0:00:00 > 0:00:02Coming up later on BBC News will be Newswatch.
0:00:02 > 0:00:53First, though, it's Click.
0:00:53 > 0:00:56Welcome to the south coast of England, and the country's
0:00:56 > 0:01:05biggest fortification, Dover Castle.
0:01:05 > 0:01:08They say an Englishman's house is his castle.
0:01:08 > 0:01:09This week, this castle is mine.
0:01:09 > 0:01:12Like every other home in the land, it needs to be well
0:01:12 > 0:01:15defended, because these days, it is constantly under attack.
0:01:15 > 0:01:17The walls make it out burglars, but today's
0:01:17 > 0:01:19digital invader is wily, and can worm its way
0:01:19 > 0:01:22in through the smallest gaps.
0:01:22 > 0:01:25Last week's global cyber attack on companies in around 150 countries
0:01:25 > 0:01:28shows just how vulnerable systems can be, even if you are not called
0:01:29 > 0:01:37into clicking dodgy links.
0:01:37 > 0:01:39So this week, we're looking at cybersecurity.
0:01:39 > 0:01:41It's me versus the bad guys out there.
0:01:41 > 0:01:47And they might be small, but there's a lot of them.
0:01:47 > 0:01:50So what can I do to shore up my defences?
0:01:50 > 0:01:51One thing is through biometrics.
0:01:51 > 0:01:53Gadgets already recognise our fingerprint, and now
0:01:53 > 0:01:56banks are starting to identify us using our voices.
0:01:56 > 0:02:00So how secure is it?
0:02:00 > 0:02:02Is it possible, for example, to fake someone's voice?
0:02:02 > 0:02:05We asked Dan Simmons to give it a go, or most precisely,
0:02:05 > 0:02:09to find the one person who might stand a chance at breaking
0:02:09 > 0:02:10into his bank account.
0:02:10 > 0:02:12Thanks, Ben.
0:02:12 > 0:02:16Well, one of the things that you might not know about me is that
0:02:16 > 0:02:20I am the only member of the Click team to have a twin brother.
0:02:20 > 0:02:20Hi.
0:02:20 > 0:02:23His name is Joe, and we kind of sound quite alike.
0:02:23 > 0:02:25We kind of do sound quite alike.
0:02:25 > 0:02:28But I came out first, and he just copied me.
0:02:28 > 0:02:31Yeah, well, for this report, it's going to be Joe trying
0:02:31 > 0:02:33to copy me...
0:02:33 > 0:02:36TOGETHER: ..as we try to break into a bank.
0:02:36 > 0:02:43But first, we're going to need some help.
0:02:43 > 0:02:46Yep, I really think this guy is going to help us.
0:02:46 > 0:02:50Right, good, good.
0:02:51 > 0:02:53All right, nice to meet you.
0:02:53 > 0:03:01If you'd like to sit down...
0:03:01 > 0:03:04What we're going to do first is I have this little
0:03:04 > 0:03:05analysis tool here.
0:03:05 > 0:03:08And what this will do is just detect, first of all,
0:03:08 > 0:03:10the pitch of your voice.
0:03:10 > 0:03:13This system that you're trying to break in is analysing your voice
0:03:13 > 0:03:15in lots of different ways.
0:03:15 > 0:03:18So there will be about 100 different variables it is picking up on.
0:03:18 > 0:03:24Hello, I'd like to access my account, please, today...
0:03:24 > 0:03:27Hello, I wondered if I could access my account today.
0:03:27 > 0:03:29You see there are pretty big differences between them.
0:03:29 > 0:03:34So who do you think is the bigger Adam's apple, out of both of you?
0:03:34 > 0:03:34I can't see mine.
0:03:35 > 0:03:41TOGETHER: Yayayayahh...
0:03:41 > 0:03:43It's the first time I've tried to use the telephone banking
0:03:43 > 0:03:46service, and I'm not set up, so I am hoping...
0:03:46 > 0:03:47LAUGHS
0:03:47 > 0:03:49How many - how long do you want to make this?
0:03:49 > 0:03:51A bit shorter, OK, a bit shorter.
0:03:51 > 0:03:54That wasn't axactly the way you said it the first time.
0:03:54 > 0:03:57I'd like to take everything out, today, please.
0:03:57 > 0:03:57That was.
0:03:57 > 0:03:59I'd like to take everything out, today, please.
0:03:59 > 0:04:01I'd like to take everything out, today, please.
0:04:02 > 0:04:03That is - that is close.
0:04:03 > 0:04:04That's not true.
0:04:04 > 0:04:05That is not true.
0:04:05 > 0:04:06Excellent, that is brilliant.
0:04:06 > 0:04:07Thank you very much.
0:04:07 > 0:04:13No worries at all!
0:04:13 > 0:04:15What're you dressed like that for?
0:04:15 > 0:04:17Well, we're doing a job, aren't we?
0:04:17 > 0:04:19I've got a gun.
0:04:19 > 0:04:20You don't need a gun, do you?
0:04:20 > 0:04:22Your voice is your weapon.
0:04:22 > 0:04:27Take that off!
0:04:27 > 0:04:31Erica is the voice of NICE - NICE is the voice security provider
0:04:31 > 0:04:33for Citibank credit card-holders in the US, among others.
0:04:33 > 0:04:41Hi, nice to meet you, too.
0:04:41 > 0:04:44Joe's going to try to break into my account, what chances do
0:04:44 > 0:04:45you think he has?
0:04:45 > 0:04:45Very slim.
0:04:46 > 0:04:49What advice can you give me to try and break into his account?
0:04:49 > 0:04:53Well, you've known him your entire life, so try to imitate his voice.
0:04:53 > 0:04:55She seems very confident about this - what -
0:04:55 > 0:04:59what why is it that you think that, maybe, my twin brother can't break
0:04:59 > 0:05:00into my account?
0:05:00 > 0:05:02Voice biometrics is the most accurate form of identification
0:05:02 > 0:05:04there is for access into financial institutions.
0:05:04 > 0:05:04Why?
0:05:04 > 0:05:10Why?
0:05:10 > 0:05:12It registers over 100 different characteristics with voice.
0:05:12 > 0:05:14Half of them personality and the half are physical.
0:05:15 > 0:05:17And you do look a little bit different,
0:05:17 > 0:05:20and your voices are different, so you will have different vocal
0:05:20 > 0:05:26characteristics.
0:05:26 > 0:05:28So therefore, what percentage chance do you think I have?
0:05:29 > 0:05:31It would be one out of several hundred thousand.
0:05:31 > 0:05:34How do you make it so that I can access my
0:05:34 > 0:05:37account, even if, like, at the moment, I have a little
0:05:37 > 0:05:38bit of a...
0:05:38 > 0:05:38COUGHS
0:05:38 > 0:05:40As I said, there's over 100 characteristics,
0:05:40 > 0:05:42and a cough or cold only affects about two.
0:05:42 > 0:05:45So we still have all those other characteristics to work with,
0:05:45 > 0:05:47and we still have identification.
0:05:47 > 0:05:49And has anybody fooled the system through the front door?
0:05:49 > 0:05:51Basically, pretending to be somebody they're not?
0:05:51 > 0:05:53No.
0:05:53 > 0:05:55Can I asked another question?
0:05:55 > 0:06:00It might just be a bit out the ballpark, but is this legal?
0:06:12 > 0:06:15I'm here to break into the account of Dan Simmons.
0:06:15 > 0:06:17Joe, you really don't need the gun.
0:06:17 > 0:06:19What do I have to do?
0:06:19 > 0:06:20Let's give this a shot.
0:06:20 > 0:06:20OK?
0:06:20 > 0:06:23Hi, yes, I'd like to access my current account,
0:06:23 > 0:06:28if I can, please?
0:06:28 > 0:06:30Yes, it's probably about ?10, something like that.
0:06:30 > 0:06:31Yeah.
0:06:31 > 0:06:35Thanks very much.
0:06:35 > 0:06:35Yeah, that's great.
0:06:35 > 0:06:38Thank you.
0:06:38 > 0:06:39You failed - but close.
0:06:40 > 0:06:42Wow, look at how close this is over here.
0:06:42 > 0:06:46Look at that!
0:06:46 > 0:06:50If we come over here, it you can see there's the threshold
0:06:50 > 0:06:52level, and that - that is pretty close.
0:06:52 > 0:06:54That was not a bad first go.
0:06:54 > 0:06:55That just came out of nowhere.
0:06:55 > 0:06:56First go, very good.
0:06:56 > 0:06:59It came out of absolutely nowhere!
0:06:59 > 0:07:01Very good.
0:07:01 > 0:07:07But that's how you test the system, isn't it?
0:07:07 > 0:07:09Yes, we that's how we test the system.
0:07:09 > 0:07:11We tested with twins, and siblings, and imitators.
0:07:11 > 0:07:13You know, a fraudster wouldn't get three chances,
0:07:13 > 0:07:17and the reason a fraudster wouldn't get three
0:07:17 > 0:07:19chances is that we would register the multiple failures,
0:07:19 > 0:07:22and it would dynamically increase the threshold on the third,
0:07:22 > 0:07:24and put a flag on the account.
0:07:24 > 0:07:27Right, that is not to say, of course, that it's
0:07:27 > 0:07:29impossible, is it?
0:07:29 > 0:07:35It's not impossible, it's just very improbable.
0:07:35 > 0:07:38So, Dan, your bank account is still safe, although your twin
0:07:38 > 0:07:40got away with some pretty cool stationery.
0:07:40 > 0:07:41Yeah, the old fashioned way.
0:07:41 > 0:07:44Were you surprised that the voice attack didn't work?
0:07:44 > 0:07:45Yeah, I was, actually.
0:07:45 > 0:07:48We really tried hard to match up our voices.
0:07:48 > 0:07:51You know, we used the voice coach and the rest of it,
0:07:52 > 0:07:58and it just bubbled under what we needed and couldn't get in.
0:07:58 > 0:08:01What about the simpler stuff that we have been asked by banks
0:08:01 > 0:08:04in the last few years, like "My voice is my password,"
0:08:04 > 0:08:05did you try that?
0:08:05 > 0:08:07Oh yeah, we had a crack at that.
0:08:07 > 0:08:10To get into my account, my twin needs my sort code
0:08:10 > 0:08:13and my account number, things I have helped him out with.
0:08:13 > 0:08:16He also needs to know my birthdate, but that's probably something
0:08:16 > 0:08:17he already knows.
0:08:17 > 0:08:20The question is, can my voiceprint give me any extra
0:08:20 > 0:08:24protection?
0:08:24 > 0:08:26Secret bank, we're not getting any bank names away.
0:08:26 > 0:08:27Good afternoon.
0:08:27 > 0:08:27Welcome to HSBC.
0:08:27 > 0:08:34Oh, it's...
0:08:34 > 0:08:36Please enter your sort code, or...
0:08:36 > 0:08:41Oh, I've got this one.
0:08:41 > 0:08:44Now, interestingly,it's the PIN number, and the account number,
0:08:44 > 0:08:53which, if you are from the days from the old cheque-book,
0:08:53 > 0:08:55then both of those things you'd use to print objects.
0:08:55 > 0:08:59So if you've got an old cheque from somebody you already know
0:08:59 > 0:08:59that.
0:08:59 > 0:09:00..your date of birth.
0:09:00 > 0:09:03He knows my date of birth because we share the same
0:09:03 > 0:09:04date of birth.
0:09:04 > 0:09:07After the tone, please repeat the phrase "My voice your password".
0:09:07 > 0:09:11My voice is my password.
0:09:11 > 0:09:13I'm sorry, I didn't catch that.
0:09:13 > 0:09:16After the tone, please repeat the phrase "My voice your password".
0:09:16 > 0:09:21My voice is my password.
0:09:21 > 0:09:29Welcome to HSBC Advance.
0:09:29 > 0:09:33The balance of your account is ?1.21p credit.
0:09:33 > 0:09:35I'm off to the bank!
0:09:35 > 0:09:38For your available balance...
0:09:38 > 0:09:40I thought it would be more than that, Dan.
0:09:40 > 0:09:42LAUGHS
0:09:42 > 0:09:49Evil twin was in.
0:09:49 > 0:09:51Perhaps more surprising when you consider the service
0:09:51 > 0:09:53providers test their systems with twins to improve security.
0:09:53 > 0:09:55I can get into other accounts, apparently,
0:09:55 > 0:09:56Dan, so...
0:09:56 > 0:09:57HSBC told us:
0:10:15 > 0:10:17Major security no no man works at an undisclosed financial
0:10:17 > 0:10:18institution.
0:10:18 > 0:10:21Oh.
0:10:21 > 0:10:23He manages innovation, because they have an
0:10:23 > 0:10:24innovation unit.
0:10:24 > 0:10:25So what's he been innovating?
0:10:25 > 0:10:28Just watch the way he uses his phone, because his security
0:10:28 > 0:10:30system is doing just that.
0:10:30 > 0:10:34And even with all his login details, I'll
0:10:34 > 0:10:41need to replicate how he holds, taps, and tilts his device.
0:10:45 > 0:10:49Ha, hi!
0:10:49 > 0:10:53Chris, would you mind lending me that for a moment?
0:11:03 > 0:11:06No luck.
0:11:06 > 0:11:10It's beaten me.
0:11:10 > 0:11:14That'll be yours, then.
0:11:23 > 0:11:25Brilliant security tips there, unfortunately I think
0:11:25 > 0:11:28they have arrived a little bit too late for me.
0:11:28 > 0:11:30Still, there you go.
0:11:30 > 0:11:33Thanks for watching and I really, really hope that I will
0:11:33 > 0:11:34see you soon!
0:12:01 > 0:12:06Hello and welcome to Newswatch, with me, Samira Ahmed.
0:12:06 > 0:12:08Coming up: the party manifestos are all out.
0:12:08 > 0:12:11How well has the BBC done on explaining