0:00:01 > 0:00:02Sima Kotecha, BBC News, Birmingham.
0:00:02 > 0:00:05Coming up shortly will be the Film Review, but first here's
0:00:05 > 0:00:18Click.
0:00:34 > 0:00:35Vegas, home to casinos.
0:00:35 > 0:00:38Elvis, sort of.
0:00:38 > 0:00:39Superfast knot-tying.
0:00:39 > 0:00:40Wide open spaces.
0:00:40 > 0:00:41Limos.
0:00:41 > 0:00:53The Strip.
0:00:53 > 0:00:56And this week, the largest hack-fest on the planet.
0:00:56 > 0:00:59If there's one week of stuff in Vegas that isn't staying
0:00:59 > 0:01:01in Vegas, it's this week's BSides, Black Hat and notorious
0:01:01 > 0:01:02DEF CON gatherings.
0:01:02 > 0:01:05This is the week where hackers rub up against law enforcers
0:01:05 > 0:01:14and everyone peeks over each other's shoulders and networks.
0:01:14 > 0:01:16So, let's get straight into the action.
0:01:16 > 0:01:18And for our first act of the show.
0:01:18 > 0:01:21Daniel here has got an extra piece of software running allowing him
0:01:21 > 0:01:28to hear what's being typed on the other end of a Skype call.
0:01:28 > 0:01:31So how does it work? The software during a Skype call learns
0:01:31 > 0:01:33how your keyboard sounds like and if you later
0:01:33 > 0:01:35during the call type something sensitive,
0:01:35 > 0:01:38like a password or e-mail, we can understand what you've typed
0:01:38 > 0:01:42using machine learning algorithms.
0:01:42 > 0:01:45This is because each key has a unique fingerprint based
0:01:45 > 0:01:57on the position of the key on the keyboard.
0:01:57 > 0:02:00The suggested results from what our victim might be typing
0:02:00 > 0:02:01are listed on the screen.
0:02:01 > 0:02:04As you can see, it's spotted every word except one but when asked
0:02:04 > 0:02:07to choose the words to make the most likely sentence, it's
0:02:07 > 0:02:09not so on the money.
0:02:09 > 0:02:10So, this is Scott Helme.
0:02:10 > 0:02:13He is not just our victim, he's also a security researcher
0:02:13 > 0:02:16who is here to keep Click on track with a hacker's view
0:02:16 > 0:02:19of the conferences for the next couple of episodes.
0:02:19 > 0:02:19Hello, Scott.
0:02:19 > 0:02:20Hello.
0:02:20 > 0:02:21What do you think?
0:02:21 > 0:02:23So, the technology is still quite young.
0:02:23 > 0:02:26It took a bit of setup to make this work but technology advances quite
0:02:26 > 0:02:29quickly and things that are difficult today will
0:02:29 > 0:02:30probably be easy tomorrow.
0:02:30 > 0:02:41We have seen some things like this before as well.
0:02:41 > 0:02:44I looked at a hack recently where they could measure
0:02:44 > 0:02:46the vibrations in a crisp packet to record my voice.
0:02:46 > 0:02:49So I think in the future, things and technologies like this
0:02:49 > 0:02:52could be quite bad because it's going to allow people
0:02:52 > 0:02:55to extract a lot more information from our devices.
0:02:55 > 0:02:55Wow, sobering thoughts.
0:02:55 > 0:02:59It seems like the hackers are always going to find new and interesting
0:02:59 > 0:03:06ways to get inside our computers.
0:03:06 > 0:03:09It was me and two other friends, just a bit of fun.
0:03:09 > 0:03:10I manipulate people's feelings, thoughts.
0:03:10 > 0:03:11I started getting bullied.
0:03:11 > 0:03:14We tried to break into our school's network.
0:03:14 > 0:03:16We could control people's screens, change passwords.
0:03:16 > 0:03:35I got arrested for Misuse of Computer Act, 1990, section three.
0:03:35 > 0:03:38I can't name the company but they lost a lot of money.
0:03:38 > 0:03:42This is definitely a way to get ahead of the curve and to stop
0:03:42 > 0:03:44anyone from possibly taking a misinformed choice
0:03:44 > 0:03:46as to the direction of their life.
0:03:46 > 0:03:49This is the UK's first reboot camp for hackers.
0:03:49 > 0:03:51The first seven through the doors, aged 16-20, all intend
0:03:52 > 0:03:54to change their ways, so we've agreed to keep
0:03:54 > 0:04:07their identities secret.
0:04:07 > 0:04:10Rehab includes spotting moments when they might be tempted to cross
0:04:10 > 0:04:12the line of what's legal and what's not.
0:04:12 > 0:04:14That looks like I could get everyone's details.
0:04:14 > 0:04:18Your parents will not have any idea how you do what you do.
0:04:18 > 0:04:19It will be like magic.
0:04:19 > 0:04:22Solomon Gilbert was caught as a teenage offender.
0:04:22 > 0:04:25Now he's the one giving the lecture is, in between tackling
0:04:25 > 0:04:25cybercrime himself.
0:04:25 > 0:04:26I was 17 years old.
0:04:27 > 0:04:29I was getting drawn into making my own malicious code,
0:04:29 > 0:04:32making my own exploits, stealing things like credit card
0:04:32 > 0:04:38information, database information.
0:04:38 > 0:04:41I wouldn't do anything with them, but it ended up with me getting
0:04:41 > 0:04:44kicked out of school and arrested and looked into by the
0:04:44 > 0:04:47counterterrorism intelligence unit.
0:04:47 > 0:04:49What were the key moments that changed your path?
0:04:50 > 0:04:52Everyone in the cyber security industry has one person that
0:04:52 > 0:04:55they've met that's gone, well, you're very talented at this,
0:04:55 > 0:05:01let's move you to do it as a job.
0:05:01 > 0:05:04Cyber Security Challenge UK has set up a capture the flag competition
0:05:04 > 0:05:12so that teenagers can show off their skills.
0:05:12 > 0:05:15Several large companies are here to talk future job opportunities.
0:05:15 > 0:05:21UK hasn't got enough people to protect itself.
0:05:21 > 0:05:22Businesses, the nation, individual accounts,
0:05:22 > 0:05:25we all need protecting and that's why we exist.
0:05:25 > 0:05:26We need to find these people.
0:05:26 > 0:05:27They're there.
0:05:27 > 0:05:30We know they're there, we need to find them.
0:05:30 > 0:05:32These offenders know this is a second chance,
0:05:32 > 0:05:36one they didn't realise they were so well qualified for.
0:05:36 > 0:05:39I was more interested in the dark side, back when I was young.
0:05:39 > 0:05:45I wasn't really looking at the good side.
0:05:45 > 0:05:47The dark side was mainly just attacks, attacks, attacks,
0:05:47 > 0:05:48not thinking about defending.
0:05:48 > 0:05:52Well, now I know that it exists, it sounds like something that I'd
0:05:52 > 0:05:55really, really like to go into because you get the same, like,
0:05:55 > 0:05:58rush, the same excitement, but you're doing it for fun,
0:05:58 > 0:06:00still, but it's legal and you get paid.
0:06:00 > 0:06:06It's like every kind of benefit.
0:06:21 > 0:06:23Humans have been using handprints to identify themselves
0:06:23 > 0:06:25for a very long time.
0:06:25 > 0:06:28These ones here, the Hands Across Time just outside Las Vegas,
0:06:28 > 0:06:30in Red Rock, are hundreds of years old.
0:06:30 > 0:06:32They're some of the earliest examples of native Americans
0:06:32 > 0:06:33showing their identity.
0:06:33 > 0:06:35Kind of like a signature.
0:06:35 > 0:06:39In recent years we've started to use our hands to identify us
0:06:39 > 0:06:46again, and Dan's been finding out how secure they might be.
0:06:46 > 0:06:53At Bristol Robotics Lab, they're taking an interest in every detail.
0:06:53 > 0:07:04Now, if you're sensitive to flashing lights, look away now.
0:07:04 > 0:07:06Is that more secure, then, than just using your fingerprint?
0:07:07 > 0:07:07Certainly.
0:07:07 > 0:07:10With a fingerprint, it's a small region of the hand.
0:07:10 > 0:07:13Obviously with this system we're getting the whole surface and that,
0:07:13 > 0:07:16combined with the vein structure, just add an extra layer of security.
0:07:16 > 0:07:32Do you think this could be spoofed?
0:07:32 > 0:07:33I think it's unlikely.
0:07:33 > 0:07:35Research recently showed the ability to extract fingerprints
0:07:35 > 0:07:37or handprints off celebrities from a distance.
0:07:37 > 0:07:37From photos?
0:07:37 > 0:07:38From photos.
0:07:38 > 0:07:42So, you could use that to generate a 3-D surface but you still wouldn't
0:07:42 > 0:07:45have the vein structure on the back of the hand.
0:07:45 > 0:07:46That would be very difficult to hack.
0:07:46 > 0:07:49In Chicago, some people are already using their palm
0:07:49 > 0:07:59and to pay for things.
0:07:59 > 0:08:00It's being called Naked Payment.
0:08:01 > 0:08:04No cards, cash or phones.
0:08:04 > 0:08:08From September, TSB will be the first bank in Europe to adopt
0:08:08 > 0:08:10retina scan technology as a way of accessing online bank accounts,
0:08:11 > 0:08:18although initially customers will need a Samsung Galaxy S8
0:08:18 > 0:08:19handset to use the technology.
0:08:19 > 0:08:20But is it secure?
0:08:20 > 0:08:23In May, the Chaos Computer Club in Germany posted this video,
0:08:23 > 0:08:25fooling the S8's iris scanner using a photograph
0:08:25 > 0:08:26and a contact lens.
0:08:26 > 0:08:29TSB and Samsung are hoping that others won't go
0:08:29 > 0:08:34to that sort of trouble.
0:08:34 > 0:08:36At the CyLab Biometrics Center in Pittsburgh, they've developed
0:08:36 > 0:08:39a system that can identify the irises of people moving in
0:08:39 > 0:08:52a crowd from up to 12 metres away.
0:08:52 > 0:08:55But if the eyes don't have it, the face just might.
0:08:55 > 0:08:57Back at Bristol Robotics Lab, this 3-D face scanner
0:08:57 > 0:09:05is using a technique they've developed called Photometric stereo.
0:09:05 > 0:09:07Two invisible lights flash at high speed,
0:09:07 > 0:09:09allowing the camera to capture the orientation, shape
0:09:09 > 0:09:17and texture of what it sees.
0:09:17 > 0:09:21So far, it has a 95% accuracy rate but that's good enough to attract
0:09:21 > 0:09:26some major investment.
0:09:26 > 0:09:28They are working with Cubic, which develops the Oyster card,
0:09:28 > 0:09:31contactless payment system used in London's trains and buses.
0:09:31 > 0:09:33It's being part funded by the British government
0:09:33 > 0:09:35to innovate gateless technologies, allowing passengers to simply walk
0:09:36 > 0:09:38into a station and onto a train.
0:09:38 > 0:09:42You can imagine, if you can get rid of the gate line in a place
0:09:42 > 0:09:44like Victoria Station, there's a massive potential
0:09:44 > 0:09:45for increasing throughput.
0:09:45 > 0:09:49So we ran quite an interesting project for them, which they are now
0:09:49 > 0:09:52installing at their laboratory in Salford and the aim is to move it
0:09:52 > 0:09:55on to the Underground so that the system will recognise
0:09:55 > 0:09:59people and you get rid of the gates and it will allow people to go
0:09:59 > 0:10:06through without any impediments.
0:10:06 > 0:10:09Now, this is a is a prototype but we have been told
0:10:09 > 0:10:12that the system will recognise even a pair of glasses.
0:10:12 > 0:10:18So, let's see if it knows who I am now.
0:10:18 > 0:10:22Look at that, you can see my name come up right there.
0:10:22 > 0:10:24It could make your life so easy.
0:10:24 > 0:10:26Just walk around, the face is the key to doing everything
0:10:26 > 0:10:34you want to do in the modern world.
0:10:34 > 0:10:37And just to double-check, I've tried to fool it with this guy.
0:10:37 > 0:10:41Oh, look at that.
0:10:41 > 0:10:43It recognises me, but this is very clearly an impostor.
0:10:43 > 0:10:55This face clearly isn't going to get me anywhere.
0:11:00 > 0:11:06Dan Simmons, being shredded. Sorry, Dan.
0:11:06 > 0:11:12So, that's it for another week.
0:11:12 > 0:11:15Of course we'll be back with more next week from Vegas,