:00:00. > :00:29.Welcome to the south coast of England, and the country's
:00:30. > :00:35.They say an Englishman's house is his castle.
:00:36. > :00:41.Like every other home in the land, it needs to be well
:00:42. > :00:44.defended, because these days, it is constantly under attack.
:00:45. > :00:46.The walls make it out burglars, but today's
:00:47. > :00:49.digital invader is wily, and can worm its way
:00:50. > :00:58.Last week's global cyber attack on companies in around 150 countries
:00:59. > :01:03.shows just how vulnerable systems can be, even if you are not called
:01:04. > :01:08.So this week, we're looking at cybersecurity.
:01:09. > :01:10.It's me versus the bad guys out there.
:01:11. > :01:13.And they might be small, but there's a lot of them.
:01:14. > :01:18.So what can I do to shore up my defences?
:01:19. > :01:22.Gadgets already recognise our fingerprint, and now
:01:23. > :01:27.banks are starting to identify us using our voices.
:01:28. > :01:33.Is it possible, for example, to fake someone's voice?
:01:34. > :01:37.We asked Dan Simmons to give it a go, or most precisely,
:01:38. > :01:40.to find the one person who might stand a chance at breaking
:01:41. > :01:48.Well, one of the things that you might not know about me is that
:01:49. > :01:51.I am the only member of the Click team to have a twin brother.
:01:52. > :01:55.His name is Joe, and we kind of sound quite alike.
:01:56. > :02:00.But I came out first, and he just copied me.
:02:01. > :02:03.Yeah, well, for this report, it's going to be Joe trying
:02:04. > :02:08.TOGETHER: ..as we try to break into a bank.
:02:09. > :02:12.But first, we're going to need some help.
:02:13. > :02:15.Yep, I really think this guy is going to help us.
:02:16. > :02:35.What we're going to do first is I have this little
:02:36. > :02:38.And what this will do is just detect, first of all,
:02:39. > :02:45.This system that you're trying to break in is analysing your voice
:02:46. > :02:49.So there will be about 100 different variables it is picking up on.
:02:50. > :02:52.Hello, I'd like to access my account, please, today...
:02:53. > :02:56.Hello, I wondered if I could access my account today.
:02:57. > :02:58.You see there are pretty big differences between them.
:02:59. > :03:01.So who do you think is the bigger Adam's apple, out of both of you?
:03:02. > :03:16.It's the first time I've tried to use the telephone banking
:03:17. > :03:45.service, and I'm not set up, so I am hoping...
:03:46. > :03:52.How many - how long do you want to make this?
:03:53. > :03:56.That wasn't axactly the way you said it the first time.
:03:57. > :03:58.I'd like to take everything out, today, please.
:03:59. > :04:06.I'd like to take everything out, today, please.
:04:07. > :04:39.Erica is the voice of NICE - NICE is the voice security provider
:04:40. > :04:42.for Citibank credit card-holders in the US, among others.
:04:43. > :04:48.Joe's going to try to break into my account, what chances do
:04:49. > :04:54.What advice can you give me to try and break into his account?
:04:55. > :04:57.Well, you've known him your entire life, so try to imitate his voice.
:04:58. > :05:00.She seems very confident about this - what -
:05:01. > :05:03.what why is it that you think that, maybe, my twin brother can't break
:05:04. > :05:09.Voice biometrics is the most accurate form of identification
:05:10. > :05:11.there is for access into financial institutions.
:05:12. > :05:17.It registers over 100 different characteristics with voice.
:05:18. > :05:20.Half of them personality and the half are physical.
:05:21. > :05:22.And you do look a little bit different,
:05:23. > :05:26.and your voices are different, so you will have different vocal
:05:27. > :05:31.So therefore, what percentage chance do you think I have?
:05:32. > :05:35.It would be one out of several hundred thousand.
:05:36. > :05:37.How do you make it so that I can access my
:05:38. > :05:40.account, even if, like, at the moment, I have a little
:05:41. > :05:44.As I said, there's over 100 characteristics,
:05:45. > :05:47.and a cough or cold only affects about two.
:05:48. > :05:49.So we still have all those other characteristics to work with,
:05:50. > :05:51.and we can use those for identification.
:05:52. > :05:55.And has anybody fooled the system through the front door?
:05:56. > :05:56.Basically, pretending to be somebody they're not?
:05:57. > :06:33.It might just be a bit out the ballpark, but is this legal?
:06:34. > :06:59.I'm here to break into the account of Dan Simmons.
:07:00. > :07:12.Hi, yes, I'd like to access my current account,
:07:13. > :07:18.Yes, it's probably about ?10, something like that.
:07:19. > :07:31.Wow, look at how close this is over here.
:07:32. > :07:39.If we come over here, it you can see there's the threshold
:07:40. > :07:41.level, and that - that is pretty close.
:07:42. > :07:51.But that's how you test the system, isn't it?
:07:52. > :07:53.Yes, we that's how we test the system.
:07:54. > :07:55.We test it with twins, and siblings, and imitators.
:07:56. > :07:57.You know, a fraudster wouldn't get three chances,
:07:58. > :07:59.and the reason a fraudster wouldn't get three
:08:00. > :08:01.chances is that we would register the multiple failures,
:08:02. > :08:04.and it would dynamically increase the threshold on the third,
:08:05. > :08:10.Right, that is not to say, of course, that it's
:08:11. > :08:18.It's not impossible, it's just very improbable.
:08:19. > :08:21.So, Dan, your bank account is still safe, although your twin
:08:22. > :08:24.got away with some pretty cool stationery.
:08:25. > :08:30.Were you surprised that the voice attack didn't work?
:08:31. > :08:34.We really tried hard to match up our voices.
:08:35. > :08:37.You know, we used the voice coach and the rest of it,
:08:38. > :08:40.and it just bubbled under what we needed and couldn't get in.
:08:41. > :08:43.What about the simpler stuff that we have been asked by banks
:08:44. > :08:45.in the last few years, like "My voice is my password,"
:08:46. > :08:53.To get into my account, my twin needs my sort code
:08:54. > :08:56.and my account number, things I have already
:08:57. > :09:01.He also needs to know my birthdate, but that's probably something
:09:02. > :09:06.The question is, can my voiceprint give me any extra
:09:07. > :09:12.Secret bank, we're not getting any bank names away.
:09:13. > :09:27.Now, interestingly, it's the PIN number,
:09:28. > :09:32.which, if you are from the days from the old cheque-book,
:09:33. > :09:35.then both of those things you'd use to print objects.
:09:36. > :09:38.So if you've got an old cheque from somebody you already know
:09:39. > :09:45.He knows my date of birth because we share the same
:09:46. > :09:51.After the tone, please repeat the phrase "My voice your password".
:09:52. > :10:04.After the tone, please repeat the phrase "My voice your password".
:10:05. > :10:21.The balance of your account is ?1.21p credit.
:10:22. > :10:26.I thought it would be more than that, Dan.
:10:27. > :10:31.Perhaps more surprising when you consider the service
:10:32. > :10:35.providers test their systems with twins to improve security.
:10:36. > :10:38.I can get into other accounts, apparently,
:10:39. > :11:08.He did break into your real bank account. That wouldn't be a great
:11:09. > :11:15.defence. He is my twin and not many people have one of those. Computers
:11:16. > :11:21.can emulate and clone voices. We have started to see people fooled in
:11:22. > :11:27.the same way we have been fooled by photo shop pictures. I don't think
:11:28. > :11:45.that will work. Do you mind if we give that a go? Be my guest.
:11:46. > :12:03.I record his voice and sent his recording to Canada. I would have to
:12:04. > :12:07.say great, the best. We are working with security searches to find out
:12:08. > :12:13.what is the best way to send. This is why we haven't made it public
:12:14. > :12:16.yet. The developers hope it will give someone back their voice if
:12:17. > :12:24.they lose it through illness or an accident that they are aware it
:12:25. > :12:34.could be used to fake a voice ID. Sun-macro one idea I have to work on
:12:35. > :12:38.is to mark the samples. We have to detect this. They are not quite
:12:39. > :13:01.ready to help you. You could replicate their voice
:13:02. > :13:05.print. You still wouldn't be able to get in. I know because I've tried to
:13:06. > :13:16.hack in. Major security no no man works
:13:17. > :13:18.at an undisclosed financial He manages innovation,
:13:19. > :13:22.because they have an Just watch the way he uses his
:13:23. > :13:27.phone, because his security And even with all his
:13:28. > :13:32.login details, I'll need to replicate how he holds,
:13:33. > :13:42.taps, and tilts his device. Chris, would you mind
:13:43. > :14:45.lending me that for a moment? Spying tools go ahead with its
:14:46. > :14:48.promise to release fresh batches of tools each month. It threatens to
:14:49. > :14:55.sell new code that could compromise phone handsets and Windows temp as
:14:56. > :15:05.well as data stolen from banks. It was also revealed the squeeze
:15:06. > :15:10.cell-free phone. There was an app called lens which turns your smart
:15:11. > :15:19.code camera into a search engine. And there was serviced to take your
:15:20. > :15:23.loved one's remains into space. Capsules of Ashes will orbit Earth
:15:24. > :15:31.for two years before re-entering the atmosphere as a shooting star. It
:15:32. > :15:45.costs around ?2000. The previous efforts didn't reach orbit. Finally,
:15:46. > :15:52.over Latvia, this man achieved the first-ever parachute jump from a
:15:53. > :16:27.drone. He landed safely with his parachute.
:16:28. > :16:35.Not looking good out there. I've retired to the inner sanctum. Dover
:16:36. > :16:40.Castle was continuously defended the 900 years, right up until the 1950s.
:16:41. > :16:46.It was a successful defence. I wonder whether our homes are more
:16:47. > :16:51.Ballmer both. -- 1850s. We are filling them with more and more
:16:52. > :16:54.connected devices. This is the family room at the heart of the
:16:55. > :16:58.castle with the lord of -- whether Lord and his family can relax
:16:59. > :17:04.between some thick walls. The king can unwind with a game of chess. In
:17:05. > :17:15.the 13th century, they didn't have the Internet of things but they
:17:16. > :17:19.still have things. How do we make IOT more secure? We keep hearing
:17:20. > :17:24.about these connected devices continually being hacked. Why is it
:17:25. > :17:30.so hard for manufacturers to make them more secure? It is not hard. It
:17:31. > :17:36.just needs thought, Efford and time to do it right. -- effort. They have
:17:37. > :17:42.to get their product to market and somewhere, someone says security. Do
:17:43. > :17:47.they carry on chipping orders ship it out and expose us as consumers? I
:17:48. > :17:55.like to think security is getting better. I think it is getting worse
:17:56. > :17:58.at the moment. Everyone wants to jump on the bandwagon. There is less
:17:59. > :18:02.security, cheaper products and people are buying it. Don't worry
:18:03. > :18:24.about that. It's fine. Give me a hand with this chest,
:18:25. > :18:29.please. In here, I've got some IOT devices. Here is one I like the look
:18:30. > :18:34.of. It sends an image of what is going on at your door to your phone
:18:35. > :18:38.so you can answer the door when you are not at home. You can unhook it
:18:39. > :18:45.from the door, press this button and it'll give you a Wi-Fi key so you
:18:46. > :18:52.can hack the customer's network. OK, right. Beggars belief. Here we are
:18:53. > :18:56.in a castle. This is a smart door lock. You cannot your door from your
:18:57. > :19:02.phone but it hooks up with voice control. With Amazon Eco, you can
:19:03. > :19:09.go, locked door. It locks the door for you. It doesn't do anything
:19:10. > :19:18.silly unless you hooked it up to Siri. You could shout through the
:19:19. > :19:24.door, "A locked door," says the burglar and it unlocks the door.
:19:25. > :19:28.This is a next thing. This is a thermostat and you can control your
:19:29. > :19:32.heating from your home. We found that you could hack them and do
:19:33. > :19:37.crazy things like install ran somewhere on them so they could hold
:19:38. > :19:41.your heating system to ransom in the middle of winter. So you can turn
:19:42. > :19:50.the heating off and demand money to turn it back on. Buy yourself a fan,
:19:51. > :19:57.like we've got. It seems these gaps in our defences are proving to be a
:19:58. > :20:03.gift for our attackers. Really? A smart cattle? What's the problem
:20:04. > :20:08.with a smart cattle? You can boil a couple from your bed when you wake
:20:09. > :20:13.up. Unfortunately, this early version wasn't secure and you could
:20:14. > :20:25.sit outside someone's house, port -- point an aerial at your kitchen and
:20:26. > :20:30.get your Wi-Fi keys. Good Lord. Not safe any more. Let's go to the
:20:31. > :20:41.throne room. This is more secure. I've locked the doors. OK, right,
:20:42. > :20:48.how can we defend ourselves and our data if we have a phone -- a home
:20:49. > :20:55.full of connected devices? You have to update your phone. Check the
:20:56. > :21:00.software is bang up-to-date because the manufacturers may have fixed the
:21:01. > :21:04.bug is. Would you buy a connected device for your children? I
:21:05. > :21:17.wouldn't. I don't think they are enough yet.
:21:18. > :21:26.One extra word of advice. It is boring but please make sure you got
:21:27. > :21:32.a good strong password on app that you'd use to talk to your toys. OK,
:21:33. > :21:37.looks like we have some unwelcome guests. I will hand you over to Lara
:21:38. > :21:47.who has some important security tips that we may be should have paid more
:21:48. > :22:00.attention to. It is every geek for himself.
:22:01. > :22:07.The recent ransom ware attack showed you don't have to be personally
:22:08. > :22:10.targeted to end up being a victim. This first tip would have protected
:22:11. > :22:16.you against that and many similar attempts to get inside the walls of
:22:17. > :22:21.your castle. One thing you need to do is to update the operating
:22:22. > :22:26.system, the browser and the applications you use. These pieces
:22:27. > :22:33.of software are complicated and they contain bugs. There are other ways
:22:34. > :22:39.we could be leaving ourselves vulnerable. Don't jailbreak devices.
:22:40. > :22:45.Use download applications because without that, you are bypassing the
:22:46. > :22:49.security that has gone into them. At one point, you will lose your
:22:50. > :22:56.devices. When you set it up, ask it to win crypts all the stores. If you
:22:57. > :23:00.don't think you've got anything of value, your contacts are worth a lot
:23:01. > :23:07.of money to cyber criminals. If you are putting documents that you don't
:23:08. > :23:10.want other to people to see, I say don't do it. If you download
:23:11. > :23:14.something and you are not expecting it, don't do it. Protect your family
:23:15. > :23:19.and friends. Remove that risk. Unfortunately, I think they've
:23:20. > :23:22.arrived a little bit too Thanks for watching
:23:23. > :24:05.and I really, really hope Sunny spells and hefty showers will
:24:06. > :24:06.do it for many parts of the British Isles today.