Click investigates how hackers can use public wifi to steal sensitive information. Plus the latest 'smell' tech. Includes tech news and Webscape.
Browse content similar to 08/03/2014. Check below for episodes and series from the same categories and more!
He's building his part up again.
This week on Click, we're seeing double.
But can your phone tell the difference between a good
and an evil Wi-Fi hotspot?
We'll ask if using public Wi-Fi is ever safe.
We'll also sample the gadgets that stimulate your senses.
But do they smell, or taste, as good as they sound?
And we'll get a flavour of the Texan interactive festival
that is South By Southwest.
All that, plus a round-up of the biggest tech news of the week
and a way to protect your property online, in Webscape.
Welcome to Click. I'm Spencer Kelly.
Over the past few months, we've been investigating an internet crime
which is almost invisible and which, we've been told, is on the rise.
Now, you don't have to be a spy to pull it off.
In fact, all you need is a mobile phone.
The hack relies on our desire to always be online.
And specifically, those times
when we want to hook up to a Wi-Fi hotspot.
Now, hotspots are really easy to join, of course.
You just select one on your phone by tapping the screen.
And conveniently, most phones will remember
the hotspots that you trust
and reconnect to them automatically the next time they're in range.
But, even the hotspots that you trust might not actually be safe.
And that's because your device can be tricked into connecting
to another network with an identical name.
But one that's been set up by a criminal.
It's called an Evil Twin attack.
It certainly is, Evil Twin.
And while he's actually been around for a little while now,
we've since discovered just how easy it is for him
to swipe my information using just a mobile.
Which means your attacker could be standing right next to you.
Dan Simmons reports.
The busy lives of the often-spotted city dweller.
These mammals are always on the go.
Their social habits include fiddling with these peculiar devices.
Thankfully, because they often use Wi-Fi,
we can now see almost everything they do.
In the park...
Yeah, it's quite shocking, quite terrifying to think, you know,
whatever I could have been looking at,
someone could have found that stuff.
Relaxing in the coffee shop...
I thought it would happen in some sort of hi tech van outside.
But just to see it on a normal laptop here is just a bit unnerving!
And in the office...
We could add cards, remove cards, buy items...
Any functionality within Amazon, we could do pretending to be Caroline.
City slicker Martin's hopping on to a Wi-Fi hotspot.
But it's one set up by Nosey Pete, our security expert,
who's curious to find out what these city folk do in their lunch hour.
Here he is searching and he finds the website for Billy Elliot.
There it is.
We looked in on several other people's sessions,
and it wasn't difficult to see what they were up to,
including their passwords and other personal data along the way.
By simply naming his hotspot the same as the one
that Martin's expecting to find, Pete can dupe him into believing
he's on the real one.
But that's with a public, open Wi-Fi network hotspot.
No username required, or password.
Throw those in, and you'd think you'd be a bit more safe. Wouldn't you?
An aptly-named coffee shop in trendy Shoreditch,
home to London's tech hub, and one where the owners set up a hotspot
with a password. A password that is written on the counter.
And of course, nosy Pete is up to his old tricks again
and can just as easily set up an identical Wi-Fi hotspot
asking for the same password.
This time, it's Lucy caught in the trap.
We can see what flights you are planning to take,
we'd know when you will be away from home, away from the office.
And if it were a business arrangement,
maybe we could predict what sort of meetings will take place,
that could be important to the business.
This snooping on what others are doing isn't just nosy,
it's illegal, which is why we did not set up an evil twin Wi-Fi here.
Instead, we asked users to log on to our bogus network
and explained to them what we could see.
That's not nice. That's not nice at all! That is not nice, no.
And it's not just websites.
Nowadays, the apps we use seem to love automatically
updating in the background, so it's now possible for our data to
be hacked without our phone leaving our pocket.
This photo-sharing app is typical.
It is sending out the user's e-mail address list, password
and phone contacts to make sure it's up-to-date.
Pete has got the lot.
But what he is not is very mobile himself.
The evil twin Wi-Fi scam has been around for a while
but all that kit has made Pete's job, well, a bit tricky.
But it turns out you can carry out the same attack
with an ordinary mobile smartphone.
This is mobile Mike
and he is using his to spoof the local pub's Wi-Fi hotspot.
With some software from the web,
he is recording everything Caroline is doing.
So how worried should we be?
The head of Europol's cyber crime unit told us
users simply should not use public Wi-Fi networks for anything
financial or sensitive but instead wait until they get home.
Charlie Mcmurdie headed up the UK's police effort against online crime
until last year.
She told me Wi-Fi providers should now carry out regular checks
as snooping becomes easier.
Whereas, previously, we have really focused on the sort of
stand-alone attacks and compromises of big databases, now, a lot of
mainstream criminals have identified there are easy opportunities
and vulnerabilities just walking down the street and exploiting
Wi-Fi networks that exist in every coffee shop,
every premises you go to.
Back at the cafe, Letty is checking her e-mail.
But, this time, our snoopers are not so lucky.
Thankfully, most e-mail and retail sites are encrypted.
It's slower but much safer.
Encrypted sites show up with the letters HTTPS in the address bar.
Your browser might also add a padlock to reassure you.
If your session is encrypted this way,
no-one else should be able to snoop.
But our security experts have found a way to bypass even that,
using an app that can be simply downloaded to a mobile phone.
Caroline is shopping.
In this attack, Mike doesn't need to spoof a hotspot,
he just needs to be on the same genuine Wi-Fi network.
But the app he has got manages to tell his victim's handset to
send all of its web requests to his own mobile.
He will act as a man in the middle, again seeing everything
because he is now able to strip out the encryption that Caroline
is relying on.
Many other encrypted websites would be just as vulnerable.
It means if you are using Wi-Fi with just a mobile,
your attacker could be sitting right next to you.
You can see them all sitting on benches, and they wouldn't be
given a second thought to the potential that those communications
are being picked up and read by the person sat on the bench next to them.
Dan Simmons reporting.
And just to reiterate, there was nothing intrinsically unsafe,
insecure or unusual about the websites featured in that report.
The hack happens because of the way that our phones recognise
and connect over Wi-Fi networks.
Joining me is Mick Paddington,
from one of the security firms who worked with us on that report.
-What can we do? We can't give up using public Wi-Fi, can we?
No, and there's some simple steps you can take.
You would not read out your credit card on the train
aloud over the phone with an audience.
so you've got to be aware that
when you are doing these kind of transactions or working on the web
you should be limiting the sort of behaviour you're doing online.
Just to clarify - the mere fact that you have to enter a password
to join a Wi-Fi network does not make it secure.
No. Definitely not.
In fact, a lot of these passwords are in the public domain because these
companies that own these hotspots
don't actually change these passwords.
The sort of passwords you should be looking for
which are more secure are dynamic, one-use passwords.
If you are in a hotel room, it will ask you for your name
and room number and then issue you with a password.
Rather than you going into a well-known coffee shop, for instance,
and the Wi-Fi address and the password is up on the wall.
So those one-time passwords can't be obtained by some hacker
who is setting up a spoof Wi-Fi network?
They would have no idea what that password is and if they were
issued with it, you would be issued with a different one.
Right. That is the theory, OK. Obviously, nothing is 100% secure.
What we are putting in practice is behaviour
that reduces your risk online.
Nothing is 100% secure and, if it was,
it would probably be totally unusable.
What about the idea of not using Wi-Fi
but using the cellular network, the mobile network, to connect to your bank, for example?
Is that safer?
Yes, but the trouble is that most people connect to Wi-Fi
or automatically connect.
You have got to be aware of what your device is connecting to
and if you have it set up to connect automatically.
In terms of using the cellular network, yes, it is inherently more secure.
The connection from your device to the mast is encrypted.
The trouble is Wi-Fi is more convenient, it tends to be a lot more faster.
4G isn't everywhere yet
so people will default to a Wi-Fi network.
Thank you very much. Wise words. Good advice there.
If you have advice or experiences of your own that you
would like to share, e-mail us.
Next up, a look at this week's tech news.
A Japanese-American man has been named by Newsweek magazine
as the creator of Bitcoin.
Dorian Satoshi Nakamoto, who shares part of his name
with the mysterious figure behind the digital currency,
was chased by reporters through Los Angeles after the news broke
only to tell the Associated Press he had nothing to do with Bitcoin.
He said he hadn't even heard of the currency
until three weeks ago when his son was contacted by a reporter.
Ever wanted the physical strength of a superhero?
Well, engineers in Italy have created a powered exoskeleton
that can do just that.
The body extender tracks the movement of the person
wearing it and can lift 50 kilos in each of its metal hands.
Its modular design means it could be rapidly reconfigured to perform
a large number of different tasks
such as work in factories or emergency rescue scenarios.
Finally, thinking of getting new business cards?
American programmer Kevin Bates
has certainly made an impression with his.
It sports an in-built Tetris game.
Made up of a tiny Arduino computer, an OLED screen
and capacitive sensor controls, a user or business associate
can play for up to nine hours before changing batteries.
Programmable to play other games,
Bates is already working on a Pokemon variant.
In recent years, it has made us sit up
and take notice of everything from Twitter to lifelogging.
So the big question is
what does Austin's South By Southwest Interactive Festival
hold for us this year?
LJ Rich is our reporter on the ground,
she's just landed and this is what she has found so far.
One trend that shows no sign of abating
if this festival's obsession with eating.
Look at all these restaurants along sixth street.
Down the road, something new is being cooked up.
It can't hurt to be more creative in the kitchen
and that's exactly what researchers at IBM's Watson Group decided.
They're using cognitive computing,
which is like a machine learning as opposed to programmed,
to help put unexpected ingredients together.
How does it work?
You choose an ingredient you like, like asparagus,
and then Watson does millions of calculations, comparing asparagus
for thousands of other ingredients, then decides which ingredient would
fit perfectly with asparagus that humans would not normally think of by themselves.
Now, this may just be a nice way of trying different foods but actually
the science behind this can be widened out
to things like travel itineraries or even making perfume.
The whole idea behind cognitive computing is, of course, to do things a little bit differently.
So, what does a real chef make of ingredients being put together by a machine?
Creativity is based on previous experience.
For chefs, it is something we tasted, it's a smell from our childhood,
something we remember that spurs us to create a new dish.
Now, working with this system, that's erased.
It's all based on new information.
We are starting with a blank slate looking at a set of ingredients
that seemingly have no relationship, no memory, nothing to spur us on,
just the ingredients themselves are the inspiration.
-There it is. Russian beet salad.
-Thank you very much.
Beets, prunes, pickles, cucumbers - who would have thought?
I liked it more when you didn't tell me what was in it.
LJ Rich - and LJ will have more from South By Southwest next week.
Now, a feast for your senses.
Computers have traditionally played to only two of our five senses,
sight and sound.
And while these have become increasingly immersive over the years,
the other senses are much harder to cater for.
But, after recently finding something that simulates touch,
it is time to turn my attention and my tongue to something rather tasty.
This is what is being billed as the world's first electric lollipop.
It doesn't look like it but bear with me.
You stick your tongue between these two electrodes
and they pass an electric current through it.
What the researchers here at City University London have found
is that by varying the amplitude and frequency of that current
they can stimulate the different taste receptors.
That means they can simulate the four basic tastes - sweet,
sour, salt and bitter.
The question is does it work? Time to find out.
By far the easiest taste to create is a sour, lemony taste.
It's the same sensation you get when you taste some metals. Ughhh!
That's so weird. That's lemon. Lemon?
The theory is that animals have developed a strong response
to sour taste in order to detect food that's gone bad.
The other tastes are certainly harder to judge.
I can't really taste anything.
One thing is for sure - it is a weird experience.
While this thing can only ever simulate basic tastes,
it could be used in combination with a mouth-worn device
that stimulates your nose,
at which point you should be able to detect many, many more flavours.
In fact, that is where we are off to next.
We have ticked off sight, sound, touch and taste.
It is now time for Lara Lewington to hit the fifth sense,
as she heads to Madrid to see what's cooking.
This may be a feast for the eyes
but the rest is left to the imagination.
Spanish chef Andoni Luis Aduriz hopes that could change.
With two Michelin stars,
his restaurant, Mugaritz, ranks in the world's top five year on year.
And he wants to bring the scent of this molecular gastronomy to your phone.
HE SPEAKS SPANISH
Here, I am learning to make one of his signature dishes,
a broth that is all about the full sensory experience.
The smell is a lot stronger since I have been doing this.
I can smell saffron and peppercorns, mixed with some seeds.
The saffron is the most overwhelming smell.
Watching this on TV, you could see what the soup looked like,
you could hear me making it,
but of course you have no idea how it taste or smells
which, let's face it, when it comes to food, is pretty important.
Here is some technology that could change things.
This app allows you to virtually create what
I made in the kitchen, so let's get going.
You move the phone around, which effectively mixes up
the ingredients, the peppercorns and the seeds are being crushed.
It looks pretty similar and the sound is the same.
But the most exciting bit is, once you are finished,
you press OK, and the smell comes out.
And I can tell you, that also smells of saffron
and is pretty similar to the real thing.
We get to enrich all our information with taste and smell.
We will enhance and improve, particularly not our membranes
but our feelings in the very moment when we are watching
something together with the smell and taste of it.
The app's software sends signals to a moving motor in the device,
which attaches via the earphone jack to puff out the smell.
This version only omits one scent.
But, as the device's creator explains, it's merely the start.
What we are working on for the long-term
is a device that you put inside your mouth.
It will have magnetic coils
which will directly stimulate your olfactory bulb,
producing electrical currents to produce the artificial smell
sensation in your brain.
Once we can do that, the range of smells we can generate will be infinite
because they are not going to be limited chemicals.
And then, well, you may be left hungry
but the full sensory experience could be yours anywhere, any time.
Lara Lewington with her portable pongs.
From smells back to pictures now. Publishing photographs online
that don't belong to you can be a costly business.
Certainly if you're BuzzFeed, Getty Images or Perez Hilton,
all of whom have had copyright infringement lawsuits filed against them in the last year.
Coming up with some tips to help you protect your online images
and stay on the right side of the law, here comes Kate Russell with Webscape.
Copyright protection for digital content is a complex issue
with no straightforward solution.
Stipple can help you by creating a unique fingerprint that stays
connected to it wherever it travels within the website's network.
There is the extra bonus that you can add interactive content to tell
the story behind the image
and get detailed analytics about views and shares.
If anyone wants to repost your images,
this site makes the process super-easy, with a ready-made embed code
equipped with full attribution details as set by you.
There is even a free iPhone app to protect your mobile uploads,
which is a notoriously thorny part of intellectual property rights online.
If you want to stay on the right side of copyright law
when reposting a non-attributed image you find,
you can use the site's reverse image search.
Even though this website makes it super-easy to use and attribute images legally,
it is not a fail-safe method for protecting your photos online.
In truth, the only way to keep them safe is not to post them at all.
But that's not a satisfactory option for most
so I have some other suggestions.
You could try adding a subtle watermark detailing your ownership.
Most editing packages will let you do this by adding a translucent layer
and you will find lots of tutorials online.
If you want a quick and simple tool, try uMark Online
but bear in mind that positioning the attribution
on the edge of your picture so it doesn't spoil the view
will make it pretty easy to crop out before reposting
if someone is determined to rip you off.
Make sure you are clear about your terms for anything that you post
by linking it to a licence.
From all rights reserved,
meaning no-one has permission to repost,
to public domain, where you are happy for it to be shared without attribution.
And everything in between.
A Creative Commons licence is an easy and standardised way
of detailing permissions so that no-one can claim ignorance.
If you think your images are at risk of copyright theft,
it is not a bad idea to run them through a reverse image search,
like TinEye, every now and then.
It will trawl the web detailing where the image has been found online.
A quick way to check a whole website is to run the address through
Copyscape, which will tell you
if any other web pages are using the content posted on it.
If you do find a violation, there are steps you should take to tackle it,
rising in escalation depending on how the violator responds.
Firstly, contact them directly and keep it simple
It could be that they are not aware they have done anything wrong
and the matter can be resolved swiftly.
How about we finish with a real-world hack
for this week's video of the week?
Illusion specialists Brusspup have a brilliant 3D T-rex video
on their YouTube channel,
complete with a link to download and print your own.
Thank you, Kate. Loving those dinosaurs.
They are so simple yet so very, very effective.
If you missed any of Kate's links,
you will find them all on our website as usual.
If you would like to get in touch about anything you have seen today,
please do e-mail or tweet us.
That's it for now though.
Thank you very much for watching and we'll see you next time.