Robots Storm the Castle Click

Welcome to the south coast of England, and the country's

They say an Englishman's house is his castle.

Like every other home in the land, it needs to be well

defended, because these days, it is constantly under attack.

The walls make it out burglars, but today's

digital invader is wily, and can worm its way

Last week's global cyber attack on companies in around 150 countries

shows just how vulnerable systems can be, even if you are not called

So this week, we're looking at cybersecurity.

It's me versus the bad guys out there.

And they might be small, but there's a lot of them.

So what can I do to shore up my defences?

Gadgets already recognise our fingerprint, and now

banks are starting to identify us using our voices.

Is it possible, for example, to fake someone's voice?

We asked Dan Simmons to give it a go, or most precisely,

to find the one person who might stand a chance at breaking

Well, one of the things that you might not know about me is that

I am the only member of the Click team to have a twin brother.

His name is Joe, and we kind of sound quite alike.

But I came out first, and he just copied me.

Yeah, well, for this report, it's going to be Joe trying

TOGETHER: ..as we try to break into a bank.

But first, we're going to need some help.

Yep, I really think this guy is going to help us.

What we're going to do first is I have this little

And what this will do is just detect, first of all,

This system that you're trying to break in is analysing your voice

So there will be about 100 different variables it is picking up on.

Hello, I'd like to access my account, please, today...

Hello, I wondered if I could access my account today.

You see there are pretty big differences between them.

So who do you think is the bigger Adam's apple, out of both of you?

It's the first time I've tried to use the telephone banking

service, and I'm not set up, so I am hoping...

How many - how long do you want to make this?

That wasn't axactly the way you said it the first time.

I'd like to take everything out, today, please.

I'd like to take everything out, today, please.

Erica is the voice of NICE - NICE is the voice security provider

for Citibank credit card-holders in the US, among others.

Joe's going to try to break into my account, what chances do

What advice can you give me to try and break into his account?

Well, you've known him your entire life, so try to imitate his voice.

She seems very confident about this - what -

what why is it that you think that, maybe, my twin brother can't break

Voice biometrics is the most accurate form of identification

there is for access into financial institutions.

It registers over 100 different characteristics with voice.

Half of them personality and the half are physical.

And you do look a little bit different,

and your voices are different, so you will have different vocal

So therefore, what percentage chance do you think I have?

It would be one out of several hundred thousand.

How do you make it so that I can access my

account, even if, like, at the moment, I have a little

As I said, there's over 100 characteristics,

and a cough or cold only affects about two.

So we still have all those other characteristics to work with,

and we can use those for identification.

And has anybody fooled the system through the front door?

Basically, pretending to be somebody they're not?

It might just be a bit out the ballpark, but is this legal?

I'm here to break into the account of Dan Simmons.

Hi, yes, I'd like to access my current account,

Yes, it's probably about ?10, something like that.

Wow, look at how close this is over here.

If we come over here, it you can see there's the threshold

level, and that - that is pretty close.

But that's how you test the system, isn't it?

Yes, we that's how we test the system.

We test it with twins, and siblings, and imitators.

You know, a fraudster wouldn't get three chances,

and the reason a fraudster wouldn't get three

chances is that we would register the multiple failures,

and it would dynamically increase the threshold on the third,

Right, that is not to say, of course, that it's

It's not impossible, it's just very improbable.

So, Dan, your bank account is still safe, although your twin

got away with some pretty cool stationery.

Were you surprised that the voice attack didn't work?

We really tried hard to match up our voices.

You know, we used the voice coach and the rest of it,

and it just bubbled under what we needed and couldn't get in.

What about the simpler stuff that we have been asked by banks

in the last few years, like "My voice is my password,"

To get into my account, my twin needs my sort code

and my account number, things I have already

He also needs to know my birthdate, but that's probably something

The question is, can my voiceprint give me any extra

Secret bank, we're not getting any bank names away.

Now, interestingly, it's the PIN number,

which, if you are from the days from the old cheque-book,

then both of those things you'd use to print objects.

So if you've got an old cheque from somebody you already know

He knows my date of birth because we share the same

After the tone, please repeat the phrase "My voice your password".

After the tone, please repeat the phrase "My voice your password".

The balance of your account is ?1.21p credit.

I thought it would be more than that, Dan.

Perhaps more surprising when you consider the service

providers test their systems with twins to improve security.

I can get into other accounts, apparently,

He did break into your real bank account. That wouldn't be a great

defence. He is my twin and not many people have one of those. Computers

can emulate and clone voices. We have started to see people fooled in

the same way we have been fooled by photo shop pictures. I don't think

that will work. Do you mind if we give that a go? Be my guest.

I record his voice and sent his recording to Canada. I would have to

say great, the best. We are working with security searches to find out

what is the best way to send. This is why we haven't made it public

yet. The developers hope it will give someone back their voice if

they lose it through illness or an accident that they are aware it

could be used to fake a voice ID. Sun-macro one idea I have to work on

is to mark the samples. We have to detect this. They are not quite

ready to help you. You could replicate their voice

print. You still wouldn't be able to get in. I know because I've tried to

hack in. Major security no no man works

at an undisclosed financial He manages innovation,

because they have an Just watch the way he uses his

phone, because his security And even with all his

login details, I'll need to replicate how he holds,

taps, and tilts his device. Chris, would you mind

lending me that for a moment? Spying tools go ahead with its

promise to release fresh batches of tools each month. It threatens to

sell new code that could compromise phone handsets and Windows temp as

well as data stolen from banks. It was also revealed the squeeze

cell-free phone. There was an app called lens which turns your smart

code camera into a search engine. And there was serviced to take your

loved one's remains into space. Capsules of Ashes will orbit Earth

for two years before re-entering the atmosphere as a shooting star. It

costs around ?2000. The previous efforts didn't reach orbit. Finally,

over Latvia, this man achieved the first-ever parachute jump from a

drone. He landed safely with his parachute.

Not looking good out there. I've retired to the inner sanctum. Dover

Castle was continuously defended the 900 years, right up until the 1950s.

It was a successful defence. I wonder whether our homes are more

Ballmer both. -- 1850s. We are filling them with more and more

connected devices. This is the family room at the heart of the

castle with the lord of -- whether Lord and his family can relax

between some thick walls. The king can unwind with a game of chess. In

the 13th century, they didn't have the Internet of things but they

still have things. How do we make IOT more secure? We keep hearing

about these connected devices continually being hacked. Why is it

so hard for manufacturers to make them more secure? It is not hard. It

just needs thought, Efford and time to do it right. -- effort. They have

to get their product to market and somewhere, someone says security. Do

they carry on chipping orders ship it out and expose us as consumers? I

like to think security is getting better. I think it is getting worse

at the moment. Everyone wants to jump on the bandwagon. There is less

security, cheaper products and people are buying it. Don't worry

about that. It's fine. Give me a hand with this chest,

please. In here, I've got some IOT devices. Here is one I like the look

of. It sends an image of what is going on at your door to your phone

so you can answer the door when you are not at home. You can unhook it

from the door, press this button and it'll give you a Wi-Fi key so you

can hack the customer's network. OK, right. Beggars belief. Here we are

in a castle. This is a smart door lock. You cannot your door from your

phone but it hooks up with voice control. With Amazon Eco, you can

go, locked door. It locks the door for you. It doesn't do anything

silly unless you hooked it up to Siri. You could shout through the

door, "A locked door," says the burglar and it unlocks the door.

This is a next thing. This is a thermostat and you can control your

heating from your home. We found that you could hack them and do

crazy things like install ran somewhere on them so they could hold

your heating system to ransom in the middle of winter. So you can turn

the heating off and demand money to turn it back on. Buy yourself a fan,

like we've got. It seems these gaps in our defences are proving to be a

gift for our attackers. Really? A smart cattle? What's the problem

with a smart cattle? You can boil a couple from your bed when you wake

up. Unfortunately, this early version wasn't secure and you could

sit outside someone's house, port -- point an aerial at your kitchen and

get your Wi-Fi keys. Good Lord. Not safe any more. Let's go to the

throne room. This is more secure. I've locked the doors. OK, right,

how can we defend ourselves and our data if we have a phone -- a home

full of connected devices? You have to update your phone. Check the

software is bang up-to-date because the manufacturers may have fixed the

bug is. Would you buy a connected device for your children? I

wouldn't. I don't think they are enough yet.

One extra word of advice. It is boring but please make sure you got

a good strong password on app that you'd use to talk to your toys. OK,

looks like we have some unwelcome guests. I will hand you over to Lara

who has some important security tips that we may be should have paid more

attention to. It is every geek for himself.

The recent ransom ware attack showed you don't have to be personally

targeted to end up being a victim. This first tip would have protected

you against that and many similar attempts to get inside the walls of

your castle. One thing you need to do is to update the operating

system, the browser and the applications you use. These pieces

of software are complicated and they contain bugs. There are other ways

we could be leaving ourselves vulnerable. Don't jailbreak devices.

Use download applications because without that, you are bypassing the

security that has gone into them. At one point, you will lose your

devices. When you set it up, ask it to win crypts all the stores. If you

don't think you've got anything of value, your contacts are worth a lot

of money to cyber criminals. If you are putting documents that you don't

want other to people to see, I say don't do it. If you download

something and you are not expecting it, don't do it. Protect your family

and friends. Remove that risk. Unfortunately, I think they've

arrived a little bit too Thanks for watching

and I really, really hope Sunny spells and hefty showers will

do it for many parts of the British Isles today.