a very warm welcome to bbc news — this is bbc news, broadcasting to our viewers the latest headlines: in north america britain's mps have voted and around the globe. against leaving the eu my name's mike embley. without a deal. our top stories: on thursday, they'll vote the ayes to the right, 321, on whether to request a delay the noes to the left, 278. to the brexit process. britain's parliament votes to reject a no—deal brexit the prime minister has warned but still, under current law, an extension could be a long one. the uk could be leaving the european union without any boeing has temporarily grounded its entire global fleet agreement at the end of march. of 737 max aircraft. boeing grounds its entire worldwide fleet of 737 max aircraft, as new evidence is uncovered the us federal aviation about the most recent fatal crash in ethiopia. administration says the decision the judge in the trial of the vietnamese woman charged was prompted by new evidence from two recent fatal crashes. with killing kim jong—un‘s half—brother has agreed a vigil has been held outside to a postponement. a secondary school near sao paulo in brazil to remember the eight people shot dead by two former students. we are just hours away most of the victims were teenagers. from the announcement the attackers, aged 17 and 25, on whether former soldiers will be prosecuted over later killed themselves. it's about 3:30am.

time now for click. this week: gone in six seconds with a simple high—tech car—jack. scrums and gums. and it's the end of the world as we know it, but we feel fine. for many of us, our car is one of the most valuable things that we own. sometimes crazy to think that we just leave them out on the streets. but, of course, that is because they are built with good security. but in the last few years, we have started to see this happening. newer cars with keyless entry have been fooled by thieves

with relay boxes. they stand outside your house and the box magnifies the signal from your key fob, which may be sitting inside, so the car thinks the key fob is closer than it really is and, hey presto, they are off with your car. so, many car owners have turned to third party car alarms, which promise to protect against this kind of attack. these are fitted to order and many offer the ability to remotely control your car using a smartphone app, which is handy... ..unless these can be hacked too. you probably don't want to see what's coming next, but we're going to show you anyway. it's something we'd hoped wasn't possible in real life but, worryingly, it is. the black range rover has been chosen and then tracked and is now the target for two hackers,

who are waiting to make their move. the victim has no idea of what's about to happen, as first the car alarm goes off... car alarm sounding ..and then the attackers take control of the door locks. get out of the car. give me your key. give me your keys. 0k, 0k. a new way to steal luxury cars to order? groans get out of the car. give me your key. give me your keys. well, we've actually set this up to show you how security researchers have discovered what is now possible. the victim can't restart the car — only the attackers can do that. it's one of several ways in which car alarms sold by two of the world's biggest brands in car security can now be used against their owners. so, how can this happen?

we've been given exclusive access to the labs where the research happened, and the security companies who failed their customers have been given seven days to put things right. more on that later, but first, let's take a closer look at what went so badly wrong. the test compromised a vw and a range rover, but the failings have nothing to do with the car manufacturer, but rather these makes of alarms, that millions of car owners have fitted to protect their wheels. clifford in the uk, also sold as viper in the us, is one of the market leaders and claims to prevent car—jacking, while pandora, raised in russia and sold in the uk, also fell short of its own audacious claims. currently, i wouldn't recommend the viper or the pandora alarms. the pandora alarm was claimed to be unhackable but right now, i wouldn't recommend these alarms. pandora has recently dropped that

claim from its website. just as well. so the first primary reason that most people fit a third party aftermarket car alarm, like the viper or the pandora, is to prevent the key relay attacks that we've seen videos of, where two guys appear at your house, wave a magic box by your wall, and then are able to drive the car away. so that's the first reason and the sort of additional security that comes with that. the second reason that people buy these is the remote start functionality, and the remote start functionality could allow you to preheat the car before you get into it on a cold winter's day, have the ice gone off the windscreen, but also to cool the car down on a hot summer's day as well. trouble is, some of these nice—to—have comfort features have been shown by the researchers to be the very reason why they were able to take so much control. the functionality we found a problem with is in the back—end systems. rather than asking for the information about my specific car, i could ask for any car.

any car that this system is registered with, we can query that information — and that includes the person's name, full name, the location — and find it real time on a map — we can get the model of the car, we can do the start—stop remotely, we can turn the panic alarm on remotely. so i could look on the system and look for a nice lamborghini or a porsche, for example, and think, "0h, i wonder where that is. is it in the uk, where i'm located? oh, yeah, it's just down the road from me! great, i'm going to go and start that car if no—one‘s around, and unlock the doors and drive away." so who are these people with such superpowers? well, this is pen test partners, and it is one of a growing number of firms in the uk that are paid to break into security systems by the companies that run them. pen test has contracts with several car manufacturers, among other clients, who want them

to find vulnerabilities. but when these guys have some spare time, well, they start testing other systems too. vangelis usually works from greece but he's come over to show me how he broke into the pandora alarm. pandora provides you with an account and we found a flaw that we could enumerate all the users. and then we could change that user's e—mail, issue a password reset, and we would get the new password on our changed e—mail, which we control. you basicallyjust reset the user's password and you got control? yes, after changing his own e—mail to my corrupt email. and the system lets you do that? yeah, apparently. that's what we call an insecure direct object reference. can you show us how?

yeah. i have written a script to automate everything. i'm just using my own user id, and this user id could be anyone‘s that is using pandora. right, so you're using your own id mainly to stay within the law, just to show what's possible. yes. so now, i'm waiting for the password e—mail. that it will have the new password with my changed e—mail. and you could do this for any user out there of pandora? yes. you'd change their password, you've gained their account, and then you're into the system? yes. so the system now is just waiting for the response from pandora? yes. that automatic e—mail that you get when you want to reset your password, you need to wait a few seconds. here it comes. yes. so you now have a new password. i can log into the system and i control mine — because i have provided my user id —

but any user's vehicle. now, it is worth emphasising that these are just normal manual cars — they're not autonomous, theyjust happen to have the extra security devices fitted. now, we think it affects around 3 million cars on the road globally, and as far as we know, criminals haven't used the vulnerability yet to steal a vehicle. but the fact it's even possible will no doubt be cause for some red faces among the big brand names in the industry. in a statement, pandora said: directed, the parent company of clifford and viper alarms said:

for these professional security testers, though, the failings they found ought to be a wake—up call for the people paid to protect us. so we were shocked. we see all sorts of vulnerabilities like this, but this one is right up there. it's a security product that's supposed to make our cars safer and more secure, but yet, it's actually made us potentially more exposed and less secure. i'm concerned about the way this scales up. there are millions of cars are exposed — something like £200 billion worth of vehicles have these alarms fitted. it was manufacturers that made the mistake. they had the security flaw. but there is still something that you can do as a consumer.

please make sure that you don't use the same password for your mobile apps as you use on other systems. why? because hackers will be trying passwords, they'll try and steal them from other places, and if that's the same password as your car alarm, you might wake up the next morning and find your car is gone. that was cam munroe finishing dan's piece. dan, i can't get over the fact that these are companies that work in the security industry and they put security holes in their own product. i know, i know. face palm moment. it is a face palm moment. they're playing it very cool with their reactions too, by saying, you know, "nothing to see here. we've fixed the problem. thanks very much for letting us know." but really, we're paying hundreds of pounds to these companies to keep us safe and they've left a backdoor wide open. this is one of the reasons why the security researchers that did this piece of work gave those companies just seven days

to get their acts in gear. normally, it's about 30 days for disclosure — give them a bit more time, work out the problem was. this needs sorting. it needs sorting straight away and, in fairness, they did a reasonably good job. ok, i'm sure there might be some people watching who say, "should we even be broadcasting this technique and details about this technique because surely, it will tell people how to crack into cars." right, and obviously we wouldn't if that vulnerability was still out there. it has been solved, it's been fixed by these two companies. pandora did it in four days. viper took five days, before they reported back to us. and we have checked their results and we now know that those security holes are fixed. and that's why we can go into some details with viewers about exactly how the researchers managed to break into the system. so this is not a story

just about car alarms. we're not talking about vulnerabilities in the actual driving of the car itself. but cars are becoming more automated, aren't they? they are starting to control various parts of the journey. any evidence that there is any vulnerabilities in that technology at the moment? when you hear a story like this, you get nervous, as things get more and more automated. and the trouble is, it's is a security company that's dropped the ball here. now, if that were to happen with a car in control travelling while we're inside, you can imagine that the consequences would be much, much worse than the possibility of thieves pinching your car. yeah, 0k. dan, thank you very much. brilliant report. drive safe, i guess. thanks. hello, and welcome to the week in tech. it was the week that huawei announced it's suing the us government after they banned federal agencies from using the chinese firm's products over national security concerns. the manufacturer says no evidence has been provided to back up the suggestions and denies any connection to the chinese government. autonomous vehicle trials continue.

volvo's12 metre bus was unveiled this week in singapore and is ready to be tested on designated public roads. eventually, it's expected to help reduce traffic, pollution and, i guess, work for bus drivers. a robotic hand with haptic feedback has been developed. replicating the master robot's moves remotely, the shadow robot company's mission is to relay touch to its wearer, wherever they may be. and finally, meet this little, running, jumping, backflipping bot. well, it's more about the fact that mit's mini cheetah is so springy and nifty on its feet that it can move in all directions twice as fast as a human‘s average walking pace. weighing in atjust 20 pounds, it's pitched as almost indestructible. impressive, but i'd still rather have a head.

now, as the six nations enters its fourth round and the rugby world cup looms, the safety of the sport is in the headlines once again. lara lewington has been looking at a piece of equipment which could offer key information to make the game safer. fast paced, heavy hitting, you wouldn't want to be in the way of one of these guys. and that's just the training. but impacts like this can really take their toll on both the tackled and the tackler. concussion and injury to the brain caused by a head impact is a serious issue in contact sport. it can lead to early retirement, or it can even prove fatal.

concussion is trauma to the brain, either directly through a blow to the head, or transmitted from a blow from another part of the body. the symptoms of concussion are wide and variable, it can be from headaches, changing vision, blurred vision, sensitivity to light, sensitivity to noise, you can feels nauseous, you can get neck pain. it's important that you identify that so that you get the diagnosis correct and you get the proper treatment. the 0spreys, a professional team in south wales, are one of the first to use technology to gather data aiming to deal with this kind of injury in the future. protect is a gumshield fitted with sensors to monitor impacts to the head. we've made these bespoke mouth guards, so each of these mouth guards is really tightly coupled to the player's teeth, so a dentist comes in and takes the impressions, that

when they have a head impact, the mouth guard's actually moving with the skull, so you're getting really good, accurate skull acceleration. as far as us players go, it's just another mouth guard, and you don't really feel it, in your mouth, so obviously the chips and things, like i say, it's just another mouth guard and you don't realise. fitted with accelerometers and gyroscopes, the device measures the force that the skull is subjected to during training and games. so one of the biggest problems with rugby union is the second impact syndrome. so that's the one that can be fatal. what this would help to reduce is the incidence of second impact syndrome. so a medic on the sideline can have a look at that and go 0k, maybe it's time we brought them off. it gives them an extra object, a source of information to base their decisions on.

the result can be fed in real time to medics on the sidelines to decide on the best course of action if there's an incident. whilst it can't detect whether this has resulted in a concussion, the medics can keep an eye on the data to judge players who may be at risk. and in the long—term, this information also provides an opportunity to learn the correlation between an impact and its effect. we can go into the individual player's impacts and start to look at the shape of the impacts themselves, both in terms of linear and rotational acceleration. so that becomes quite important because of the cumulative impact of concussion, so we're really trying to understand here what might have happened in the past that will influence the future. if you think about today, the way players are observed for head injuries is typically what happens is that it's very visual. what we're adding is a layer of data, so it very much is an additive thing that starts with visual, adds data, and that gives you a much more confident answer to both parts. but does wearing this kind of device

provide any reassurance for the players? yeah, i don't know about that. if you've got a big guy coming down the channel, i think, it's going to the same whether you have it in or you don't but like i say, if you've got a big collision, you know, you can look back and understand how big it was and feed back the data and get a better understanding of it. so whilst it may not prevent the incident or the damage, it could mean a chance for the speediest intervention possible. 0ld, unwanted cassette tapes lying around ? here's one way to put the cases to good use. 0ld, unwanted cassette tapes lying around ? here's one way to put the cases to good use. remove the tape. buzzer sound. flip the holder out. and you have an easy stand for your phone. portrait, or landscape. now, next up, post—apocalypse now,

or to put it another way, why are video games so obsessed with the end of the world? i mean if it's not a pandemic, it's a nuclear war or a zombie outbreak, i mean come on. there's a new game called days gone, which is the latest title to use the collapse of society as its setting. and marc cieslak popped down to world's end to find out more. a pandemic plunges the world into chaos, infecting the population with a virus and causing society to descend into the kind of madness usually reserved for shops selling low spec, massive tellies on black friday. here, catch. all of this sounds bit a familiar though. the video games industry likes a sure thing.

at the moment, franchises and sequels are really, really big, as are free to play, battle royale shooters. so days gone, a new playstation exclusive, has got its work cut out for it. number one, it's an original game, it's not part of a series, it's not a follow up to anything, and number two, it's post—apocalyptic. and there's one or two of those around at the moment. in fact, post—apocalyptic games are more fashionable than skinny jeans. well, i think the thing is with games, similar to films, we get horror that reflects the real world, we get horror films that do that, you know, dawn of the dead and george romero was commenting on consumerism with his shopping malls. i don't think it's an accident that we're now looking at the end of the world through nuclear apocalypses or cures for cancer, or all of these things. i think gamers like the apocalypse simply for the fact that you can look at it in terms of real life and wonder what you would do. what have i got here? there's a lot of post—apocalyptic games around, i'm thinking far cry new dawn, metro exodus. a little bit further down the line we've got the last of us part two coming out.

how does days gone separate itself from the post—apocalyptic pack? our world is set in the high desert of the pacific northwest, which is different than almost any environment i've seen in any kind of a game, let alone open world games, because it's a very harsh environment that is very condensed. you know, just our setting makes us different, but also the fact you've got one bike, something you have to take care of because — you have to fuel it, you have to repair it, and you have to make sure that it's always in good condition. 0therwise, you're going to be on foot in this world and you're going to die. perfect, that's perfect. you'd be forgiven for confusing days gone, from developers bend studios, with another post—apocalyptic playstation exclusive — the last of us 2 from naughty dog. both are set in worlds ravaged by disease and filled with infected monsters. yeah, 0k... ..and both feature story driven set pieces. but in days gone, the action takes place in a giant open world, and it's an open world full of infected, cannibalistic creatures, called frea kers.

the player steps into the biker boots of bounty hunter, deacon stjohn. deacon is a man with a past, haunted by the separation and presumed death of his wife when the world went a bit 28 days later. i'm always going to love you. and i ain't never going to leave you. the ace this game has up its sleeve is its main antagonist, the freakers. freakers are living beings, so it sounds like one of these things where we're just playing with semantics, like oh, they're zombies. no, they're not. get back here with that! that's mine. alone or in small numbers, they don't pose too much of a threat but these guys like to hang around

in gangs, big gangs called hordes. they have migration patterns, so hordes will actually sleep during the day. they hibernate in caves, tunnels, train cars, it's literally a whole set of networking and interacting, you know, living ecosystems, that are all doing their thing, whether you are there to watch it or not. sometimes art holds up a mirror to what's going on around us, presenting us with an exaggerated version of our world, highlighting problems that might exist in our own society, and then again, sometimes people simply enjoy taking out loads of monsters in a virtual armageddon. always asking the big questions, that is mark finishing off this week's programme. don't forget we live on social media, so wherever you go, we will be there waiting for you, facebook, instagram, youtube and twitter, @bbcclick. thanks for watching

and we will see you soon. hello again. storm gareth may well have blown itself away out into northern europe, but our weather stays pretty blustery over the next few days. there is gareth working across denmark. but further west in the atlantic, things looking pretty lively still with weather fronts, areas of low pressure targeting the british isles. and that means over the next few days there's no end in sight really to this run of windy weather through thursday, friday, into the weekend as well before things calm down in the following week. now, for those of you heading outside over the next few hours, it is quite breezy outside, some fairly strong winds across north—western areas, thick cloud around and outbreaks of rain as well, quite heavy rain at that across parts of northern england, southern scotland and wales as well. now, these are the kind of temperatures you might encounter if you're heading outside. now, as we look at the weather picture for thursday, no surprises — the low pressure

is right over the top of the british isles. we've still got fairly tightly packed isobars showing up on the charts too. so, it's going to be a cloudy, windy and wet start to the day. the worst of the rain will tend to clear through across england and wales, and quite quickly thursday morning, we'll see some bright weather for scotland, northern ireland, northern england with a scattering of showers blown in by those blustery winds. gusts of wind that could reach 40, even 50mph across the most exposed locations. that of course means the showers don't stay in one place for any length of time. but what it will also do is it will knock the edge off these temperatures, ranging from around 7 to 13, but feeling a bit cooler than that, so quite a chilly feel to the weather across parts of scotland. now, through thursday evening and overnight, the showers continue on and off across northern areas, it will cloud over elsewhere with outbreaks of rain spreading in, particularly to england and wales. temperature—wise, quite a big contrast thursday night. mild in the south, 9 or 10 degrees or so, got the colder air further north with plenty of showers,

wintry over high ground. now, on friday, it's another unsettled looking day, still with those west—north—westerly winds. cloud and rain never far away from the south. it may well cloud over again later in the afternoon, bringing rain back into south—west england. some sunshine elsewhere, but, again, plenty of showers across north—western areas, snow up over some of the higher parts of scotland. now, the weekend weather shows no sign of settling down. indeed, on saturday, we could have quite a deep area of low pressure spinning in, bringing a stormy spell of weather. could have some snow around as well. so, some wet weather, given the weather's been wet recently, we could see some localised surface water flooding from that, and also, some very strong winds. notice to the northern edge of the storm system, we could see some snow. the worst of that likely in the scottish mountains above 200 to 300 metres elevation. still quite chilly for northern areas. that's your weather.