:00:00. > :00:00.one of the biggest hacking conferences in the world. Click
:00:00. > :00:08.takes a look behind the show to find out just how safe your tech is.
:00:09. > :00:27.Is everything all right? This week on Click we'll find out
:00:28. > :00:33.just how easy it is to control the everyday appliances around your
:00:34. > :00:40.home. Prepare to get arty, as we enjoy a very different kind of
:00:41. > :00:51.gallery visit. And we discover a way to fight off spam in Webscape.
:00:52. > :00:54.Welcome to Click. More and more of us are using our mobile devices to
:00:55. > :01:02.do pretty much everything in our lives these days. When you switch
:01:03. > :01:06.them on the chances of... Are we in? This should be yours. A keycode, if
:01:07. > :01:15.you like, that you have to enter. It's yours. It's yours. Don't worry.
:01:16. > :01:20.I actually do work for the BBC and Mike has come along for the ride. We
:01:21. > :01:24.want to show you something they didn't want to show you ` a hack and
:01:25. > :01:29.a serious hack at the world's most important hacking convention.
:01:30. > :01:32.Defcon. Running since the early '90s, Las Vegas hosts this annual
:01:33. > :01:38.semi secretive shindig for the world's hackers. It only let cameras
:01:39. > :01:40.in three years ago. We're going in under the wire, literally, to the
:01:41. > :01:44.casino resort where government agents rub keyboards with cyber
:01:45. > :01:52.criminals. Everybody is told to play nicely.
:01:53. > :01:57.There is a record 16,000 people expected to be in that queue over
:01:58. > :02:01.the next few days. At the moment it takes 3.5 hours to get to the front
:02:02. > :02:04.when you get one of these, probably the flashiest badge I've ever seen
:02:05. > :02:08.at one of these conferences. It looks like something we might want
:02:09. > :02:13.to hack. Mike, you're our security expert. What would you do with this?
:02:14. > :02:16.It's designed to be hacked. There's a microprocessor here, a USB port,
:02:17. > :02:20.various places you can solder on new devices and a competition to see who
:02:21. > :02:34.can hack in, in the most crazy and ingenious way. Have you turned the
:02:35. > :02:38.Wi`Fi off on your mobile phone? No. This is no ordinary gathering. Leave
:02:39. > :02:42.your phone connected to Wi`Fi and it's likely that you will be hacked
:02:43. > :02:55.and it will be posted here on the Wall of Sheep, for all to see.
:02:56. > :02:57.Everyone here should know better. The world's most hostile network and
:02:58. > :03:11.anything within the Defcon Network is here. There is an etiquette, but
:03:12. > :03:14.people will be trying stuff out. Of course, visitors don't just hack
:03:15. > :03:18.each other. Some of the best talks in cyber security go on here with
:03:19. > :03:20.presenters going public on how to bring down anything from a toaster
:03:21. > :03:23.to an aircraft. These guys specialise in cars. They've tested
:03:24. > :03:27.25 models and ranked them on how easy they are to hack. In the past
:03:28. > :03:29.they have taken over the brakes and steering controls by plugging in
:03:30. > :03:34.their laptop. Here is the no brake attack. I can't
:03:35. > :03:41.stop right now. I'm moving along here. Obviously that's a very
:03:42. > :03:54.dangerous attack. So far there's not a lot of risk. It's pretty hard to
:03:55. > :03:58.hack your car. But we're looking five years out and seeing that in
:03:59. > :04:01.five years more cars will be on the internet and be connected and we
:04:02. > :04:03.want to get car manufacturers fixing things now, rather than waiting
:04:04. > :04:06.until there's a problem. This year they showed just how dumb
:04:07. > :04:11.our so`called smart cities could be. Imagine the traffic in Las Vegas
:04:12. > :04:17.grinding to a halt. This is now no longer the fantasy of films. This
:04:18. > :04:25.guy can do this for real, with a laptop and off the shelf kit costing
:04:26. > :04:28.less than $100. Cesar has discovered a specific wireless traffic
:04:29. > :04:30.monitoring system sends all its data unencrypted. Sensors embedded in the
:04:31. > :04:35.road detect cars and send that information to receivers. The data
:04:36. > :04:40.is used to switch the traffic lights to avoid congestion. Without
:04:41. > :04:43.encryption of that data, it's possible to send fake information
:04:44. > :04:47.that could lead to a traffic jam or accident. And even to upload new
:04:48. > :04:50.software to do the job remotely. He's released all the information
:04:51. > :04:56.publicly at Defcon and insists publishing the hack is the right
:04:57. > :04:59.thing to do. This is not my fault. I'm just
:05:00. > :05:11.pointing out the problem. I'm not creating it. If I keep quiet, the
:05:12. > :05:15.problem will remain there. Sooner or later someone else will know it ` it
:05:16. > :05:18.could be someone with bad intentions. Pretty scary stuff. What
:05:19. > :05:21.do you make of that? It is pretty scary, isn't it? We have devices out
:05:22. > :05:24.there in our roads that are vulnerable to very, very basic
:05:25. > :05:32.attacks so there's no authentication on the devices. There is no
:05:33. > :05:36.encryption. Everyone at home uses encryption on the wireless. That's
:05:37. > :05:42.inexcusable. Governments are not checking the security of these. It
:05:43. > :05:45.makes me wonder what else is out there. Defcon is also about having
:05:46. > :05:48.fun. There are rooms where you can test your lock picking or wireless
:05:49. > :05:59.hacking skills. You can hack your hat. Or your hair. Often it's people
:06:00. > :06:02.who are the weakest link to data security, so over to the social
:06:03. > :06:04.engineering room where two actors were making fake calls to real
:06:05. > :06:10.companies trying to illicit compromising information. It's
:06:11. > :06:14.illegal to film this conversation in the US, but both attempts we
:06:15. > :06:17.witnessed hit gold. Last call we found out this company
:06:18. > :06:23.still uses Windows XP, still is on Internet Explorer, a lower version.
:06:24. > :06:25.Hacking is a family business here. Children are allowed in and
:06:26. > :06:35.encouraged to steal each other's passwords.
:06:36. > :06:39.You could break into their account. Jeff Moss created both Defcon and
:06:40. > :06:43.Black Hat and defends blowing the cover on all this information.
:06:44. > :06:49.Organised crime don't tell us what they're doing. We have to try and
:06:50. > :06:52.protect ourselves. Conferences like this, whether they're in the UK,
:06:53. > :06:55.France or America, they're one of the few ways we have the information
:06:56. > :07:00.out to what's going on that's not being filtered by a company or a
:07:01. > :07:10.government. This is what's really happening. Back at DefCon, this guy
:07:11. > :07:14.who didn't want to be filmed has managed to bling up his entry badge
:07:15. > :07:17.and get it to make other badges flash on his command. It turns out
:07:18. > :07:21.it's just as easy to manipulate the stuff in our homes too. This is one
:07:22. > :07:25.of the coolest talks I've seen today. We have a group of guys who
:07:26. > :07:28.have taken things in the home, TVs, baby monitors, fridges, and breaking
:07:29. > :07:36.them, making them do things they're not meant to do. The coolest bit is
:07:37. > :07:39.this will all be on the web after this talk and anyone will be able to
:07:40. > :07:49.do it. It's not actually that difficult.
:07:50. > :07:56.Perhaps "drink all the booze", "hack all the things" sums up this
:07:57. > :08:00.gathering. But, for the most part, these aren't the bad guys. They love
:08:01. > :08:02.making things work even better and exposing vulnerabilities for
:08:03. > :08:09.companies who ought to know better to fix. And intercepting satellite
:08:10. > :08:18.broadcasts, yeah, that's included. Cheers. We'll have to wait to see
:08:19. > :08:23.whether the manufacturers include it in their latest updates. I hope you
:08:24. > :08:30.found that as fascinating as I did. Coming up next, a look at this
:08:31. > :08:36.week's tech news. What? What do you mean they didn't see it?
:08:37. > :08:38.British football club Manchester United have banned fans from
:08:39. > :08:41.bringing tablets and laptops to matches at its stadium. The move
:08:42. > :08:47.comes after similar rules were brought into effect at airports. The
:08:48. > :08:49.club said the changes were not related to concerns about fans
:08:50. > :08:52.recording matches, but rather in response to unspecified security
:08:53. > :08:55.intelligence. On the plus side, at least you'll be able to see the
:08:56. > :09:09.match without all those slabs blocking your view. Speaking of
:09:10. > :09:12.Sony, several months after its announcement, the company has
:09:13. > :09:13.finally revealed the launch date and price for its PlayStation TV. It
:09:14. > :09:26.Consul has already the available in Japan since last
:09:27. > :09:30.year. `` the consol. It will now go on sale in the US on August 14. In
:09:31. > :09:33.the UK, a full month later. Finally, behold the salmon cannon. This
:09:34. > :09:39.vacuum and tube system helps salmon migrate upstream. The concept relies
:09:40. > :09:44.on a change in pressure within the tube, forcing the fish to accelerate
:09:45. > :09:47.upwards. Originally designed to transport fragile goods like fresh
:09:48. > :09:50.fruit, the new system can transport up to 45 salmon per minute and can
:09:51. > :09:58.be streamlined to allow for voluntary entry.
:09:59. > :10:04.So then, how much do you trust the gadgets in your house? After our
:10:05. > :10:11.piece from Defcon there, I'd say not as far as you could throw them, even
:10:12. > :10:22.if they aren't plugged in. A report now on an unsettling take on the
:10:23. > :10:25.internet of things. Homes should be the safest place to
:10:26. > :10:33.connect your tech, but just in case there's something creepy on the net
:10:34. > :10:36.after this tale ` password reset. Welcome to the haunted house of
:10:37. > :10:44.hacking horrors. Won't you please come inside?
:10:45. > :10:48.Yes, around every corner of this suburban home lurks a hacker, and if
:10:49. > :10:58.your device connects to the internet, they will gain control of
:10:59. > :11:01.it. For example, this Bluray player has to go online to update its
:11:02. > :11:07.programme guide or get more content, but divert that connection and you
:11:08. > :11:10.can then inject your own code. You see, if a command looks like it's
:11:11. > :11:12.coming from the home network, the device doesn't ask for
:11:13. > :11:19.authentication, which means this wireless plug controller is obeying
:11:20. > :11:24.the hacker. Spooky. It's all down to so`called protocol, the way machines
:11:25. > :11:27.talk to each other. They're running under the assumption
:11:28. > :11:31.they're in somebody's house and therefore people can't really do
:11:32. > :11:34.anything with them. What we've been able to do is look at those
:11:35. > :11:38.protocols and tweak them, bend them to our will, as such, so that we can
:11:39. > :11:51.take control of the player, turn the television on, flash lights and play
:11:52. > :11:53.spooky music throughout the house. If it wasn't obvious, these people
:11:54. > :12:00.aren't really hackers, they're penetration testers. They're paid by
:12:01. > :12:04.companies to get into things. It turns out gaining access to devices
:12:05. > :12:08.is easy when you know how. This haunted house requires the user name
:12:09. > :12:14.and password of the Wi`Fi and they assure me that's reasonably easy to
:12:15. > :12:16.attain. Once you've attained it, you can do some very interesting things.
:12:17. > :12:20.This programme looks around for things like sound like baby monitors
:12:21. > :12:23.on the network. When it finds what it thinks is a baby monitor, you can
:12:24. > :12:35.install the commercial app and listen. Another shocking example if
:12:36. > :12:37.you haven't put a password on your internet viewable webcam, it's
:12:38. > :12:40.possible for anyone to invite themselves in. They just need your
:12:41. > :12:45.IP address, the internet equivalent of a post code. The problem is the
:12:46. > :12:50.balance between ease of use and security.
:12:51. > :12:53.Most of this tech is reasonably complicated and so the manufacturers
:12:54. > :12:57.try to make it a bit easier to set up and configure. As people don't
:12:58. > :13:04.understand security, it's the social configuration piece that kind of
:13:05. > :13:07.really vulnerable. `` kind of makes them. We see it as a massive area
:13:08. > :13:10.for compromise. Before panicking and throwing
:13:11. > :13:13.everything away, this is easy to fix. Just change the default
:13:14. > :13:16.username and password when you set these gadgets up and your password
:13:17. > :13:19.should be hard for other people to figure out, because once hackers get
:13:20. > :13:28.hold of them, they could even steal your car.
:13:29. > :13:33.This BMWi3 is at the cutting edge of vehicle tech, allowing entry via an
:13:34. > :13:38.app. We think there are some security issues with the way you
:13:39. > :13:41.sign up to the app. If you know what you are doing and you know about
:13:42. > :13:44.your victim, your target, you do a bit of research, there is potential
:13:45. > :13:47.to intercept that information, configure something on your phone
:13:48. > :13:50.and use that to unlock and steal a car. This works because most people
:13:51. > :13:57.unwittingly give clues to their passwords on social media sites.
:13:58. > :14:01.Pets, sport teams, and so on. With an easy to guess username on the BMW
:14:02. > :14:05.app, Ken can not only get into his friend's vehicle, he can make off
:14:06. > :14:10.with it! Come back! The main way to defend against these
:14:11. > :14:13.hacks is to be more secure. The moral of the story, make your
:14:14. > :14:18.password hard to guess. For social updates, post less. Perhaps then you
:14:19. > :14:26.will feel more serene and guard from ghosts in your machine.
:14:27. > :14:34.LJ Rich, monitoring the situation. Have you ever had a museum
:14:35. > :14:39.completely to yourself? Me neither. But imagine what it would be like to
:14:40. > :14:44.be able to roam the place after the doors have shut. Don't worry, there
:14:45. > :14:48.are no hungry dinosaurs or even Ben Stiller to worry about. Just a horde
:14:49. > :14:59.of robots and Lara Lewington. Fortunately, these bots aren't
:15:00. > :15:04.trying to take over the world. They're just after a bit of culture.
:15:05. > :15:06.For the last week, the main attraction in the Tate Britain's
:15:07. > :15:13.Galleries hasn't been the Constables or the Hockneys, it's been four
:15:14. > :15:16.remote controlled robots. Visitors to the Tate Britain's After Dark
:15:17. > :15:19.website have been given the chance to explore galleries filled with 500
:15:20. > :15:27.years of priceless art, all from their laptops. This isn't about
:15:28. > :15:34.creating an alternative to actually visiting an art gallery, it's about
:15:35. > :15:38.a totally different experience. How often is it that you actually
:15:39. > :15:41.operate a robot anyway? The idea is that you can move around the
:15:42. > :15:44.gallery, turning left or right, looking up or down. When you reach a
:15:45. > :15:51.dead end, these sensors will light up red, which means you need to
:15:52. > :15:55.reverse and replan your journey. It is perhaps more in some ways like an
:15:56. > :15:56.unmanned vehicle or a space probe or submarine, remote`controlled
:15:57. > :16:09.submarine, exploring the deepest parts of the ocean. It's as much
:16:10. > :16:12.about the space as it is about the art. David and the rest of the team
:16:13. > :16:15.won the ?70,000 IK Prize, a competition to encourage innovative
:16:16. > :16:18.digital uses of the museum. We've been lucky enough to work on a
:16:19. > :16:23.number of jobs with different museums recently. We are fortunate
:16:24. > :16:25.because we get to walk around the galleries at night in the dark.
:16:26. > :16:28.You're basically looking at these paintings by yourself and it's an
:16:29. > :16:30.amazing experience. For a long time we wanted to make this project a
:16:31. > :16:36.reality. A team of art experts have been on
:16:37. > :16:37.hand to provide live commentary about anything interesting the bots
:16:38. > :16:45.spot. Who hasn't dreamt of going around a
:16:46. > :16:48.gallery after dark alone and encounter those wonderful art
:16:49. > :16:55.objects and see what happens in the gallery after dark? It's something
:16:56. > :16:58.that I, working in the gallery, have done, but the idea of extending that
:16:59. > :17:04.to anybody sitting in an armchair at home is fantastic. What a brilliant
:17:05. > :17:08.idea! A big challenge for the project was getting the video feed
:17:09. > :17:11.from the robots to the web quickly. Too slow and your command to the
:17:12. > :17:19.robots won't match up with what you are seeing. Rather than sending the
:17:20. > :17:22.robot video feeds to a central server, this system makes a direct
:17:23. > :17:28.connection between the drivers at home and the robots in the gallery.
:17:29. > :17:31.That could mean the difference between a smooth viewing experience
:17:32. > :17:34.and just getting stuck. This sculpture may be safely encased in
:17:35. > :17:39.glass but for anything that's a bit more exposed there will be safety
:17:40. > :17:46.barriers put around. Plus the actual shape of the robot should stop it
:17:47. > :17:49.from banging into anything valuable. The robots also have built in
:17:50. > :17:53.proximity sensors that can kill power and movement if they touch
:17:54. > :17:57.anything in the gallery. While this could be the easiest way to spend a
:17:58. > :17:59.night in a museum, it is not claiming to be the experience of
:18:00. > :18:09.visiting a gallery yourself. Lara Lewington spending a night at
:18:10. > :18:12.the museum, virtually, of course. This month This month marks the
:18:13. > :18:16.100th anniversary of the outbreak of the First World War. More than 16
:18:17. > :18:19.million people died in the fighting and while it can be difficult to
:18:20. > :18:23.comprehend the magnitude of that event, one BBC show is using modern
:18:24. > :18:28.techniques to try to make the conflict relevant to a modern
:18:29. > :18:35.audience. Muddy trenches, bullets through the
:18:36. > :18:38.air. Life or death decisions that have to be made in seconds. This is
:18:39. > :18:41.Our World War, another programme aiming to show the First World more
:18:42. > :18:46.from their point of view of the soldiers who fought in it. It might
:18:47. > :18:48.look like a period drama but the team behind it have also created
:18:49. > :18:55.what they call an interactive episode. It brings elements of a
:18:56. > :18:59.game and stories together to present you with an experience that, if you
:19:00. > :19:08.are 16 to 24, you recognise and perhaps become more engaged with it
:19:09. > :19:14.because you have a role to play. You go from being viewer to participants
:19:15. > :19:17.and that should be satisfying. This episode will be available on
:19:18. > :19:23.tablet and desktop and invites the viewer to make choices that could
:19:24. > :19:26.affect the story. Participants can also unlock bonus footage and
:19:27. > :19:33.experience animated back stories, as well as feedback and analytics on
:19:34. > :19:36.the decisions they've made. I chose to take the injured soldier
:19:37. > :19:39.prisoner. Apparently, that was the correct decision to make. I have no
:19:40. > :19:50.idea whether the decisions I just made will lead to a bad or not quite
:19:51. > :19:53.so bad result. The decisions become harder and harder as you work your
:19:54. > :19:57.way through. The last decision is really critical and very difficult.
:19:58. > :20:09.Unbeknownst to you, what's been happening is we have been scoring
:20:10. > :20:12.your tactics and morale. But the main antagonist in the film also has
:20:13. > :20:16.an opinion on your decisions and this is perhaps the cleverest bit.
:20:17. > :20:19.He will or will not help you in your last decision, I won't give it away,
:20:20. > :20:23.depending on the decisions you've made. If he thinks you are right all
:20:24. > :20:26.the way through and his morale has been high then he will help you. If
:20:27. > :20:29.not, he won't help you. The episode has been put together
:20:30. > :20:32.with the help of CGI and animation studio MI, who have designed the
:20:33. > :20:37.user interface and hope to offer a seamless video experience. The
:20:38. > :20:39.programme makers even believe this could bring in a new era of
:20:40. > :20:41.interactive entertainment, that combines the best elements of gaming
:20:42. > :20:53.and drama. No matter how safe you try to be,
:20:54. > :20:55.whenever you sign up to an online service you're leaving yourself open
:20:56. > :21:03.to receiving lots of lovely spam, because apparently you asked for it
:21:04. > :21:05.when you gave them your address. Kate Russell has a brilliant
:21:06. > :21:17.solution for that next, in Webscape. Yes, Spencer, this really is the
:21:18. > :21:20.simplest solution. If you are fed up with getting spam from websites that
:21:21. > :21:27.ask you for an e`mail address to confirm your registration, try ten
:21:28. > :21:30.Minute Mail instead. It serves you up a temporary inbox to grab that
:21:31. > :21:38.registration link before it vanishes into the ether. I've had a free
:21:39. > :21:41.e`mail account for years that I've used to try out new services for
:21:42. > :21:44.Webscape but it's got so crazy now that I receive hundreds of spam
:21:45. > :21:48.messages a week. Not only is that a pain to empty, but I do lose the
:21:49. > :21:58.occasionally important message in amongst all of the guff. Bear in
:21:59. > :22:00.mind that you won't get any future e`mail updates, but if you aren't
:22:01. > :22:11.planning to interact with the website that much, it's enough time
:22:12. > :22:14.to confirm signup. If you do need more time, there's the option to
:22:15. > :22:19.extend for ten minutes. About 50 earthquakes a day are registered
:22:20. > :22:23.globally. But it's estimated millions occur
:22:24. > :22:34.each year that are too weak to be recorded. Iseismometer is a free app
:22:35. > :22:36.that turns your smartphone into a seismometer, detecting vibrations in
:22:37. > :22:41.real time and displays the strength of the tremor on a graph. So, the
:22:42. > :22:44.next time someone asks you if the earth moved, you can get an accurate
:22:45. > :22:48.reply. Boinc is an android app that lets
:22:49. > :22:50.you harness the newest computing power of your handset to study
:22:51. > :22:56.diseases, predict global warming or discover distant pulsars. There is a
:22:57. > :22:58.good selection of well and lesser`known scientific projects to
:22:59. > :23:07.sign up with, covering disciplines like astrophysics, cosmology,
:23:08. > :23:10.mathematics and seismology. The app won't have your phone doing any
:23:11. > :23:15.computing until it's connected to a power supply and charged to 90%. So,
:23:16. > :23:29.there's no risk of running your battery dry unexpectedly. After the
:23:30. > :23:34.excitement of the Rosetta project last week, could the crowd help find
:23:35. > :23:36.more interesting rocks in space? Asteroid Zoo wants to help
:23:37. > :23:43.scientists scan our solar system for asteroids containing useful
:23:44. > :23:45.resources. This could be very valuable information in the years
:23:46. > :23:52.ahead. Thank you, Kate. That's it for this
:23:53. > :23:56.week but remember we're always keen to hear your thoughts on anything
:23:57. > :24:01.going on in your world, well, that's tech related. We don't want to know
:24:02. > :24:09.what you had for dinner and no more pictures of cats, please! You can
:24:10. > :24:12.get in touch with us at Google+, Facebook and Twitter. We're also on
:24:13. > :24:30.e`mail. Thanks for watching. See you next time. No cats, thanks.
:24:31. > :24:36.I know we're in the in the middle of August but it will feel like early
:24:37. > :24:39.autumn in the next few days. Blustery winds coming down from the
:24:40. > :24:42.north, bringing in cool air.