at least four trucks carrying people left the village on saturday. western—backed syrian democratic forces are poised to resume their final push on the area. thousands of protesters have taken to the streets in venezuela on a day of rival demonstrations. police used pepper spray against supporters of the opposition leader, juan guaido, in the capital caracas, while a huge number of pro—government demonstrators also gathered in the city. and r kelly has been released from prison after the payment of more than $160,000 in overdue child support. the singer has previously spent three nights in jail after being charged in four sex abuse cases — allegations he denies. now on bbc news, it's time for click, which this week looks at whether your car

could be vulnerable to hackers. this week: gone in six seconds with a simple high—tech car—jack. scrums and gums. and it's the end of the world as we know it... ..but we feel fine. for many of us, our car is one of the most valuable things that we own. sometimes crazy to think that we just leave them out on the streets. but, of course, that is because they are built with good security. but in the last few years, we have

started to see this happening. newer cars with keyless entry have been fooled by thieves with relay boxes. they stand outside your house and the box magnifies the signal from your key fob, which may be sitting inside, so the car thinks the key fob is closer than it really is and, hey presto, they are off with your car. so many car owners have turned to third party car alarms, which promise to protect against this kind of attack. they are fitted to order and many offer the ability to remotely control your car using a smartphone app, which is handy... ..unless these can be hacked too. you probably do not want to see what is coming next, but we are going to show you anyway. it is something we had hoped was not possible in real life but, worryingly, it is. the black range rover has been chosen and then tracked and is now the target for two hackers,

who are waiting to make their move. the victim has no idea about what is about to happen, as first the car alarm goes off... car alarm sounding. ..and then the attackers take control of the door locks. get out of the car. give me your key. give me your keys. 0k, 0k. groans. a new way to steal luxury cars to order? get out of the car. well, we've actually set this up to show you how security researchers have discovered what is now possible. the victim can't restart the car — only the attackers can do that. it is one of several ways in which car alarms sold by two of the world's biggest brands in car security can now be used against their owners.

so, how can this happen? we have been given exclusive access to the labs where the research happen, and the security companies who failed their customers have been given seven days to put things right. more on that later, but first, let's take a closer look at what went so badly wrong. the test compromised a vw and a range rover, but the failing have nothing to do with the car manufacturer, but rather these makes of alarms that millions of car owners have fitted to protect their wheels. clifford in the uk, also sold as viper in the us, is one of the market leaders and claims to prevent car—jacking, while pandora, raised in russia and sold in the uk, also fell short of its own audacious claims. currently, i would not recommend the viper or the pandora alarms.

the pandora alarm was claimed to be unhackable but right now, i would not recommend these alarms. pandora has recently dropped that claim from its website. just as well. so the first primary reason that most people fit a third party aftermarket car alarm like the viper or the pandora is to prevent the key relay attacks that we have seen videos of, where two guys appear at your house, wave a magic box by your wall, and then are able to drive your car away. so that's the first reason and the sort of additional security that comes with that. the second reason that people buy these is the remote start functionality, and the remote start functionality could allow you to preheat a car before you get into it on a cold winter's day, have the ice gone off the windscreen, but also to cool the car down on a hot summer's day as well. the trouble is, some of these nice—to—have comfort features have been shown by the researchers to be the very reason why they were able to take so much control.

the functionality we found a problem with is in the back—end systems. rather than asking for the information about my specific car, i could ask for any car. any car that this system is registered with, we can query that information — and that includes the person's name, full name, the location and find it real time on a map. we can get the model of the car, we can do the start—stop remotely, we can turn the panic alarm on remotely. so i could look on the system and look for a nice lamborghini or a porsche, for example, and think, "0h, i wonder where that is. is it in the uk, where i'm located? oh, yeah, it's just down the road from me! great, i am going to go and start that car if no—one is around, and unlock the doors and drive away." so who are these people with such superpowers? well, this is pen test partners, and it is one of a growing number of firms in the uk that are paid to break into security systems

by the companies that run them. pen test has contracts with several car manufacturers, among other clients, who want them to find vulnerabilities. but when these guys have some spare time, well, they start testing other systems too. vangelis usually works from greece but he has come over to show me how he broke into the pandora alarm. pandora provides you with an account and we found a flaw that we could enumerate all the users. and then we could change that user's e—mail, issue a password reset, and we would get the new passport on our changed e—mail, —— and we would get the new password on our changed e—mail, which we control. you basically reset the user's password and you got control? yes, after changing his own e—mail to my corrupt email. and the system lets you do that? yeah, apparently. that is what we call an insecure

direct object reference. can you show us how? yeah. i have written a script to automate everything. i am just using my own user id and this user id could be anyone's that is using pandora. right, so you are using your own id mainly to stay within the law, just to show us what's possible. yes. so now, i am waiting for the password e—mail. that it will have the new password with my changed e—mail. and you could do this for any user out there of pandora? yes. you change their password, you've gain their account, and then you're into the system? yes. so the system now is just waiting for the response from pandora? yes. that automatic e—mail that you get when you want to reset your password, you need to wait a few seconds. here it comes. yes. so you now have a new password.

i can log into the system and i control mine — because i have provided my user id — but any user's vehicle. now, it is worth emphasising that these are just normal manual cars — they are not autonomous, theyjust happen to have the extra security devices fitted. now, we think it affects around 3 million cars on the road globally, and as far as we know, criminals have not used the vulnerability yet to steal a vehicle. but the fact it is even possible will no doubt be cause for some red faces among the big brand names in the industry. in a statement, pandora said: directed, the parent company of clifford and viper alarms said:

for these professional security testers, though, the failings they found ought to be a wake—up call for the people paid to protect us. so we were shocked. we see all sorts of vulnerabilities like this but this one is right up there. it's a security product that's supposed to make our cars safer and more secure, but yet it is actually made us potentially more exposed and less secure. i am concerned about the way this scales up. there are millions of cars that are exposed — something like £200 billion worth of vehicles have these alarms fitted.

it was manufacturers that made the mistake. they had the security flaw. but there is still something you can do as a consumer. please make sure that you do not use the same password for your mobile apps as you do on other systems. why? because hackers will be trying passwords, they'll try steal them from other places and if that is the same password as your car alarm, you might wake up the next morning and find your car is gone. that was cam munroe finishing dan's piece. dan, i can't get over the fact that these are companies that work in the security industry and they put security holes in their own product. i know, i know. face palm moment. it is a face palm moment. they are playing it very cool with their reactions, too, by saying "nothing to see here. we fixed the problem. thanks very much for letting us know." but really, we are paying hundreds of pounds to these companies to keep us safe and they've left a backdoor wide open. this is one of the reason why

the security researchers that did this piece of work gave those companies just seven days to get their acts in gear. normally, it is about 30 days for disclosure — give them a bit more time, work out the problem is — but this needed sorting straight away and, in fairness, they did a reasonably good job. ok, i'm sure there might be some people watching who say, "should we even be broadcasting this technique and details about this technique because surely, it to crack into cars." right, and obviously we wouldn't if that vulnerability was still out there. it has been solved, it's been fixed by these two companies. pandora did it in four days. viper took five days, before they reported back to us. and we have checked their results and we now know their security holes are fixed. and that is why we could go to some details with viewers exactly how the researchers managed to break into the system. so this is a story just about car alarms. we are not talking about vulnerabilities in the actual driving of the car itself. but cars are becoming more

automated, aren't they? they are starting to control various parts of the journey. any evidence that there is any vulnerabilities in that technology? when you hear a story like this, you get nervous as things get more and more automated. and the trouble is, there is a security company that's dropped the ball here. now, if that were to happen with a car in control of the steering wheel, or the speed at which it is travelling while we are inside, you could imagine that the consequences would be much, much worse than the possibility of thieves pinching your car. yeah, 0k. dan, thank you very much. brilliant report. drive safe, i guess. thanks. hello, and welcome to the week in tech. it was the week that huawei announced it is suing the us government after they banned federal agency from using the chinese firm's products over national security concerns. the manufacturer says no evidence has been provided to back up the suggestions and denies any

connection to the chinese government. autonomous vehicle trials continue. volvo's12 metre bus was unveiled this week in singapore and is ready to be tested on designated public roads. eventually, it's expected to help reduce traffic, pollution and, i guess, work for bus drivers. a robotic hand with haptic feedback has been developed. replicating the master robot's moves remotely, the shadow robot company's mission is to relay touch to its wearer, wherever they may be. and finally, meet this little, running, jumping, backflipping bot. but it's more about the fact that mit's mini cheetah is so springy and nifty on its feet that it can move in all directions twice as fast as a human‘s average walking pace. weighing in atjust 20 pounds, it's pitched as almost indestructible.

impressive, but i'd still rather have a head. now, as the six nations enters its fourth round and the rugby world cup looms, the safety of the sport is in the headlines once again. lara lewington has been looking at a piece of equipment which could offer key information to make the game safer. fast paced, heavy hitting, you wouldn't want to be in the way of one of these guys. and that's just the training. but impacts like this can really take their toll on both the tackled and the tackler. concussion and injury to the brain caused by a head impact is a serious issue in contact sport. it can lead to early retirement,

or it can even prove fatal. concussion is trauma to the brain, either directly through a blow to the head, or transmitted from a blow from another part of the body. the symptoms of concussion are wide and variable, it can be from headaches, changing vision, blurred vision, sensitivity to light, sensitivity to noise, you can feels nauseous, you can get neck pain. it's important that you identify that so that you get the diagnosis correct and you get the proper treatment. the 0spreys, a professional team in south wales, are one of the first to use technology to gather data aiming to deal with this kind of injury in the future. protect is a gumshield fitted with sensors to monitor impacts to the head. we've made these bespoke mouth guards, so each of these mouth guards is really tightly coupled

to the player's teeth, so a dentist comes in and takes the impressions, that when they have a head impact, the mouth guard's actually moving with the skull, so you're getting really good, accurate skull acceleration. as far as us players go, it's just another mouth guard, and you don't really feel it, in your mouth, so obviously the chips and things, like i say, it's just another mouth guard and you don't realise. fitted with accelerometers and gyroscopes, the device measures the force that the skull is subjected to during training and games. so one of the biggest problems with rugby union is the second impact syndrome. so that's the one that can be fatal. what this would help to reduce is the incidence of second impact syndrome. so a medic on the sideline can have a look at that and go 0k, maybe it's time we brought them off. it gives them an extra object, a source of information to base their decisions on. the result can be fed in real time

to medics on the sidelines to decide on the best course of action if there's an incident. whilst it can't detect whether this has resulted in a concussion, the medics can keep an eye on the data to judge players who may be at risk. and in the long—term, this information also provides an opportunity to learn the correlation between an impact and its effect. we can go into the individual player's impacts and start to look at the shape of the impacts themselves, both in terms of linear and rotational acceleration. so that becomes quite important because of the cumulative impact of concussion, so we're really trying to understand here what might have happened in the past that will influence the future. if you think about today, the way players are observed for head injuries is typically what happens is that it's very visual. what we're adding is a layer of data, so it very much is an additive thing that starts with visual,

adds data, and that gives you a much more confident answer to both parts. but does wearing this kind of device provide any reassurance for the players? yeah, i don't know about that. if you've got a big guy coming down the channel, i think, it's going to the same whether you have it in or you don't but like i say, if you've got a big collision, you know, you can look back and understand how big it was and feed back the data and get a better understanding of it. so whilst it may not prevent the incident or the damage, it could mean a chance for the speediest intervention possible. 0ld, unwanted cassette tapes lying around ? here's one way to put the cases to good use. remove the tape. buzzer sound. flip the holder out. and you have an easy

stand for your phone. portrait, or landscape. now, next up, post—apocalypse now, or to put it another way, why are video games so obsessed with the end of the world? i mean if it's not a pandemic, it's a nuclear war or a zombie outbreak, i mean come on. there's a new game called days gone, which is the latest title to use the collapse of society as its setting. and marc cieslak popped down to world's end to find out more. a pandemic plunges the world into chaos, infecting the population with a virus and causing society to descend into the kind of madness usually reserved for shops selling low spec, massive tellies on black friday. here, catch. all of this sounds bit a familiar though. the video games industry likes a sure thing. at the moment, franchises

and sequels are really, really big, as are free to play, battle royale shooters. so days gone, a new playstation exclusive, has got its work cut out for it. number one, it's an original game, it's not part of a series, it's not a follow up to anything, and number two, it's post—apocalyptic. and there's one or two of those around at the moment. in fact, post—apocalyptic games are more fashionable than skinny jeans. well, i think the thing is with games, similar to films, we get horror that reflects the real world, we get horror films that do that, you know, dawn of the dead and george romero was commenting on consumerism with his shopping malls. i don't think it's an accident that we're now looking at the end of the world through nuclear apocalypses or cures for cancer, or all of these things. i think gamers like the apocalypse simply for the fact that you can look at it in terms of real life and wonder what you would do. what have i got here? there's a lot of post—apocalyptic games around, i'm thinking far cry new dawn, metro exodus.

a little bit further down the line we've got the last of us part two coming out. how does days gone separate itself from the post—apocalyptic pack? our world is set in the high desert of the pacific northwest, which is different than almost any environment i've seen in any kind of a game, let alone open world games, because it's a very harsh environment that is very condensed. you know, just our setting makes us different, but also the fact you've got one bike, something you have to take care of because — you have to fuel it, you have to repair it, and you have to make sure that it's always in good condition. 0therwise, you're going to be on foot in this world and you're going to die. perfect, that's perfect. you'd be forgiven for confusing days gone, from developers bend studios, with another post—apocalyptic playstation exclusive — the last of us 2 from naughty dog. both are set in worlds ravaged by disease and filled with infected monsters.

and it's an open world full of infected, cannibalistic