It’s a familiar tale: any time I once made to play Metal Gear Solid, Pro Evolution Soccer or PaRappa the Rapper has long since been eroded by the glamours of parenthood and an erratic work schedule. Mario Kart Wii still gets spun up, as much of an occasional treat for me as it is for my kids.
I am the ‘lapsed gamer’.
But I do still play games. Armed with my smartphone or tablet, pocket puzzlers like the stunning Monument Valley, gory graphic novel epics such as The Walking Dead or riddlers including Mr Robot help ensure that train platform dead-time can still be game-time.
I’ve yet to tire of exploring new places with Pokémon Go, and I stand firm that the Swift Playgrounds lessons are every bit as satisfying as a good Sudoku puzzle – plus I get to learn a valuable skill.
I am the ‘on-the-go gamer’. Living the smartphone gaming dream I am part of the fastest area of revenue growth in the games industry.
So, when Nintendo formally announced its latest console last Friday I wondered if it was an attempt to appeal to gamers like me.
Nintendo Switch is a hybrid tablet/TV games console, as comfortable in your hands as it is hooked up to your television. Accompanying the hardware is a strong first year line-up of titles including new the Zelda Breath of the Wild and Super Mario Odyssey adventures.
But the big question is whether Nintendo has given itself enough of a fighting chance with the Switch to emerge from the shadow of the debacle that was the Wii U, to overcome the console behemoths that are Microsoft and Sony, and to take on the smartphone gaming market.
That was the topic of the story I wrote this week for Mobile World Live: “Will Nintendo fanboys make the Switch?”.
After going hands on with the Nintendo Switch at the London launch event, including playing the new fun fighting game Arms, I headed over to BBC Broadcasting House to report back for two live spots with the BBC News Channel and BBC World News:
In the US Black Friday follows Thanksgiving Thursday and, along with so-called Cyber Monday, has become one of the biggest days in the online shopping calendar. Inevitably it has become a big deal in the UK now too.
On Friday’s ITV Good Morning Britain I was in the studio sharing some tips on how to bag the best online Black Friday bargains.
Many Black Friday shopping tips apply equally to buying online around the rest of the year, but some peculiarities have emerged:
- Keep checking throughout the day. A large element of surprise and secrecy exists around Black Friday that retailers are keen to persist. Prices change, new deals get added and stocks are limited: it’s all part of a clever strategy to keep us interested throughout the day and coming back to their online stores. But that does mean that a good price at 8am might be even better by midday, but sold out by six. That’s the risk you take.
- Black Friday Pop-Up Portals: Comparison sites and aggregation tools are useful all year round, but on Black Friday dozens of pop-up sales portals appear on reputable websites. Which to choose? If you’re shopping for gadgets and technology (always a big deal over this weekend) then take a look at the website of popular gadget magazines or online titles – referrals and traffic mean Black Friday is great business for them too, and many have journalists locked in a room all day hunting down the best deals so you don’t have to.
- Is it really a bargain? It’s worth pointing out that some retailers don’t play fair – research by Which? found many so-called Black Friday bargains were anything but, with prices cheaper both before and after the shopping bonanza weekend. Websites like camelcamelcamel.com (I’ve no idea…) keep track of prices over a period of time to let you see how the price you on offer today compares with the price over, say, the last twelve months.
It goes without saying to watch out for scams though phishing, smishing and malvertising, be aware of your rights and consider paying by credit card for the best consumer protection.
A final thought:
- Don’t let Black Friday Frenzy take over. Remember this is essentially a bit of fun – the worst that can happen is that we pay full price for something or don’t buy it at all. Part of the fun of the whole experience is the thrill of chasing a bargain but your life absolutely does not depend on it. Keep it in perspective and if the fun stops then switch off your computer, switch on the kettle and make a cup of Black Friday tea.
On BBC Watchdog tonight I appear in an item highlighting gaping holes in home food delivery service Deliveroo’s security and fraud prevention systems.
Victims of so-called ‘Deliveroo fraud’ report having their credit and debit cards emptied of many hundreds of pounds on food and drink orders they never placed, to addresses many hundreds of miles from where they live.
Deliveroo’s standard response to claims of a security breach has left those affected with a bitter taste in their mouths, suggesting victims look to their own security failings instead.
The first a victim knows of the fraud is when they receive an email from Deliveroo confirming an order has been placed.
Deliveroo insists that its own systems have not been the subject of a hack or data breach; instead the firm advises that customers should not reuse passwords and usernames across multiple online accounts.
Sound advice on its own, but a critical mass of Deliveroo victims all suffering the same fraud might suggest that Deliveroo should look again at its own security measures.
Regardless of how fraudsters are accessing Deliveroo customers’ accounts there are further security issues that should be addressed as a matter of urgency:
- Smart fraud prevention mechanisms, if present at all, appear to be ineffectual here. Purchases that are so out of character – such as those highlighted in the show – should easily be picked up by automated systems and subjected to additional verification.
- Similarly, a change of delivery address should also trigger additional verification – a PIN sent to the account holder’s smartphone, for example.
- Deliveroo chooses not to authenticate customer card payments with a CVV2 code.
The Card Verification Value is one of the names given for the additional security numbers printed on the signature strip or from of the card. Deliveroo is far from the only retailer to forego ‘card not present’ security – Amazon, with its 1-click purchase is another. However, this lack of verification allows fraudsters to place orders on credit cards that are not theirs with no challenge at all.
Deliveroo’s light touch on security can be put down to one thing: sales. Here’s how skimping on security benefits Deliveroo’s bottom line:
- When we buy something, the more hoops we have to jump through to make that purchase, the more likely we’ll drop out and go somewhere else.
- Understandably Deliveroo wants to make placing an order with them as simple a process as possible by cutting out as many hoops as it can.
- However, some of those hoops are there for reasons of security; in removing those, Deliveroo is not only making it easier for its customers to place an order, it’s making it easier for them to be defrauded.
Watchdog airs on BBC1 tonight at 8pm.
Among the topics I cover in this series of Rip Off Britain: Live on BBC1 is speech recognition. In Tuesday’s show I went to Liverpool to investigate how viewers are talking to their tech to help make their everyday lives easier.
According to researchers at Stanford University we can talk three times faster – and with 20% more accuracy – than we can type or swipe on a mobile phone.
Proof that it’s good to talk, right?
It was no surprise, however, to find that many I spoke with were initially sceptical about the effectiveness of speech recognition. But I had a hunch that their lack of confidence was misplaced, with judgements on poor comprehension based on older generations of the technology.
Our day of filming in and around Liverpool proved my point: I found that Apple’s intelligent personal assistant Siri was better than even I was at comprehending commands, irrespective of accent or background noise.
Speech recognition technology – and Siri is far from the only or even the best example at present – has now reached a level of useful maturity. What is needed next to help more to benefit from it is further accessibility and behavioural change.
In the main Rip Off Britain series in September I also took a look at how voice biometrics are being used by major service providers as an authentication factor to make logins to our online accounts safer, simpler and more secure.
Check out further clips from this series of Rip Off Britain here on the BBC website.
The new series of Rip Off Britain begins this Monday on BBC1 resuming its mission to expose shams, scams and poor customer service.
In this series I look at how failures in Vodafone’s billing systems and customer services have left subscribers out of pocket and with costly black marks on their credit history; also I investigate how freely available information might be used by identity thieves to build up detailed profiles of their victims.
One item that I hope to be covering more of is the future of passwords.
Like a stuck record, over the last four or so seasons on Rip Off Britain I’ve made the point again and again about the importance of good password hygiene to minimise the risk of hacks.
But recent developments in voice biometrics technology might be part of a move to make our live online much safer. In fact, customers of some major UK banks and service providers are already using just their voices to securely log-in to their online accounts.
The software claims to analyse around one hundred different behavioural and physical characteristics of our voices (for example accent or length of vocal folds) and is being used by customers of TalkTalk and HSBC among others. Its developer, Nuance, says the technology is so sophisticated that it can even distinguish between identical twins.
We took a special version of the voice recognition app to the BBC pop up shop at the Trafford Centre in Manchester to discover whether shoppers there felt secure using their voice as their password.
Rip Off Britain airs on BBC1 Monday to Friday from 12th September at 9.15am.
Right on the Money, hosted by Dom Littlewood and Denise Lewis, returns for a second season on BBC1 this summer and I’m excited to be part of the reporting team.
In Friday’s show I front a film about how make money on the move, armed with little more than a smartphone. I look at how people are using apps including Nimber, which pays you to be a courier, YouGov, which rewards you for sitting and submitting surveys, and also Bounts and Sweatcoin, which convert exercise into cash and prizes.
Here’s a quick clip from the show:
You can watch the full Right on the Money episode here (for as long as BBC iPlayer allows, that is).
Despite this appearing on screens in the height of summer, the item was filmed during the depths of winter – the shorts and t-shirt sequence in particular during a sub-zero day in High Wycombe!
Right on the Money airs on BBC1 weekdays 9.15-10am between 11th – 22nd July 2016.
The convergence of car tech and consumer tech is something I’ve spoken and written about in the past, so when Channel 4 asked if I’d explain more to Mary Portas in her new show What Britain Buys I was only too happy to oblige.
Mary was particularly intrigued by the emergence of the dashcam as the must-have in-car accessory for 2016. That said, she was somewhat preoccupied with what happens when the camera faces into the car rather than out front – mercifully our own carpool karaoke didn’t make it into the final cut.
As I wrote in The Metro recently, dashboard-mounted cameras are quickly becoming a must-have accessory for safety-aware, litigation-conscious drivers. Dashcams record video in the event of a bump or prang (or even a malicious key-scrape) with some insurers offering owners lower premiums to counter so-called ‘crash for cash’ and ‘flash for cash‘ scams.
What Britain Buys with Mary Portas is produced by Sundog Pictures for Channel 4.
Watchdog Wednesdays continues on BBC Three and in this week’s film I investigate how easily a criminal can hack a public Wi-Fi hotspot and compromise its users’ personal information.
Coffee shops, high streets and hotels increasingly offer free public Wi-Fi so visitors can sync up while they eat, shop or stay. However, as I’ve reported on before, Wi-Fi hotspots are easy to spoof, are frequently unsecured, and even when there is a password there is still no guarantee of safety.
Hacking the Hotspot
So, in a controlled experiment at a central London coffee shop, I set out to see what the hackers see. What I saw when the Watchdog cameras began rolling surprised even me:
— BBC Three (@bbcthree) April 20, 2016
With very little investment in time or equipment I learnt how to intercept traffic sent between users’ devices laptops, smartphones, tablets and the internet.
Just to be clear – I am not a hacker, I’m a journalist, but picking up the basics was worryingly easy.
The Man in the Middle
My attack (known as a ‘Man in the Middle‘ attack by ARP poisoning) targeted only a single device operated by a member of the BBC crew. It could equally have targeted a number of devices, perhaps all logged in to the Wi-Fi hotspot.
I found unencrypted traffic easily visible, plain text usernames and passwords flashed before my eyes in real time — gold dust for a hacker — and webpage images appeared on my hacktop just as they did on the victim’s machine. I was even able to work around some (but not all) websites’ attempts to enforce HTTPS security.
plain text usernames and passwords flashed before my eyes in real time — gold dust for a hacker
I was shocked that supposedly secure websites such as John Lewis, ebay and Amazon were vulnerable to this basic attack on an iPad, along with email accounts that didn’t have SSL security enabled. Facebook and Twitter didn’t fall for the hack.
Are we really aware of how easy it is for data we send over the airwaves to be intercepted by a silent criminal? I suspect not. This is a perfect crime where victims are unaware that their details have been compromised until the criminal executes his hack hours, days or weeks later when emails get intercepted, accounts get hijacked and funds go missing.
There’s nothing here that’s difficult to get hold of:
- Sony Vaio laptop
- External USB antenna
- Kali Linux operating system
- Tools including Wireshark, sslstrip, ettercap, driftnet
I should add that none of the software used here was illegal; Kali Linux and its bundled utilities are open source, promoted as ‘penetration testing and ethical hacking’ software and is used by security professionals to ensure their corporate networks and public websites remain secure to hackers. Of course, the very same software may also be used by hackers for malicious means. And then, of course, there is YouTube – there’s any number of tutorials here to help you get to grips with the tools and utilities mentioned above.
Stay Safe on Public Wi-Fi Hotspots
So there’s the scare story. But what can you do stay safe when on public WiFi?
- For light browsing I prefer to bring my own network and tether from my smartphone or Mi-Fi, but my data plan is generous (and yes, expensive) to allow for that; if cellular reception is poor it’s painfully slow or impossible.
- A VPN, or Virtual Private Network, is my next security measure – this creates a secure ‘tunnel’ between my laptop, tablet or smartphone and a server elsewhere on the internet into which a fraudster cannot eavesdrop. These can be free, fairly cheap or you can even build your own.
- If all else fails I make sure that websites I exchange data with support safe browsing, denoted by HTTPS and the green padlock (but beware that tools like ‘sslstrip’ can subvert this). I do not ignore errors from the web browser which talk about invalid certificates, even if I don’t understand exactly what they mean – I can visit those websites later when I’m on a secure connection.
How secure are apps? How do you know whether they’re secure if there’s no green padlock or HTTPS visible in an address bar? In my testing I found some apps that are blatantly not secure broadcasting personal details, but I’ll be exploring this in more detail very soon.