k. now that we've got high speed broadband in four out of ten uk homes, many of us are replacing traditional household appliances with smart products connected to and controlled via the internet. collectively known as the internet of things, these connected devices are designed to simplify the way

we use our technology, from using our phones to switch on our heating, to keeping a watchful eye on home security. in every household across the uk, there are at least ten internet connected devices. this figure‘s expected to rise to more than 420 million products being used across the country by 2020. but at a time where we're supposedly entering a cyber cold war... cyber security officials have issued an unprecedent joint alert, warning that russian hackers are actively... could the trust which we put in our technology be putting us at risk right where we feel most secure, in our own homes? alexa, turn on the kettle. 0k...

charlotte and ben think they've got the ultimate smart home. set the heating to 21 degrees... they have got the latest smart gadgets. most of the devices here have one thing in common — they're connected to the internet via the couple's wireless router. as far as smart home devices are concerned, what have you got altogether? the lights, the tvs, the kettle, the blinds, the curtains... and the heating. oh, and the heating. and there's more, other gadgets are controlled to their voice controlled assistant. she does our lights, she turns the tv on, she can turn the kettle on, she can close the curtains. a lot of it does come in useful, as well as being convenient, it is also good for security, it makes it looks like somebody's at home. and with a newborn,

having your hands full, being able to control most of the devices, the lights on the curtains on the tv, in the middle of the night whilst you're feeding a baby, is really handy. but does all of this convenience come with a catch? outside the house in this kitted up campervan are cyber security experts who'll test how secure this technology is. big businesses hire these guys to deliberately hack their systems and expose any vulnerabilities. how are you going to get into this house? well, we're going to try and hack their wi—fi, and we had the householders tell us which one is theirs so that we do not accidentally hack the wrong house. then we need to look for their wireless encryption, their password. very wisely they've changed it from the one written on the back of the router — good idea, but it's still not quite strong enough. we gave them a list of the products the couple have and the number

of characters in their password. the hack could be carried out without this, it would just take longer. the aim is to intercept the messages between the router and the devices. even using a laptop like this, we could crack it in about a0 minutes, but using professional grade equipment, like we have in our data centre, we could crack it in less than a second. now you've got that information, what could you potentially do? we could run your wireless network, we can see what you're doing and exploit people's smart tech to steal their identity, to get loans in their name, and there have been cases of hackers driving around, stealing people's wi—fi network keys and then hacking in. it might be someone on the street, it might be a neighbour. now, he's managed to hack their router and has a direct path to many of the couples‘s devices. we've had a few hours to start looking and we've found

lots of interesting things. how about we turn on the tv...? very good! hello, i'm watching you. so, we've found a way of using one of the functions of your tv to send arbitrary images to it. say you were sitting here on your own of an evening and you switched that on and that happened, how would you feel? i would be terrified, especially as a woman, if i was in by myself. i would be straight on the phone to him to come home! like many families, you have got alexa, which is great. but because we can send audio and the true content from your tv, we can tell your alexa to do stuff. alexa, close the downstairs curtains... 0k. 0h! crikey! spooky! that would really freak me out if i was at home by myself one night and they started closing

and opening spontaneously. but even more alarming is that our team could now start spending charlotte and ben's money. alexa, order me an ipad. it's £273 and 76p in total, would you like to add to basket...? no! so, you could be out and the tv could start ordering stuff. that could cause all sorts of problems with credit card charges. indeed. especially if we weren't here when the delivery came. all of a sudden the product's gone. i think i would worry that there was someone sat outside and that physical presence is then also quite frightening. and there's more — our team took control of the smart kettle, lights and wireless printer. all of this was possible because of a weak router password, a truly strong one should be made up of random letters, numbers and symbols. now you've heard what you've heard,

are you going to be changing your router password ? yes, i think so. it could definitely do with being a bit more secure. it's going to be myjob for tonight, i think. with so many devices, ben needs a strong password. if you don't change your wireless key on your router, it's too easy for hackers. the more devices you have in your house, potentially the more vulnerable you are and the greater the chance that one of those devices has got a big security problem. the more toys and things that you want to control, the more opportunity there is for malicious individuals to try to manipulate your house. the threat level at the moment is high for cyber security and for hacking and we expect it to remain high for some time, probably indefinitely. so there's no getting away from that. we want people to enjoy the benefits that the internet of things can offer, but we recognise there are considerable risks and we need to manage those risks in a way that consumers can get the benefits in a safe environment.

so we already seen cases of nation states attacking others through their smart devices. we've seen attacks against the ukraine, against their power system, but exactly the same kind of attacks can happen through consumers devices. the more smart tech we have in our houses, the more potential there is. but what drives a criminal hacker? cal leeming was the youngest person ever to be convicted of hacking in the uk, atjust 12 years old. he spent some of his early life in prison for a range of online fraud offences. now, in his 30s, he's turned his life around, aiding businesses around the world. you've got some that do it for the knowledge, some that do it for the power and control, others that do it for financial reasons. right now, you could go and buy every single thing you need to go and build a criminal online empire.

and in a world where we're so desperate to tell everyone everything, it is possible to use completely legal routes to gain information on those we want to hack. we put out online so much information about ourselves, combined with what is out there available from companies that have been hacked, for example, passwords. so if you've got a list of where people have been on holiday, their kids‘ things, all this kind of stuff, and then you've also got a list of passwords and numbers and e—mails, you can gain access to almost anything related to that person. you can use it to gain access to their bank accounts, and once you've got access to someone‘s e—mail, it's pretty much game over for them. in march, the protection of our information was thrown into question when it was revealed data from 87 million facebook users could have been taken and used without permission. but data isn'tjust lifted by social media, it's also sucked up by some

of those smart gadgets we bring into our homes. as consumers, we tend to not realise, or evenjust forget, that this data is really valuable to both attackers and to companies. there's all sorts of ways our data can be used that we don't quite realise. a new law which comes into effect on the 25th of may throughout europe is designed to strengthen our data rights. it's known as the general data protection regulation, and it will make companies responsible if the information they hold on you is leaked to third parties without consent. if there is a leak of any data, they could face multi—million pound fines. people's personal data needs to be more secure. they need to have the freedom to own their own data, and across europe there

is the general data protection regulation, which is coming into force across the european union. the legislation we're passing, you know, enables britain to take advantage of certain changes that we can make, tailoring it to our own needs as a country. but that will reinforce people's data rights. as our homes have got smarter, so too have oui’ cars. of the top ten models sold in the uk last year, eight can use keyless entry systems. keyless technology isn't anything particularly new. you have a fob instead of a key and when you're in close proximity, the car automatically opens. with many newer models, the technology comes as standard. the ignition‘sjust a button, making a key a thing of the past. it's easy to see why this appeals.

however, with this desire to save consumers extra seconds, vehicle security may be at risk, with technology that can be hacked. i've come to this research centre, a not for profit facility set up by the motor insurance industry to test the safety and security of cars. manufacturers seem to be very keen for us to buy keyless cars, why is that? so the keyless system is really convenient. manufacturers call it different things but what we are talking about is systems where you have a key fob, you don't even have to press the button, you just put it in your pocket, approach the car, get in and press the start button and drive away. what about the downside, does it make us more vulnerable to theft and security issues? well, there is a vunerability

that we have found with keyless systems, where the signal can be essentially boosted to increase the range, and that is what criminals are taking advantage of. it is a vulnerability, so what has happened? criminals can use equipment to pick up the signal from the key and another piece of equipment by the car, which basically fools the car into thinking the key is right next to it. so by intercepting a signal, as you can see here, the thief can open a car door, disable any alarms and switch the engine on, all in a matter of minutes. they don't even have to break into the house, they are actually standing outside of the house, because they can pick up the signal through the wall. up until recently, car crime had been in decline, thanks in part to improved security systems. but in 2016, more than 85,500 cars were stolen. this was a rise of 30%

across three years. how quickly do you reckon you could get into this car? if i lock the car now, i can show you. using kit that can be bought online forjust a few hundred pounds, richard is going to show me how quick it can be to steal a keyless ca r. he won't need to touch the fob, he just needs to be near it. we've hung it up several metres away. ten seconds to break into a car that is worth probably £50,000 or more. i can't believe that. i couldn't believe it. in reality, it generally takes a bit longer for the criminal to find

where the key is in the house. you're probably talking a minute or two minutes, but still, not a long time. it's notjust this brand, it's for most keyless entry cars. that's right, it applies to any car with a keyless entry systems. although police figures do not specifically record whether keyless entry has been used to steal a car, a freedom of information request by panorama shows a steep rise in car crime in the uk since 2015. in north wales, it's gone up by 20%. in staffordshire, 74%. in hertfordshire, an astonishing 88% increase. in the west midlands, police have had similar issues. i think the keyless technology is the single biggest contributor to car theft. suddenly we've seen here in the west midlands

a neardoubling in the number of thefts. i have a real concern now that many vehicles are so easily stolen by simple devices that can be bought on the internet. there are 32 million cars on the road, and researchers at thatcham think around 350,000 of those are using keyless technology. here we see some footage from a security camera from a drive at a house in birmingham. you can see the guy on the left trying to pick up the signal from the car key that's been left inside, probably in the hall. the flash goes off and he's ready to drive. that's taken around 20 seconds to steal that vehicle. david jamieson wants manufacturers be more accountable and to invest more in better security. manufacturers have said things like cars are safer than ever, well, tell that to the people

who have had their cars stolen. we've had a doubling of thefts in our area alone, we've seen across the country, big increase in car theft, that cannot be true. i think they're partly in denial. i think they'll have to do something about it. what i'll be doing in the next few months is publishing lists of cars that have been stolen so the consumer can then make up their mind. until more car manufacturers take action, classic security solutions could be the answer. this is where manufacturers should be helping. those vehicles they made some years ago, they should be providing the old —fashioned all—wheel steering lock, so when somebody parks and they put it on, it puts another quarter of an hour possibly on the time for a theft to take place. most thieves would be put off by that, so it would make the car relatively safe. as smart technology in cars has left some motorists are vulnerable to theft, many of the smart devices we use in the home are equally exposed.

that's because most need a log in account to access remotely. some come with their own default username and passwords, but they are often weak and we're advised to change them. however, our research and many cannot be changed, and that's particularly the case for security cameras. these devices are made by companies that haven't put enough effort or thought into the security. so they end up getting exploited by people who want to take advantage. they've gone and bought it off the shelf, and the instruction manual says plug it in, make this change on your router, and then you'll be able to access the camera from anywhere. people don't realise that the moment you make the change, you introduce a huge security hole into your network. anyone can exploit those cameras. there are websites that scan

the internet hunting for vulnerable devices. searching just one of these sites, we found nearly 75,500 smart devices around the world that use the word password as their default login. 1,200 of these were being used right here in the uk. so with one single click you can find every camera that uses password as the password. these are devices people bought thinking they would make their homes and families more secure. and their owners appear blissfully unaware they are being watched by strangers around the world. it actually makes for very uncomfortable viewing. there's page after page on here of people's driveways, there's kitchens, i can see gardens and even bedrooms. the websites hosting some of the cameras list the geographical

location as well as the affected models. but by far one of the most disturbing things we found being streamed online across the world were the cameras being used as baby monitors. a lot of baby monitors are now fitted with cameras so they can be checked on a mobile phone, sending alerts if they detect any movement or sound. but, once again, where the customer settings haven't or can't be changed, they've been left exposed on websites like this. what i'm looking at right now is a baby monitor in the north—east of england. what's more, i can actually hear them as well because the device has a microphone. and here we've got another, this time a child in their bedroom in south wales.

what's most troubling is that both these cameras can be looked at any time night or day by anyone across the world. on one device belonging to a family, we witnessed a parent changing their child in full view of the camera. my name is fiona. i'm calling from the bbc‘s panorama programme. with so many unwitting victims, we tracked some of them down to tell them they were being watched. we've found on a website that streams insecure smart devices, footage of your child's bedroom. this parent, who didn't want to be identified, had no idea their child was being live streamed online. understandably, they were horrified by our findings and switched off the cameras. hello? is that alan? it is. hello?

is that alan? it is. this is alan and his wifejean, they fitted their property in leeds with what they thought were smart cameras to keep an eye on their home. but they were not the only ones checking in. thousands were spying on them. they were so shocked with what we found, they agreed to meet me. when we moved over here, somebody broke into my shed and took a bicycle. i realised it would be a good idea to have more cameras outside, so i put two more cameras out, better quality ones which would enable me to see in more detail what was going on. alan uses seven cameras in his home, all with remote access.

jean, did you feel safer with the cameras? i'm not a person who feels threatened anyway, so i let him get on with it. but he went away for a couple of weeks, and i was here on my own. so i think then i thought to myself, that's good, you know? cal leeming examined for cameras to see how many times they had been viewed by third parties. and it's a frightening figure. since 2015, your camera has been viewed nearly 5,000 times? in 70 different countries. as much as that! oh my gosh. unbelievable, isn't it? jean, you seem really shocked. gosh. across these 70 countries, alan and jean's cameras had been accessed for a total of 366 hours.

the longest viewing was in france, which lasted for nine hours. i think it's definitely pointed us to having everything really screwed down, starting with better passwords. that's my next project. alan, you're sacked! but alan and jean aren't alone. panorama found thousands of cameras being streamed online. whilst intrusive, it's not illegal. cctv cameras inside a school in nicaragua. a public swimming pool in poland. and a children's nursery in america. you'd assume accessing these sites would be against the law, but actually it isn't as long as the people using these websites don't log—in to the camera or alter the settings of the devices

they are watching, it doesn't legally constitute hacking. we showed our footage to margot james. what we're seeing is truly terrible, gross invasion of privacy and it's incredible voyeuristic to watch somebody going about their daily life. if you have the slightest concern about the security of something as important as a baby monitor, then to go back to something that is not internet enabled would be my choice. if that were my child, without a doubt. so what can be done? as this is about more than getting people to change their passwords, the government is issuing a new code of practice. called secure by design, and it aims to ensure smart devices have better in—built security. the key companies involved in making and selling them will be told they must be harder

to hack and customers must be better informed. the new code will apply to four groups. the manufacturers that make the devices, such as smarter kettles and digital assistants, the likes of amazon and bosch. the companies that provide the internet networks, such as bt and virgin, and cloud storage such as apple and google. app developers, the people designing the apps on our phones that control smart devices. and retailers, the stores on the high street. and online, who sell smart products. but the code is only voluntary, and it's not due out until next year. certainly things that people can do as of now, check the passwords. is the device or the manufactured good that you've bought,

does it have the facility to change the password? if it does, change it. check your router. there are things you can do as of now. right now, if a company discovers a security issue in their product, all they have to do is end of life the product, just stop manufacturing it. that doesn't mean it stops getting sold, but they have no obligation to fix those problems to make sure consumers are protected. how is that not illegal? it is maddening. so far, none of the big—name manufacturers have said whether they intend to sign up to the code of practice. for now, it's up to consumers to keep themselves safe and hope it isn't too late. welcome to bbc news, broadcasting to viewers in north america and around the globe. my name is mike embley. our top stories: explosive eruptions at hawaii's mount kilauea. the volcano spews more ash and toxic gas. thousands of residents are told to find shelter. 0ngoing investigation or partisan witch—hunt? one year into robert mueller‘s investigation,

the white house questions its purpose. it's gone on for over a year they have found no evidence of collusion, and still strongly believe that it's a witch hunt. we have a special report on the refugees selling their eu passports and travel documents prompting fears of a security risk. and meghan markle confirms her father won't be attending the royal wedding to focus on his health.