Fear and Coding in Las Vegas Click - Short Edition

Sima Kotecha, BBC News, Birmingham.

Coming up shortly will be the Film Review, but first here's

Click.

Vegas, home to casinos.

Elvis, sort of.

Superfast knot-tying.

Wide open spaces.

Limos.

The Strip.

And this week, the largest hack-fest on the planet.

If there's one week of stuff in Vegas that isn't staying

in Vegas, it's this week's BSides, Black Hat and notorious

DEF CON gatherings.

This is the week where hackers rub up against law enforcers

and everyone peeks over each other's shoulders and networks.

So, let's get straight into the action.

And for our first act of the show.

Daniel here has got an extra piece of software running allowing him

to hear what's being typed on the other end of a Skype call.

So how does it work? The software during a Skype call learns

how your keyboard sounds like and if you later

during the call type something sensitive,

like a password or e-mail, we can understand what you've typed

using machine learning algorithms.

This is because each key has a unique fingerprint based

on the position of the key on the keyboard.

The suggested results from what our victim might be typing

are listed on the screen.

As you can see, it's spotted every word except one but when asked

to choose the words to make the most likely sentence, it's

not so on the money.

So, this is Scott Helme.

He is not just our victim, he's also a security researcher

who is here to keep Click on track with a hacker's view

of the conferences for the next couple of episodes.

Hello, Scott.

Hello.

What do you think?

So, the technology is still quite young.

It took a bit of setup to make this work but technology advances quite

quickly and things that are difficult today will

probably be easy tomorrow.

We have seen some things like this before as well.

I looked at a hack recently where they could measure

the vibrations in a crisp packet to record my voice.

So I think in the future, things and technologies like this

could be quite bad because it's going to allow people

to extract a lot more information from our devices.

Wow, sobering thoughts.

It seems like the hackers are always going to find new and interesting

ways to get inside our computers.

It was me and two other friends, just a bit of fun.

I manipulate people's feelings, thoughts.

I started getting bullied.

We tried to break into our school's network.

We could control people's screens, change passwords.

I got arrested for Misuse of Computer Act, 1990, section three.

I can't name the company but they lost a lot of money.

This is definitely a way to get ahead of the curve and to stop

anyone from possibly taking a misinformed choice

as to the direction of their life.

This is the UK's first reboot camp for hackers.

The first seven through the doors, aged 16-20, all intend

to change their ways, so we've agreed to keep

their identities secret.

Rehab includes spotting moments when they might be tempted to cross

the line of what's legal and what's not.

That looks like I could get everyone's details.

Your parents will not have any idea how you do what you do.

It will be like magic.

Solomon Gilbert was caught as a teenage offender.

Now he's the one giving the lecture is, in between tackling

cybercrime himself.

I was 17 years old.

I was getting drawn into making my own malicious code,

making my own exploits, stealing things like credit card

information, database information.

I wouldn't do anything with them, but it ended up with me getting

kicked out of school and arrested and looked into by the

counterterrorism intelligence unit.

What were the key moments that changed your path?

Everyone in the cyber security industry has one person that

they've met that's gone, well, you're very talented at this,

let's move you to do it as a job.

Cyber Security Challenge UK has set up a capture the flag competition

so that teenagers can show off their skills.

Several large companies are here to talk future job opportunities.

UK hasn't got enough people to protect itself.

Businesses, the nation, individual accounts,

we all need protecting and that's why we exist.

We need to find these people.

They're there.

We know they're there, we need to find them.

These offenders know this is a second chance,

one they didn't realise they were so well qualified for.

I was more interested in the dark side, back when I was young.

I wasn't really looking at the good side.

The dark side was mainly just attacks, attacks, attacks,

not thinking about defending.

Well, now I know that it exists, it sounds like something that I'd

really, really like to go into because you get the same, like,

rush, the same excitement, but you're doing it for fun,

still, but it's legal and you get paid.

It's like every kind of benefit.

Humans have been using handprints to identify themselves

for a very long time.

These ones here, the Hands Across Time just outside Las Vegas,

in Red Rock, are hundreds of years old.

They're some of the earliest examples of native Americans

showing their identity.

Kind of like a signature.

In recent years we've started to use our hands to identify us

again, and Dan's been finding out how secure they might be.

At Bristol Robotics Lab, they're taking an interest in every detail.

Now, if you're sensitive to flashing lights, look away now.

Is that more secure, then, than just using your fingerprint?

Certainly.

With a fingerprint, it's a small region of the hand.

Obviously with this system we're getting the whole surface and that,

combined with the vein structure, just add an extra layer of security.

Do you think this could be spoofed?

I think it's unlikely.

Research recently showed the ability to extract fingerprints

or handprints off celebrities from a distance.

From photos?

From photos.

So, you could use that to generate a 3-D surface but you still wouldn't

have the vein structure on the back of the hand.

That would be very difficult to hack.

In Chicago, some people are already using their palm

and to pay for things.

It's being called Naked Payment.

No cards, cash or phones.

From September, TSB will be the first bank in Europe to adopt

retina scan technology as a way of accessing online bank accounts,

although initially customers will need a Samsung Galaxy S8

handset to use the technology.

But is it secure?

In May, the Chaos Computer Club in Germany posted this video,

fooling the S8's iris scanner using a photograph

and a contact lens.

TSB and Samsung are hoping that others won't go

to that sort of trouble.

At the CyLab Biometrics Center in Pittsburgh, they've developed

a system that can identify the irises of people moving in

a crowd from up to 12 metres away.

But if the eyes don't have it, the face just might.

Back at Bristol Robotics Lab, this 3-D face scanner

is using a technique they've developed called Photometric stereo.

Two invisible lights flash at high speed,

allowing the camera to capture the orientation, shape

and texture of what it sees.

So far, it has a 95% accuracy rate but that's good enough to attract

some major investment.

They are working with Cubic, which develops the Oyster card,

contactless payment system used in London's trains and buses.

It's being part funded by the British government

to innovate gateless technologies, allowing passengers to simply walk

into a station and onto a train.

You can imagine, if you can get rid of the gate line in a place

like Victoria Station, there's a massive potential

for increasing throughput.

So we ran quite an interesting project for them, which they are now

installing at their laboratory in Salford and the aim is to move it

on to the Underground so that the system will recognise

people and you get rid of the gates and it will allow people to go

through without any impediments.

Now, this is a is a prototype but we have been told

that the system will recognise even a pair of glasses.

So, let's see if it knows who I am now.

Look at that, you can see my name come up right there.

It could make your life so easy.

Just walk around, the face is the key to doing everything

you want to do in the modern world.

And just to double-check, I've tried to fool it with this guy.

Oh, look at that.

It recognises me, but this is very clearly an impostor.

This face clearly isn't going to get me anywhere.

Dan Simmons, being shredded. Sorry, Dan.

So, that's it for another week.

Of course we'll be back with more next week from Vegas,