16/08/2014 Click


16/08/2014

Click travels to Las Vegas for DefCon, one of the biggest hacking conferences in the world. Includes a look behind the show to find out just how safe your tech is.


Similar Content

Browse content similar to 16/08/2014. Check below for episodes and series from the same categories and more!

Transcript


LineFromTo

one of the biggest hacking conferences in the world. Click

:00:00.:00:00.

takes a look behind the show to find out just how safe your tech is.

:00:00.:00:08.

Is everything all right? This week on Click we'll find out

:00:09.:00:27.

just how easy it is to control the everyday appliances around your

:00:28.:00:33.

home. Prepare to get arty, as we enjoy a very different kind of

:00:34.:00:40.

gallery visit. And we discover a way to fight off spam in Webscape.

:00:41.:00:51.

Welcome to Click. More and more of us are using our mobile devices to

:00:52.:00:54.

do pretty much everything in our lives these days. When you switch

:00:55.:01:02.

them on the chances of... Are we in? This should be yours. A keycode, if

:01:03.:01:06.

you like, that you have to enter. It's yours. It's yours. Don't worry.

:01:07.:01:15.

I actually do work for the BBC and Mike has come along for the ride. We

:01:16.:01:20.

want to show you something they didn't want to show you ` a hack and

:01:21.:01:24.

a serious hack at the world's most important hacking convention.

:01:25.:01:29.

Defcon. Running since the early '90s, Las Vegas hosts this annual

:01:30.:01:32.

semi secretive shindig for the world's hackers. It only let cameras

:01:33.:01:38.

in three years ago. We're going in under the wire, literally, to the

:01:39.:01:40.

casino resort where government agents rub keyboards with cyber

:01:41.:01:44.

criminals. Everybody is told to play nicely.

:01:45.:01:52.

There is a record 16,000 people expected to be in that queue over

:01:53.:01:57.

the next few days. At the moment it takes 3.5 hours to get to the front

:01:58.:02:01.

when you get one of these, probably the flashiest badge I've ever seen

:02:02.:02:04.

at one of these conferences. It looks like something we might want

:02:05.:02:08.

to hack. Mike, you're our security expert. What would you do with this?

:02:09.:02:13.

It's designed to be hacked. There's a microprocessor here, a USB port,

:02:14.:02:16.

various places you can solder on new devices and a competition to see who

:02:17.:02:20.

can hack in, in the most crazy and ingenious way. Have you turned the

:02:21.:02:34.

Wi`Fi off on your mobile phone? No. This is no ordinary gathering. Leave

:02:35.:02:38.

your phone connected to Wi`Fi and it's likely that you will be hacked

:02:39.:02:42.

and it will be posted here on the Wall of Sheep, for all to see.

:02:43.:02:55.

Everyone here should know better. The world's most hostile network and

:02:56.:02:57.

anything within the Defcon Network is here. There is an etiquette, but

:02:58.:03:11.

people will be trying stuff out. Of course, visitors don't just hack

:03:12.:03:14.

each other. Some of the best talks in cyber security go on here with

:03:15.:03:18.

presenters going public on how to bring down anything from a toaster

:03:19.:03:20.

to an aircraft. These guys specialise in cars. They've tested

:03:21.:03:23.

25 models and ranked them on how easy they are to hack. In the past

:03:24.:03:27.

they have taken over the brakes and steering controls by plugging in

:03:28.:03:29.

their laptop. Here is the no brake attack. I can't

:03:30.:03:34.

stop right now. I'm moving along here. Obviously that's a very

:03:35.:03:41.

dangerous attack. So far there's not a lot of risk. It's pretty hard to

:03:42.:03:54.

hack your car. But we're looking five years out and seeing that in

:03:55.:03:58.

five years more cars will be on the internet and be connected and we

:03:59.:04:01.

want to get car manufacturers fixing things now, rather than waiting

:04:02.:04:03.

until there's a problem. This year they showed just how dumb

:04:04.:04:06.

our so`called smart cities could be. Imagine the traffic in Las Vegas

:04:07.:04:11.

grinding to a halt. This is now no longer the fantasy of films. This

:04:12.:04:17.

guy can do this for real, with a laptop and off the shelf kit costing

:04:18.:04:25.

less than $100. Cesar has discovered a specific wireless traffic

:04:26.:04:28.

monitoring system sends all its data unencrypted. Sensors embedded in the

:04:29.:04:30.

road detect cars and send that information to receivers. The data

:04:31.:04:35.

is used to switch the traffic lights to avoid congestion. Without

:04:36.:04:40.

encryption of that data, it's possible to send fake information

:04:41.:04:43.

that could lead to a traffic jam or accident. And even to upload new

:04:44.:04:47.

software to do the job remotely. He's released all the information

:04:48.:04:50.

publicly at Defcon and insists publishing the hack is the right

:04:51.:04:56.

thing to do. This is not my fault. I'm just

:04:57.:04:59.

pointing out the problem. I'm not creating it. If I keep quiet, the

:05:00.:05:11.

problem will remain there. Sooner or later someone else will know it ` it

:05:12.:05:15.

could be someone with bad intentions. Pretty scary stuff. What

:05:16.:05:18.

do you make of that? It is pretty scary, isn't it? We have devices out

:05:19.:05:21.

there in our roads that are vulnerable to very, very basic

:05:22.:05:24.

attacks so there's no authentication on the devices. There is no

:05:25.:05:32.

encryption. Everyone at home uses encryption on the wireless. That's

:05:33.:05:36.

inexcusable. Governments are not checking the security of these. It

:05:37.:05:42.

makes me wonder what else is out there. Defcon is also about having

:05:43.:05:45.

fun. There are rooms where you can test your lock picking or wireless

:05:46.:05:48.

hacking skills. You can hack your hat. Or your hair. Often it's people

:05:49.:05:59.

who are the weakest link to data security, so over to the social

:06:00.:06:02.

engineering room where two actors were making fake calls to real

:06:03.:06:04.

companies trying to illicit compromising information. It's

:06:05.:06:10.

illegal to film this conversation in the US, but both attempts we

:06:11.:06:14.

witnessed hit gold. Last call we found out this company

:06:15.:06:17.

still uses Windows XP, still is on Internet Explorer, a lower version.

:06:18.:06:23.

Hacking is a family business here. Children are allowed in and

:06:24.:06:25.

encouraged to steal each other's passwords.

:06:26.:06:35.

You could break into their account. Jeff Moss created both Defcon and

:06:36.:06:39.

Black Hat and defends blowing the cover on all this information.

:06:40.:06:43.

Organised crime don't tell us what they're doing. We have to try and

:06:44.:06:49.

protect ourselves. Conferences like this, whether they're in the UK,

:06:50.:06:52.

France or America, they're one of the few ways we have the information

:06:53.:06:55.

out to what's going on that's not being filtered by a company or a

:06:56.:07:00.

government. This is what's really happening. Back at DefCon, this guy

:07:01.:07:10.

who didn't want to be filmed has managed to bling up his entry badge

:07:11.:07:14.

and get it to make other badges flash on his command. It turns out

:07:15.:07:17.

it's just as easy to manipulate the stuff in our homes too. This is one

:07:18.:07:21.

of the coolest talks I've seen today. We have a group of guys who

:07:22.:07:25.

have taken things in the home, TVs, baby monitors, fridges, and breaking

:07:26.:07:28.

them, making them do things they're not meant to do. The coolest bit is

:07:29.:07:36.

this will all be on the web after this talk and anyone will be able to

:07:37.:07:39.

do it. It's not actually that difficult.

:07:40.:07:49.

Perhaps "drink all the booze", "hack all the things" sums up this

:07:50.:07:56.

gathering. But, for the most part, these aren't the bad guys. They love

:07:57.:08:00.

making things work even better and exposing vulnerabilities for

:08:01.:08:02.

companies who ought to know better to fix. And intercepting satellite

:08:03.:08:09.

broadcasts, yeah, that's included. Cheers. We'll have to wait to see

:08:10.:08:18.

whether the manufacturers include it in their latest updates. I hope you

:08:19.:08:23.

found that as fascinating as I did. Coming up next, a look at this

:08:24.:08:30.

week's tech news. What? What do you mean they didn't see it?

:08:31.:08:36.

British football club Manchester United have banned fans from

:08:37.:08:38.

bringing tablets and laptops to matches at its stadium. The move

:08:39.:08:41.

comes after similar rules were brought into effect at airports. The

:08:42.:08:47.

club said the changes were not related to concerns about fans

:08:48.:08:49.

recording matches, but rather in response to unspecified security

:08:50.:08:52.

intelligence. On the plus side, at least you'll be able to see the

:08:53.:08:55.

match without all those slabs blocking your view. Speaking of

:08:56.:09:09.

Sony, several months after its announcement, the company has

:09:10.:09:12.

finally revealed the launch date and price for its PlayStation TV. It

:09:13.:09:13.

Consul has already the available in Japan since last

:09:14.:09:26.

year. `` the consol. It will now go on sale in the US on August 14. In

:09:27.:09:30.

the UK, a full month later. Finally, behold the salmon cannon. This

:09:31.:09:33.

vacuum and tube system helps salmon migrate upstream. The concept relies

:09:34.:09:39.

on a change in pressure within the tube, forcing the fish to accelerate

:09:40.:09:44.

upwards. Originally designed to transport fragile goods like fresh

:09:45.:09:47.

fruit, the new system can transport up to 45 salmon per minute and can

:09:48.:09:50.

be streamlined to allow for voluntary entry.

:09:51.:09:58.

So then, how much do you trust the gadgets in your house? After our

:09:59.:10:04.

piece from Defcon there, I'd say not as far as you could throw them, even

:10:05.:10:11.

if they aren't plugged in. A report now on an unsettling take on the

:10:12.:10:22.

internet of things. Homes should be the safest place to

:10:23.:10:25.

connect your tech, but just in case there's something creepy on the net

:10:26.:10:33.

after this tale ` password reset. Welcome to the haunted house of

:10:34.:10:36.

hacking horrors. Won't you please come inside?

:10:37.:10:44.

Yes, around every corner of this suburban home lurks a hacker, and if

:10:45.:10:48.

your device connects to the internet, they will gain control of

:10:49.:10:58.

it. For example, this Bluray player has to go online to update its

:10:59.:11:01.

programme guide or get more content, but divert that connection and you

:11:02.:11:07.

can then inject your own code. You see, if a command looks like it's

:11:08.:11:10.

coming from the home network, the device doesn't ask for

:11:11.:11:12.

authentication, which means this wireless plug controller is obeying

:11:13.:11:19.

the hacker. Spooky. It's all down to so`called protocol, the way machines

:11:20.:11:24.

talk to each other. They're running under the assumption

:11:25.:11:27.

they're in somebody's house and therefore people can't really do

:11:28.:11:31.

anything with them. What we've been able to do is look at those

:11:32.:11:34.

protocols and tweak them, bend them to our will, as such, so that we can

:11:35.:11:38.

take control of the player, turn the television on, flash lights and play

:11:39.:11:51.

spooky music throughout the house. If it wasn't obvious, these people

:11:52.:11:53.

aren't really hackers, they're penetration testers. They're paid by

:11:54.:12:00.

companies to get into things. It turns out gaining access to devices

:12:01.:12:04.

is easy when you know how. This haunted house requires the user name

:12:05.:12:08.

and password of the Wi`Fi and they assure me that's reasonably easy to

:12:09.:12:14.

attain. Once you've attained it, you can do some very interesting things.

:12:15.:12:16.

This programme looks around for things like sound like baby monitors

:12:17.:12:20.

on the network. When it finds what it thinks is a baby monitor, you can

:12:21.:12:23.

install the commercial app and listen. Another shocking example if

:12:24.:12:35.

you haven't put a password on your internet viewable webcam, it's

:12:36.:12:37.

possible for anyone to invite themselves in. They just need your

:12:38.:12:40.

IP address, the internet equivalent of a post code. The problem is the

:12:41.:12:45.

balance between ease of use and security.

:12:46.:12:50.

Most of this tech is reasonably complicated and so the manufacturers

:12:51.:12:53.

try to make it a bit easier to set up and configure. As people don't

:12:54.:12:57.

understand security, it's the social configuration piece that kind of

:12:58.:13:04.

really vulnerable. `` kind of makes them. We see it as a massive area

:13:05.:13:07.

for compromise. Before panicking and throwing

:13:08.:13:10.

everything away, this is easy to fix. Just change the default

:13:11.:13:13.

username and password when you set these gadgets up and your password

:13:14.:13:16.

should be hard for other people to figure out, because once hackers get

:13:17.:13:19.

hold of them, they could even steal your car.

:13:20.:13:28.

This BMWi3 is at the cutting edge of vehicle tech, allowing entry via an

:13:29.:13:33.

app. We think there are some security issues with the way you

:13:34.:13:38.

sign up to the app. If you know what you are doing and you know about

:13:39.:13:41.

your victim, your target, you do a bit of research, there is potential

:13:42.:13:44.

to intercept that information, configure something on your phone

:13:45.:13:47.

and use that to unlock and steal a car. This works because most people

:13:48.:13:50.

unwittingly give clues to their passwords on social media sites.

:13:51.:13:57.

Pets, sport teams, and so on. With an easy to guess username on the BMW

:13:58.:14:01.

app, Ken can not only get into his friend's vehicle, he can make off

:14:02.:14:05.

with it! Come back! The main way to defend against these

:14:06.:14:10.

hacks is to be more secure. The moral of the story, make your

:14:11.:14:13.

password hard to guess. For social updates, post less. Perhaps then you

:14:14.:14:18.

will feel more serene and guard from ghosts in your machine.

:14:19.:14:26.

LJ Rich, monitoring the situation. Have you ever had a museum

:14:27.:14:34.

completely to yourself? Me neither. But imagine what it would be like to

:14:35.:14:39.

be able to roam the place after the doors have shut. Don't worry, there

:14:40.:14:44.

are no hungry dinosaurs or even Ben Stiller to worry about. Just a horde

:14:45.:14:48.

of robots and Lara Lewington. Fortunately, these bots aren't

:14:49.:14:59.

trying to take over the world. They're just after a bit of culture.

:15:00.:15:04.

For the last week, the main attraction in the Tate Britain's

:15:05.:15:06.

Galleries hasn't been the Constables or the Hockneys, it's been four

:15:07.:15:13.

remote controlled robots. Visitors to the Tate Britain's After Dark

:15:14.:15:16.

website have been given the chance to explore galleries filled with 500

:15:17.:15:19.

years of priceless art, all from their laptops. This isn't about

:15:20.:15:27.

creating an alternative to actually visiting an art gallery, it's about

:15:28.:15:34.

a totally different experience. How often is it that you actually

:15:35.:15:38.

operate a robot anyway? The idea is that you can move around the

:15:39.:15:41.

gallery, turning left or right, looking up or down. When you reach a

:15:42.:15:44.

dead end, these sensors will light up red, which means you need to

:15:45.:15:51.

reverse and replan your journey. It is perhaps more in some ways like an

:15:52.:15:55.

unmanned vehicle or a space probe or submarine, remote`controlled

:15:56.:15:56.

submarine, exploring the deepest parts of the ocean. It's as much

:15:57.:16:09.

about the space as it is about the art. David and the rest of the team

:16:10.:16:12.

won the ?70,000 IK Prize, a competition to encourage innovative

:16:13.:16:15.

digital uses of the museum. We've been lucky enough to work on a

:16:16.:16:18.

number of jobs with different museums recently. We are fortunate

:16:19.:16:23.

because we get to walk around the galleries at night in the dark.

:16:24.:16:25.

You're basically looking at these paintings by yourself and it's an

:16:26.:16:28.

amazing experience. For a long time we wanted to make this project a

:16:29.:16:30.

reality. A team of art experts have been on

:16:31.:16:36.

hand to provide live commentary about anything interesting the bots

:16:37.:16:37.

spot. Who hasn't dreamt of going around a

:16:38.:16:45.

gallery after dark alone and encounter those wonderful art

:16:46.:16:48.

objects and see what happens in the gallery after dark? It's something

:16:49.:16:55.

that I, working in the gallery, have done, but the idea of extending that

:16:56.:16:58.

to anybody sitting in an armchair at home is fantastic. What a brilliant

:16:59.:17:04.

idea! A big challenge for the project was getting the video feed

:17:05.:17:08.

from the robots to the web quickly. Too slow and your command to the

:17:09.:17:11.

robots won't match up with what you are seeing. Rather than sending the

:17:12.:17:19.

robot video feeds to a central server, this system makes a direct

:17:20.:17:22.

connection between the drivers at home and the robots in the gallery.

:17:23.:17:28.

That could mean the difference between a smooth viewing experience

:17:29.:17:31.

and just getting stuck. This sculpture may be safely encased in

:17:32.:17:34.

glass but for anything that's a bit more exposed there will be safety

:17:35.:17:39.

barriers put around. Plus the actual shape of the robot should stop it

:17:40.:17:46.

from banging into anything valuable. The robots also have built in

:17:47.:17:49.

proximity sensors that can kill power and movement if they touch

:17:50.:17:53.

anything in the gallery. While this could be the easiest way to spend a

:17:54.:17:57.

night in a museum, it is not claiming to be the experience of

:17:58.:17:59.

visiting a gallery yourself. Lara Lewington spending a night at

:18:00.:18:09.

the museum, virtually, of course. This month This month marks the

:18:10.:18:12.

100th anniversary of the outbreak of the First World War. More than 16

:18:13.:18:16.

million people died in the fighting and while it can be difficult to

:18:17.:18:19.

comprehend the magnitude of that event, one BBC show is using modern

:18:20.:18:23.

techniques to try to make the conflict relevant to a modern

:18:24.:18:28.

audience. Muddy trenches, bullets through the

:18:29.:18:35.

air. Life or death decisions that have to be made in seconds. This is

:18:36.:18:38.

Our World War, another programme aiming to show the First World more

:18:39.:18:41.

from their point of view of the soldiers who fought in it. It might

:18:42.:18:46.

look like a period drama but the team behind it have also created

:18:47.:18:48.

what they call an interactive episode. It brings elements of a

:18:49.:18:55.

game and stories together to present you with an experience that, if you

:18:56.:18:59.

are 16 to 24, you recognise and perhaps become more engaged with it

:19:00.:19:08.

because you have a role to play. You go from being viewer to participants

:19:09.:19:14.

and that should be satisfying. This episode will be available on

:19:15.:19:17.

tablet and desktop and invites the viewer to make choices that could

:19:18.:19:23.

affect the story. Participants can also unlock bonus footage and

:19:24.:19:26.

experience animated back stories, as well as feedback and analytics on

:19:27.:19:33.

the decisions they've made. I chose to take the injured soldier

:19:34.:19:36.

prisoner. Apparently, that was the correct decision to make. I have no

:19:37.:19:39.

idea whether the decisions I just made will lead to a bad or not quite

:19:40.:19:50.

so bad result. The decisions become harder and harder as you work your

:19:51.:19:53.

way through. The last decision is really critical and very difficult.

:19:54.:19:57.

Unbeknownst to you, what's been happening is we have been scoring

:19:58.:20:09.

your tactics and morale. But the main antagonist in the film also has

:20:10.:20:12.

an opinion on your decisions and this is perhaps the cleverest bit.

:20:13.:20:16.

He will or will not help you in your last decision, I won't give it away,

:20:17.:20:19.

depending on the decisions you've made. If he thinks you are right all

:20:20.:20:23.

the way through and his morale has been high then he will help you. If

:20:24.:20:26.

not, he won't help you. The episode has been put together

:20:27.:20:29.

with the help of CGI and animation studio MI, who have designed the

:20:30.:20:32.

user interface and hope to offer a seamless video experience. The

:20:33.:20:37.

programme makers even believe this could bring in a new era of

:20:38.:20:39.

interactive entertainment, that combines the best elements of gaming

:20:40.:20:41.

and drama. No matter how safe you try to be,

:20:42.:20:53.

whenever you sign up to an online service you're leaving yourself open

:20:54.:20:55.

to receiving lots of lovely spam, because apparently you asked for it

:20:56.:21:03.

when you gave them your address. Kate Russell has a brilliant

:21:04.:21:05.

solution for that next, in Webscape. Yes, Spencer, this really is the

:21:06.:21:17.

simplest solution. If you are fed up with getting spam from websites that

:21:18.:21:20.

ask you for an e`mail address to confirm your registration, try ten

:21:21.:21:27.

Minute Mail instead. It serves you up a temporary inbox to grab that

:21:28.:21:30.

registration link before it vanishes into the ether. I've had a free

:21:31.:21:38.

e`mail account for years that I've used to try out new services for

:21:39.:21:41.

Webscape but it's got so crazy now that I receive hundreds of spam

:21:42.:21:44.

messages a week. Not only is that a pain to empty, but I do lose the

:21:45.:21:48.

occasionally important message in amongst all of the guff. Bear in

:21:49.:21:58.

mind that you won't get any future e`mail updates, but if you aren't

:21:59.:22:00.

planning to interact with the website that much, it's enough time

:22:01.:22:11.

to confirm signup. If you do need more time, there's the option to

:22:12.:22:14.

extend for ten minutes. About 50 earthquakes a day are registered

:22:15.:22:19.

globally. But it's estimated millions occur

:22:20.:22:23.

each year that are too weak to be recorded. Iseismometer is a free app

:22:24.:22:34.

that turns your smartphone into a seismometer, detecting vibrations in

:22:35.:22:36.

real time and displays the strength of the tremor on a graph. So, the

:22:37.:22:41.

next time someone asks you if the earth moved, you can get an accurate

:22:42.:22:44.

reply. Boinc is an android app that lets

:22:45.:22:48.

you harness the newest computing power of your handset to study

:22:49.:22:50.

diseases, predict global warming or discover distant pulsars. There is a

:22:51.:22:56.

good selection of well and lesser`known scientific projects to

:22:57.:22:58.

sign up with, covering disciplines like astrophysics, cosmology,

:22:59.:23:07.

mathematics and seismology. The app won't have your phone doing any

:23:08.:23:10.

computing until it's connected to a power supply and charged to 90%. So,

:23:11.:23:15.

there's no risk of running your battery dry unexpectedly. After the

:23:16.:23:29.

excitement of the Rosetta project last week, could the crowd help find

:23:30.:23:34.

more interesting rocks in space? Asteroid Zoo wants to help

:23:35.:23:36.

scientists scan our solar system for asteroids containing useful

:23:37.:23:43.

resources. This could be very valuable information in the years

:23:44.:23:45.

ahead. Thank you, Kate. That's it for this

:23:46.:23:52.

week but remember we're always keen to hear your thoughts on anything

:23:53.:23:56.

going on in your world, well, that's tech related. We don't want to know

:23:57.:24:01.

what you had for dinner and no more pictures of cats, please! You can

:24:02.:24:09.

get in touch with us at Google+, Facebook and Twitter. We're also on

:24:10.:24:12.

e`mail. Thanks for watching. See you next time. No cats, thanks.

:24:13.:24:30.

I know we're in the in the middle of August but it will feel like early

:24:31.:24:36.

autumn in the next few days. Blustery winds coming down from the

:24:37.:24:39.

north, bringing in cool air.

:24:40.:24:42.

Download Subtitles

SRT

ASS