Robots Storm the Castle Click


Robots Storm the Castle

Click focuses on cyber security, with a look at biometric identification and whether it really is keeping the nation's bank accounts safe.


Similar Content

Browse content similar to Robots Storm the Castle. Check below for episodes and series from the same categories and more!

Transcript


LineFromTo

Welcome to the south coast of England, and the country's

:00:00.:00:29.

They say an Englishman's house is his castle.

:00:30.:00:35.

Like every other home in the land, it needs to be well

:00:36.:00:41.

defended, because these days, it is constantly under attack.

:00:42.:00:44.

The walls make it out burglars, but today's

:00:45.:00:46.

digital invader is wily, and can worm its way

:00:47.:00:49.

Last week's global cyber attack on companies in around 150 countries

:00:50.:00:58.

shows just how vulnerable systems can be, even if you are not called

:00:59.:01:03.

So this week, we're looking at cybersecurity.

:01:04.:01:08.

It's me versus the bad guys out there.

:01:09.:01:10.

And they might be small, but there's a lot of them.

:01:11.:01:13.

So what can I do to shore up my defences?

:01:14.:01:18.

Gadgets already recognise our fingerprint, and now

:01:19.:01:22.

banks are starting to identify us using our voices.

:01:23.:01:27.

Is it possible, for example, to fake someone's voice?

:01:28.:01:33.

We asked Dan Simmons to give it a go, or most precisely,

:01:34.:01:37.

to find the one person who might stand a chance at breaking

:01:38.:01:40.

Well, one of the things that you might not know about me is that

:01:41.:01:48.

I am the only member of the Click team to have a twin brother.

:01:49.:01:51.

His name is Joe, and we kind of sound quite alike.

:01:52.:01:55.

But I came out first, and he just copied me.

:01:56.:02:00.

Yeah, well, for this report, it's going to be Joe trying

:02:01.:02:03.

TOGETHER: ..as we try to break into a bank.

:02:04.:02:08.

But first, we're going to need some help.

:02:09.:02:12.

Yep, I really think this guy is going to help us.

:02:13.:02:15.

What we're going to do first is I have this little

:02:16.:02:35.

And what this will do is just detect, first of all,

:02:36.:02:38.

This system that you're trying to break in is analysing your voice

:02:39.:02:45.

So there will be about 100 different variables it is picking up on.

:02:46.:02:49.

Hello, I'd like to access my account, please, today...

:02:50.:02:52.

Hello, I wondered if I could access my account today.

:02:53.:02:56.

You see there are pretty big differences between them.

:02:57.:02:58.

So who do you think is the bigger Adam's apple, out of both of you?

:02:59.:03:01.

It's the first time I've tried to use the telephone banking

:03:02.:03:16.

service, and I'm not set up, so I am hoping...

:03:17.:03:45.

How many - how long do you want to make this?

:03:46.:03:52.

That wasn't axactly the way you said it the first time.

:03:53.:03:56.

I'd like to take everything out, today, please.

:03:57.:03:58.

I'd like to take everything out, today, please.

:03:59.:04:06.

Erica is the voice of NICE - NICE is the voice security provider

:04:07.:04:39.

for Citibank credit card-holders in the US, among others.

:04:40.:04:42.

Joe's going to try to break into my account, what chances do

:04:43.:04:48.

What advice can you give me to try and break into his account?

:04:49.:04:54.

Well, you've known him your entire life, so try to imitate his voice.

:04:55.:04:57.

She seems very confident about this - what -

:04:58.:05:00.

what why is it that you think that, maybe, my twin brother can't break

:05:01.:05:03.

Voice biometrics is the most accurate form of identification

:05:04.:05:09.

there is for access into financial institutions.

:05:10.:05:11.

It registers over 100 different characteristics with voice.

:05:12.:05:17.

Half of them personality and the half are physical.

:05:18.:05:20.

And you do look a little bit different,

:05:21.:05:22.

and your voices are different, so you will have different vocal

:05:23.:05:26.

So therefore, what percentage chance do you think I have?

:05:27.:05:31.

It would be one out of several hundred thousand.

:05:32.:05:35.

How do you make it so that I can access my

:05:36.:05:37.

account, even if, like, at the moment, I have a little

:05:38.:05:40.

As I said, there's over 100 characteristics,

:05:41.:05:44.

and a cough or cold only affects about two.

:05:45.:05:47.

So we still have all those other characteristics to work with,

:05:48.:05:49.

and we can use those for identification.

:05:50.:05:51.

And has anybody fooled the system through the front door?

:05:52.:05:55.

Basically, pretending to be somebody they're not?

:05:56.:05:56.

It might just be a bit out the ballpark, but is this legal?

:05:57.:06:33.

I'm here to break into the account of Dan Simmons.

:06:34.:06:59.

Hi, yes, I'd like to access my current account,

:07:00.:07:12.

Yes, it's probably about ?10, something like that.

:07:13.:07:18.

Wow, look at how close this is over here.

:07:19.:07:31.

If we come over here, it you can see there's the threshold

:07:32.:07:39.

level, and that - that is pretty close.

:07:40.:07:41.

But that's how you test the system, isn't it?

:07:42.:07:51.

Yes, we that's how we test the system.

:07:52.:07:53.

We test it with twins, and siblings, and imitators.

:07:54.:07:55.

You know, a fraudster wouldn't get three chances,

:07:56.:07:57.

and the reason a fraudster wouldn't get three

:07:58.:07:59.

chances is that we would register the multiple failures,

:08:00.:08:01.

and it would dynamically increase the threshold on the third,

:08:02.:08:04.

Right, that is not to say, of course, that it's

:08:05.:08:10.

It's not impossible, it's just very improbable.

:08:11.:08:18.

So, Dan, your bank account is still safe, although your twin

:08:19.:08:21.

got away with some pretty cool stationery.

:08:22.:08:24.

Were you surprised that the voice attack didn't work?

:08:25.:08:30.

We really tried hard to match up our voices.

:08:31.:08:34.

You know, we used the voice coach and the rest of it,

:08:35.:08:37.

and it just bubbled under what we needed and couldn't get in.

:08:38.:08:40.

What about the simpler stuff that we have been asked by banks

:08:41.:08:43.

in the last few years, like "My voice is my password,"

:08:44.:08:45.

To get into my account, my twin needs my sort code

:08:46.:08:53.

and my account number, things I have already

:08:54.:08:56.

He also needs to know my birthdate, but that's probably something

:08:57.:09:01.

The question is, can my voiceprint give me any extra

:09:02.:09:06.

Secret bank, we're not getting any bank names away.

:09:07.:09:12.

Now, interestingly, it's the PIN number,

:09:13.:09:27.

which, if you are from the days from the old cheque-book,

:09:28.:09:32.

then both of those things you'd use to print objects.

:09:33.:09:35.

So if you've got an old cheque from somebody you already know

:09:36.:09:38.

He knows my date of birth because we share the same

:09:39.:09:45.

After the tone, please repeat the phrase "My voice your password".

:09:46.:09:51.

After the tone, please repeat the phrase "My voice your password".

:09:52.:10:04.

The balance of your account is ?1.21p credit.

:10:05.:10:21.

I thought it would be more than that, Dan.

:10:22.:10:26.

Perhaps more surprising when you consider the service

:10:27.:10:31.

providers test their systems with twins to improve security.

:10:32.:10:35.

I can get into other accounts, apparently,

:10:36.:10:38.

He did break into your real bank account. That wouldn't be a great

:10:39.:11:08.

defence. He is my twin and not many people have one of those. Computers

:11:09.:11:15.

can emulate and clone voices. We have started to see people fooled in

:11:16.:11:21.

the same way we have been fooled by photo shop pictures. I don't think

:11:22.:11:27.

that will work. Do you mind if we give that a go? Be my guest.

:11:28.:11:45.

I record his voice and sent his recording to Canada. I would have to

:11:46.:12:03.

say great, the best. We are working with security searches to find out

:12:04.:12:07.

what is the best way to send. This is why we haven't made it public

:12:08.:12:13.

yet. The developers hope it will give someone back their voice if

:12:14.:12:16.

they lose it through illness or an accident that they are aware it

:12:17.:12:24.

could be used to fake a voice ID. Sun-macro one idea I have to work on

:12:25.:12:34.

is to mark the samples. We have to detect this. They are not quite

:12:35.:12:38.

ready to help you. You could replicate their voice

:12:39.:13:01.

print. You still wouldn't be able to get in. I know because I've tried to

:13:02.:13:05.

hack in. Major security no no man works

:13:06.:13:16.

at an undisclosed financial He manages innovation,

:13:17.:13:18.

because they have an Just watch the way he uses his

:13:19.:13:22.

phone, because his security And even with all his

:13:23.:13:27.

login details, I'll need to replicate how he holds,

:13:28.:13:32.

taps, and tilts his device. Chris, would you mind

:13:33.:13:42.

lending me that for a moment? Spying tools go ahead with its

:13:43.:14:45.

promise to release fresh batches of tools each month. It threatens to

:14:46.:14:48.

sell new code that could compromise phone handsets and Windows temp as

:14:49.:14:55.

well as data stolen from banks. It was also revealed the squeeze

:14:56.:15:05.

cell-free phone. There was an app called lens which turns your smart

:15:06.:15:10.

code camera into a search engine. And there was serviced to take your

:15:11.:15:19.

loved one's remains into space. Capsules of Ashes will orbit Earth

:15:20.:15:23.

for two years before re-entering the atmosphere as a shooting star. It

:15:24.:15:31.

costs around ?2000. The previous efforts didn't reach orbit. Finally,

:15:32.:15:45.

over Latvia, this man achieved the first-ever parachute jump from a

:15:46.:15:52.

drone. He landed safely with his parachute.

:15:53.:16:27.

Not looking good out there. I've retired to the inner sanctum. Dover

:16:28.:16:35.

Castle was continuously defended the 900 years, right up until the 1950s.

:16:36.:16:40.

It was a successful defence. I wonder whether our homes are more

:16:41.:16:46.

Ballmer both. -- 1850s. We are filling them with more and more

:16:47.:16:51.

connected devices. This is the family room at the heart of the

:16:52.:16:54.

castle with the lord of -- whether Lord and his family can relax

:16:55.:16:58.

between some thick walls. The king can unwind with a game of chess. In

:16:59.:17:04.

the 13th century, they didn't have the Internet of things but they

:17:05.:17:15.

still have things. How do we make IOT more secure? We keep hearing

:17:16.:17:19.

about these connected devices continually being hacked. Why is it

:17:20.:17:24.

so hard for manufacturers to make them more secure? It is not hard. It

:17:25.:17:30.

just needs thought, Efford and time to do it right. -- effort. They have

:17:31.:17:36.

to get their product to market and somewhere, someone says security. Do

:17:37.:17:42.

they carry on chipping orders ship it out and expose us as consumers? I

:17:43.:17:47.

like to think security is getting better. I think it is getting worse

:17:48.:17:55.

at the moment. Everyone wants to jump on the bandwagon. There is less

:17:56.:17:58.

security, cheaper products and people are buying it. Don't worry

:17:59.:18:02.

about that. It's fine. Give me a hand with this chest,

:18:03.:18:24.

please. In here, I've got some IOT devices. Here is one I like the look

:18:25.:18:29.

of. It sends an image of what is going on at your door to your phone

:18:30.:18:34.

so you can answer the door when you are not at home. You can unhook it

:18:35.:18:38.

from the door, press this button and it'll give you a Wi-Fi key so you

:18:39.:18:45.

can hack the customer's network. OK, right. Beggars belief. Here we are

:18:46.:18:52.

in a castle. This is a smart door lock. You cannot your door from your

:18:53.:18:56.

phone but it hooks up with voice control. With Amazon Eco, you can

:18:57.:19:02.

go, locked door. It locks the door for you. It doesn't do anything

:19:03.:19:09.

silly unless you hooked it up to Siri. You could shout through the

:19:10.:19:18.

door, "A locked door," says the burglar and it unlocks the door.

:19:19.:19:24.

This is a next thing. This is a thermostat and you can control your

:19:25.:19:28.

heating from your home. We found that you could hack them and do

:19:29.:19:32.

crazy things like install ran somewhere on them so they could hold

:19:33.:19:37.

your heating system to ransom in the middle of winter. So you can turn

:19:38.:19:41.

the heating off and demand money to turn it back on. Buy yourself a fan,

:19:42.:19:50.

like we've got. It seems these gaps in our defences are proving to be a

:19:51.:19:57.

gift for our attackers. Really? A smart cattle? What's the problem

:19:58.:20:03.

with a smart cattle? You can boil a couple from your bed when you wake

:20:04.:20:08.

up. Unfortunately, this early version wasn't secure and you could

:20:09.:20:13.

sit outside someone's house, port -- point an aerial at your kitchen and

:20:14.:20:25.

get your Wi-Fi keys. Good Lord. Not safe any more. Let's go to the

:20:26.:20:30.

throne room. This is more secure. I've locked the doors. OK, right,

:20:31.:20:41.

how can we defend ourselves and our data if we have a phone -- a home

:20:42.:20:48.

full of connected devices? You have to update your phone. Check the

:20:49.:20:55.

software is bang up-to-date because the manufacturers may have fixed the

:20:56.:21:00.

bug is. Would you buy a connected device for your children? I

:21:01.:21:04.

wouldn't. I don't think they are enough yet.

:21:05.:21:17.

One extra word of advice. It is boring but please make sure you got

:21:18.:21:26.

a good strong password on app that you'd use to talk to your toys. OK,

:21:27.:21:32.

looks like we have some unwelcome guests. I will hand you over to Lara

:21:33.:21:37.

who has some important security tips that we may be should have paid more

:21:38.:21:47.

attention to. It is every geek for himself.

:21:48.:22:00.

The recent ransom ware attack showed you don't have to be personally

:22:01.:22:07.

targeted to end up being a victim. This first tip would have protected

:22:08.:22:10.

you against that and many similar attempts to get inside the walls of

:22:11.:22:16.

your castle. One thing you need to do is to update the operating

:22:17.:22:21.

system, the browser and the applications you use. These pieces

:22:22.:22:26.

of software are complicated and they contain bugs. There are other ways

:22:27.:22:33.

we could be leaving ourselves vulnerable. Don't jailbreak devices.

:22:34.:22:39.

Use download applications because without that, you are bypassing the

:22:40.:22:45.

security that has gone into them. At one point, you will lose your

:22:46.:22:49.

devices. When you set it up, ask it to win crypts all the stores. If you

:22:50.:22:56.

don't think you've got anything of value, your contacts are worth a lot

:22:57.:23:00.

of money to cyber criminals. If you are putting documents that you don't

:23:01.:23:07.

want other to people to see, I say don't do it. If you download

:23:08.:23:10.

something and you are not expecting it, don't do it. Protect your family

:23:11.:23:14.

and friends. Remove that risk. Unfortunately, I think they've

:23:15.:23:19.

arrived a little bit too Thanks for watching

:23:20.:23:22.

and I really, really hope Sunny spells and hefty showers will

:23:23.:24:05.

do it for many parts of the British Isles today.

:24:06.:24:06.

Download Subtitles

SRT

ASS