hello, this is bbc news. this is bbc news, i'm geeta guru—murthy. figures, for the rest of the weekend windy, feeling cold with some snout the headlines: the headlines at 4.00pm. the bodies of two climbers but also some spells of sunshine. —— the bodies of two who went missing in climbers who went missing pakistan have been found. briton tom ballard and italian some snow. in pakistan have been found. daniele nardi last made briton tom ballard and italian contact two weeks ago. daniele nardi last made the home secretary, sajid javid, contact two weeks ago. is facing criticism after the death the home secretary, sajid javid, of the baby son of shamima begum, is facing criticism the british teenager whose after the death of the baby son of shamima begum — citizenship he revoked forjoining the british teenager whose citizenship he revoked forjoining the islamic state group. the islamic state group. a man charged with murdering jodie chesney has been a man charged with murdering remanded in custody. jodie chesney has been the 17—year—old was stabbed remanded in custody. the 17—year—old was stabbed to death in a park in east london last friday. to death in a park in east london last friday. the brexit secretary accuses also this hour — michel barnier of trying the brexit secretary accuses michel barnier of trying "to rerun old arguments" — he's been urged to agree "to rerun old arguments" he's been urged to agree to a "balanced solution" to a "balanced solution" by stephen barclay, as talks by stephen barclay, as talks continue between the uk and eu. continue between the uk and eu. increased activity at a missile increased activity at a missile site in north korea — site in north korea. satellite images of a facility satellite images of a facility near pyongyang suggest the country near pyongyang suggest the country may be preparing to launch a missile or a satellite.

now on bbc news it's time for click 7 which this week looks at whether your car could be vulnerable to hackers. this week: gone in six seconds with a simple high—tech carjack. scrums and gums. and it's the end of the world as we know it... ..but we feel fine. for many of us, our car is one of the most valuable things that we own. sometimes crazy to think that we just leave them out on the streets but, of course, that is because they are built with good security.

but in the last few years we have started to see this happening... newer cars with keyless entry have been fooled by thieves with relay boxes. they stand outside your house and the box magnifies the signal from your key fob, which may be sitting inside, so the car thinks the key fob is closer than it really is and, hey presto, they are off with your car. so many car owners have turned to third party car alarms, which promise to protect against this kind of attack. they are fitted to order and many offer the ability to remotely control your car using a smartphone app — which is handy... ..unless these can be hacked too. you probably do not want to see what is coming next but we are going to show you anyway. it is something we had hoped was not possible in real life but, worryingly, it is. the black range rover has been

chosen and then tracked and is now the target for two hackers, who are waiting to make their move. the victim has no idea about what is about to happen, as first the car alarm goes off... car alarm sounding. ..and then the attackers take control of the door locks. get out of the car. give me your key. 0k, 0k. a new way to steal luxury cars to order? get out of the car... well, we've actually set this up to show you how security researchers have discovered what is now possible. the victim can't restart the car, only the attackers can do that. it is one of several ways in which car alarms sold by two of the world's biggest brands in car security

can now be used against their owners. so how can this happen? we have been given exclusive access to the labs where the research happen, and the security companies who failed their customers have been given seven days to put things right. more on that later but first let's take a closer look at what went so badly wrong. the test compromised a vw and a range rover, but the failing have nothing to do with the car manufacturer, but rather these makes of alarms that millions of car owners have fitted to protect their wheels. clifford in the uk, also sold as viper in the us, is one of the market leaders and claims to prevent car—jacking. while pandora, raised in russia and sold in the uk, while pandora, ——based in russia and sold in the uk, also fell short of its own audacious claims. currently i would not recommend

the viper or the pandora alarms. the pandora alarm was claimed to be unhacklable but right now, i would not recommend these alarms. pandora has recently dropped that claim from its website. just as well. so the first primary reason that most people fit a third party after—market car alarm, like the viper or the pandora, is to prevent the key—relay attacks that we have seen videos of, where two guys appear at your house, wave a magic box by your wall, and then are able to drive your car away. so that's the first reason and the sort of additional security that comes with that. the second reason that people buy these is the remote start functionality and the remote start functionality could allow you to preheat the car before you get into it on a cold winter's day, have the ice gone off the windscreen, but also to cool the car down on a hot summer's day as well. the trouble is, some of these nice—to—have comfort features have been shown by the researchers to be the very reason why they were able to

take so much control. the functionality we found a problem with is in the back—end systems. rather than asking for the information about my specific car, i could ask for any car. any car that this system is registered with, we can query that information, and that includes the person's name, full name, the location and find it real time on a map, we can get the model of the car, we can do the start—stop remotely, we can turn the panic alarm on remotely. so i could look on the system and look for a nice lamborghini or a porsche, for example. and think, oh, i wonder where that is. is it in the uk, where i'm located? oh, yeah, it's just down the road from me. great, i am going to go and start that car if no—one is around, and unlock the doors and drive away. so who are these people with such superpowers? this is pen test partners, and it is one of a growing number of firms in the uk that are paid

to break into security systems by the companies that run them. pen test has contracts with several car manufacturers, among other clients, who want them to find vulnerabilities. but when these guys have some spare time, well, they start testing other systems too. vangelis usually works from greece but he has come over to show me how he broke into the pandora alarm. pandora provides you with a demo account and we found a flaw that we could enumerate all the users. and then we could change that user's e—mail, issue a password reset, and we would get the new password on our changed e—mail, which we control. you basically reset the user's password and you got control? yes, after changing his own e—mail to my corrupt email. and the system lets you do that? yeah, apparently.

that is what we call an insecure direct object reference. can you show us how? yeah. i have written a script to automate everything. i am just using my own user id and this user id could be anyone‘s that is using pandora. so you are using your own id mainly to stay within the law, just to show us what's possible. yes. so now i am waiting for the password e—mail. it will have the new password with my changed e—mail. and you could do this for any user out there of pandora. you chang their password, you've gained their account and then you're into the system. yes. so the system now is just waiting for the response from pandora. yes. that automatic e—mail that you get when you want to reset your password — you need to wait a few seconds. here it comes. yes. so you now have a new password. i can log into the system

and i control mine — because i have provided my user id but any user's vehicle. now, it is worth emphasising that these are just normal manual cars, they are not autonomous, they just happen to have the extra security devices fitted. now, we think it affects around 3 million cars on the road globally, and as far as we know, criminals have not used the vulnerability yet to steal a vehicle, but the fact it is even possible will no doubt be cause for some red faces among the big brand names in the industry. in a statement, pandora said: directed, the parent company

of clifford and viper alarms said: for these professional security testers though, the failings they found ought to be a wake—up call for the people paid to protect us. so we were shocked. we see all sorts of vulnerabilities like this but this one is right up there. it's a security product that's supposed to make our cars safer and more secure, but yet it has actually made us potentially more exposed and less secure. i am concerned about the way this scales up. there are millions of cars that are exposed — something like £200 billion worth of vehicles have these alarms fitted.

it was manufacturers that made the mistake — they had the security flaw — but there is still something you can do as a consumer. please, make sure that you do not use the same password for your mobile apps as you do on other systems. why? because hackers will be trying passwords, they'll try steal them from other places and if that is the same password as your car alarm, you might wake up the next morning and find your car is gone. that was cam munroe finishing dan's piece. dan, i can't get over the fact that these are companies that work in the security industry and they put security holes in their own product. i know, i know. it is a face palm moment. they are playing it very cool with their reactions too, by saying nothing to see here. we fixed the problem. thanks very much for letting us know. but really, we are paying hundreds of pounds to these companies to keep us safe and they left a backdoor wide open.

this is one of the reason why the security researchers that did this piece of work gave those companies just seven days to get their acts in gear. normally it is about 30 days for disclosure — give them a bit more time, work out the problem is — but this needed sorting straightaway and in fairness they did a reasonably good job. ok, i'm sure there might be some people watching who say, should we even be broadcasting this technique and details about this technique because surely it will tell people how to crack into cars. right, and obviously we wouldn't if that vulnerability was still out there. it has been solve, it's been fixed by these two companies. pandora did it in four days. viper took five days, before they reported back to us. we have checked their results and we now know those security holes are fixed. and that is why we could go to some details with viewers exactly how the researchers managed to break into the system. so this is a story just about car alarms.

we are not talking about vulnerabilities in the actual driving of the car itself. but cars are becoming more automated, aren't they? they are starting to control various parts of the journey. any evidence that there is any vulnerabilities in that technology? when you hear a story like this, you get nervous as things get more and more automated. the trouble is, there is a security company that's dropped the ball here. now, if that were to happen with a car in control of the steering wheel, or the speed at which it is travelling while we are inside, you could imagine that the consequences would be much, much worse than the possibility of thieves pinching your car. yeah, 0k, dan, thank you very much. brilliant report. drive safe, i guess. hello, and welcome to the week in tech. it was the week that huawei announced it is suing the us government, after they banned federal agency from using the chinese firm's products over

national security concerns. the manufacturer says no evidence has been provided to back up the suggestions and denies any connection to the chinese government. autonomous vehicle trials continue. volvo's12 metre bus was unveiled this week in singapore and is ready to be tested on designated public roads. eventually, it's expected to help reduce traffic, pollution and, i guess, work for bus drivers. a robotic hand with haptic feedback has been developed. replicating the master robot's moves remotely, the shadow robot company's mission is to relay touch to its wearer, wherever they may be. and finally, meet this little, running, jumping, backflipping bot. but it's more about the fact that mit's mini cheetah is so springy and nifty on its feet that it can move in all directions twice as fast as a human‘s average walking pace. weighing in atjust 20 pounds, it's

pitched as almost indestructible. impressive, but i'd still rather have a head. now, as the six nations enters its fourth round and the rugby world cup looms, the safety of the sport is in the headlines once again. lara lewington has been looking at a piece of equipment which could offer key information to make the game safer. fast paced, heavy hitting, you wouldn't want to be in the way of one of these guys. and that's just the training. but impacts like this can really take their toll on both the tackled and the tackler. concussion and injury to the brain caused by a head impact is a serious

issue in contact sport. it can lead to early retirement, or it can even prove fatal. concussion is trauma to the brain, either directly through a blow to the head, or transmitted from a blow from another part of the body. the symptoms of concussion are wide and variable, it can be from headaches, changing vision, blurred vision, sensitivity to light, sensitvity to noise, you can feels nauseous, you can get neck pain. it's important that you identify that so that you get the diagnosis correct and you get the proper treatment. the 0spreys, a professional team in south wales, are one of the first to use technology to gather data aiming to deal with this kind of injury in the future. protect is a gumshield fitted with sensors to monitor impacts to the head. we've made these bespoke mouthguards, so each of these

mouthguards is really tightly coupled to the player's teeth, so a dentist comes in and takes the impressions, that when they have a head impact, the mouthguard's actually moving with the skull, so you're getting really good, accurate skull acceleration. as far as us players go, it's just another mouthguard, and you don't really feel it, in your mouth, so obviously the chips and things, like i say, it's just another mouthguard and you don't realise. fitted with accelerometers and gyroscopes, the device measures the force that the skull is subjected to during training and games. so one of the biggest problems with rugby union is the second—impact syndrome. so that's the one that can be fatal. what this would help to reduce is the impact of second impact syndrome. so a medic on the sideline can have a look at that and go 0k, maybe it's time we brought them off.

it gives them an extra object, a source of information to base their decisions on. the result can be fed in real time to medics on the sidelines to decide on the best course of action if there's an incident. whilst it can't detect whether this has resulted in a concussion, the medics can keep an eye on the data to judge players who may be at risk. and in the long—term, this information also provides an opportunity to learn the correlation between an impact and its effect. we can go into the individual player's impacts and start to look at the shape of the impacts themselves, both in terms of linear and rotational acceleration. so that becomes quite important because of the cumulative impact of concussion, so we're really trying to understand here what might have happened in the past that will influence the future. if you think about today, the way players are observed for head injuries is typically what happens is that it's very visual. what we're adding is a layer

of data, so it very much is an additive thing that starts with visual, adds data, and that gives you a much more confident answer to both parts. but does wearing this kind of device provide any reassurance for the players? yeah, i don't know about that. if you've got a big guy coming down the channel, i think, it's going to the same whether you have it in or you don't but like i say, if you've got a big collision, you know, you can look back and understand how big it was and feed back the data and get a better understanding of it. so whilst it may not prevent the incident or the damage, it could mean a chance for the speediest intervention possible. 0ld, unwanted cassette tapes lying around ? here's one way to put the cases to good use. remove the tape. buzzer sound. flip the holder out. and you have an easy

stand for your phone. portrait, or landscape. now, next up, post—apocalypse now, or to put it another way, why are videogames so obsessed with the end of the world? i mean if it's not a pandemic, it's a nuclear war or a zombie outbreak, i mean, come on. there's a new game called days gone, which is the latest title to use the collapse of society as its setting. and marc cieslak popped down to world's end to find out more. a pandemic plunges the world into chaos, infecting the population with a virus and causing society to descend into the kind of madness usually reserved for shops selling low spec, massive tellys on black friday. here, catch. all of this sounds bit a familiar though.

the videogames industry likes a sure thing. at the moment, franchises and sequels are really, really big, as are free to play, battle royale shooters. so days gone, a new playstation exclusive, has got its work cut out for it. number one, it's an original game, it's not part of a series, it's not a followup to anything, and number two, it's post—apocalyptic. and there's one or two of those around at the moment. in fact, post—apocalyptic games are more fashionable than skinny jeans. well, i think the thing is with games, similar to films, we get horror that reflects the real world, we get horror films that do that, you know, dawn of the dead and george romero was commenting on consumerism with his shopping malls. i don't think it's an accident that we're now looking at the end of the world through nuclear apocalypses or cures for cancer, or all of these things. i think gamers like the apocalypse simply for the fact that you can look at it in terms of real life and wonder what you would do. what have i got here? there's a lot of post—apocalyptic games around, i'm thinking

far cry new dawn, metro exodus. a little bit further down the line we've got the last of us part two coming out. how does days gone separate itself from the post—apocalyptic pack? our world is set in the high desert of the pacific northwest, which is different than almost any environment i've seen in any kind of a game, let alone open world games, because it's a very harsh environment that is very condensed. you know, just our setting makes us different, but also the fact you've got one bike, something you have to take care of because — you have to fuel it, you have to repair it, and you have to make sure that it's always in good condition. 0therwise, you're going to be on foot in this world and you're going to die. perfect, that's perfect. you'd be forgiven for confusing days gone, from developers bend studios, with another post—apocalyptic playstation exclusive — the last of us 2 from naughty dog. both are set in worlds ravaged by disease and filled with infected monsters. yeah, 0k...

..and both feature story driven set pieces. but in days gone, the action takes place in a giant open world, and it's an open world full of infected, cannibalistic creatures, called frea kers. the player steps into the biker boots of bounty hunter, deacon stjohn. deacon is a man with a past, haunted by the separation and presumed death of his wife when the world went a bit 28 days later. i'm always going to love you. and i ain't never going to leave you. the ace this game has up its sleeve is its main antagonist, the freakers. freakers are living beings, so it sounds liek one of these things where we're just playing with semantics, like oh, they're zombies. no, they're not. get back here with that! that's mine. alone or in small numbers,

they don't pose too much of a threat but these guys like to hang around in gangs, big gangs called hordes. they have migration patterns, so hordes will actually sleep during the day. they hibernate in caves, tunnels, train cars, it's literally a whole set of networking and interacting, you know, living ecosystems, that are all doing their thing, whether you are there to watch it or not. sometimes art holds up a mirror to what's going on around us, presenting us with an exaggerated version of our world, highlighting problems that might exist in our own society, and then again, sometimes people simply enjoy taking out loads of monsters in a virtual armageddon. always asking the big questions, that is mark finishing off this week's programme. don't forget we live on social media, so wherever you go, we will be there waiting for you, facebook, instagram, youtube and twitter, @bbcclick. thanks for watching and we will see you soon.

some turbulent weather in the forecast not just through some turbulent weather in the forecast notjust through the weekend but into next week as well. some of us have seen some snow across parts of scotland, northern ireland and northern england. in the form of showers with sunshine in between, strong west or north westerly winds and the showers fade as the day wears on and our eyes turn to the south—west and the next atla ntic turn to the south—west and the next atlantic system arriving this evening. the rest of the weekend will be windy, quite cold especially across northern parts of england, summer across northern parts of england, summer rain, further snow but also some sunshine. this evening we have cloud and rain pushing its way north

and eastwards across much of england and eastwards across much of england and wales. hill snow across parts of wales and northern ireland in western scotland. ahead of this we have clearer skies. it will be a cold and frosty night in scotland and northern england, may be the north midlands as well. somewhat milder temperatures where we have cloud and rain, just above freezing. the band of rain starts to slowly clear eastwards tomorrow morning but let's look further west where there isa let's look further west where there is a snow arriving into northern ireland, western scotland and northern england. we still have strong winds as well so a very u nsettled strong winds as well so a very unsettled start to the day across western parts of scotland with a couple of centimetres even at lower levels but over the tops of the hills we might have five or six centimetres. rain, sleet and snow across northern england. parts of the midlands, wales and southern england will see some sunshine in the morning as the rain clears away.

then the snow starts to move eastwards and becomes showery in the afternoon. unsettled, when the afternoon. unsettled, when the afternoon but the best of the sunshine in central and southern parts of england. we could see temperatures up to ten or ii but just four or five further north. add on the strength of the wind and it isa on the strength of the wind and it is a bitterly cold day. sunday into monday, high pressure builds from the south—west so for a time on monday things settle down. we see spells of sunshine still strong wind as we go through monday. when strengthen is further overnight into tuesday and we will see a particularly stormy spell of weather.