The new series of Rip Off Britain begins this Monday on BBC1 resuming its mission to expose shams, scams and poor customer service.
In this series I look at how failures in Vodafone’s billing systems and customer services have left subscribers out of pocket and with costly black marks on their credit history; also I investigate how freely available information might be used by identity thieves to build up detailed profiles of their victims.
One item that I hope to be covering more of is the future of passwords.
Like a stuck record, over the last four or so seasons on Rip Off Britain I’ve made the point again and again about the importance of good password hygiene to minimise the risk of hacks.
But recent developments in voice biometrics technology might be part of a move to make our live online much safer. In fact, customers of some major UK banks and service providers are already using just their voices to securely log-in to their online accounts.
The software claims to analyse around one hundred different behavioural and physical characteristics of our voices (for example accent or length of vocal folds) and is being used by customers of TalkTalk and HSBC among others. Its developer, Nuance, says the technology is so sophisticated that it can even distinguish between identical twins.
We took a special version of the voice recognition app to the BBC pop up shop at the Trafford Centre in Manchester to discover whether shoppers there felt secure using their voice as their password.
Rip Off Britain airs on BBC1 Monday to Friday from 12th September at 9.15am.
A challenge as a technology journalist is making sure more complex material remains accessible to your audience without compromising accuracy. With a daily UK readership of 1.895 million the Metro newspaper’s audience is broader than most, so when writing here I’m at pains to check that I’m maintaining clarity without sacrificing substance.
An example: faced with an assignment on Digital-to-Analogue Converters for this week’s Connect section of the paper I pitched hard with my editor to include an introductory paragraph to give some background. The format doesn’t normally allow for this, and even though we knew we would lose word-count elsewhere in the piece she agreed. It was the right decision.
A bit more about DACs:
A DAC or Digital-to-Analogue Converter takes the 0s and 1s from your digital music source – a CD, mp3 or Spotify stream for example – and pumps out the analogue signal necessary for speakers, subwoofers and headphones to function*. You’ll find them in phones, PCs, TVs, DVDs, games consoles, even digital radios – anything that plays audio from a digital source.
While this sounds like it should be a consistent digital activity there is variation in the specification of DACs which can result in audio quality differences. Bluntly, the DACs integrated into our devices may not be making the most of the audio source, particular if from high-resolution or lossless audio formats.
That’s where an external DAC comes into play, squeezing as much detail as possible from good quality digital audio files. They can also add some extra power to the output too – I for one find the volume on my Apple iPhone 6 Plus a little too soft when on the train, tube or in other noisy environments. There is additional significance here for iPhone owners given that Apple has pulled the plug on the ubiquitous 3.5 mm headphone jack in its newer phones – something these jack-equipped headphone amps can help to work around.
I did try to name the feature ‘What’s Up DAC?’ but my editor overruled me. A shame, but once again it was probably the right decision : )
* I was curious to discover whether purely digitally-driven speakers exist: it turns out they do in theory but are impractical for mass adoption – there are precious few resources online but here’s what Wikipedia has to say about them.
A lot of my work right now is around cyber crime and cyber safety. My Hackageddon feature this week’s Connect section in The Metro illustrates some ways in which our online data might be vulnerable.
While there are precautions we can all heed and best practices we can each adopt when online – good password hygiene among the most important – we are still at the mercy of the organisations we trust to safeguard our data. Sadly, too many of these have been found wanting, with poor security contributing to the estimated 500,000,000 personal records that were leaked or lost in 2015 alone (source: Symantec).
In the Metro feature I look at passwords and password managers, the rise of ransomware, and how to check if your data has already been leaked. We also see how Facebook boss Mark Zuckerberg may take care to keep his details safe now, but how his previous poor security choices recently came back to bite him.
Read the full feature in the Metro e-edition here.
As a side note, the feature coincides with season two of Golden Globe-winning cybercrime drama Mr Robot airing on Amazon Prime Video. I enjoyed the first series – it’s a good drama with plenty of technical authenticity – and can’t wait now to get stuck into the second.
Right on the Money, hosted by Dom Littlewood and Denise Lewis, returns for a second season on BBC1 this summer and I’m excited to be part of the reporting team.
In Friday’s show I front a film about how make money on the move, armed with little more than a smartphone. I look at how people are using apps including Nimber, which pays you to be a courier, YouGov, which rewards you for sitting and submitting surveys, and also Bounts and Sweatcoin, which convert exercise into cash and prizes.
Here’s a quick clip from the show:
You can watch the full Right on the Money episode here (for as long as BBC iPlayer allows, that is).
Despite this appearing on screens in the height of summer, the item was filmed during the depths of winter – the shorts and t-shirt sequence in particular during a sub-zero day in High Wycombe!
Right on the Money airs on BBC1 weekdays 9.15-10am between 11th – 22nd July 2016.
The convergence of car tech and consumer tech is something I’ve spoken and written about in the past, so when Channel 4 asked if I’d explain more to Mary Portas in her new show What Britain Buys I was only too happy to oblige.
Mary was particularly intrigued by the emergence of the dashcam as the must-have in-car accessory for 2016. That said, she was somewhat preoccupied with what happens when the camera faces into the car rather than out front – mercifully our own carpool karaoke didn’t make it into the final cut.
As I wrote in The Metro recently, dashboard-mounted cameras are quickly becoming a must-have accessory for safety-aware, litigation-conscious drivers. Dashcams record video in the event of a bump or prang (or even a malicious key-scrape) with some insurers offering owners lower premiums to counter so-called ‘crash for cash’ and ‘flash for cash‘ scams.
What Britain Buys with Mary Portas is produced by Sundog Pictures for Channel 4.
Watchdog Wednesdays continues on BBC Three and in this week’s film I investigate how easily a criminal can hack a public Wi-Fi hotspot and compromise its users’ personal information.
Coffee shops, high streets and hotels increasingly offer free public Wi-Fi so visitors can sync up while they eat, shop or stay. However, as I’ve reported on before, Wi-Fi hotspots are easy to spoof, are frequently unsecured, and even when there is a password there is still no guarantee of safety.
Hacking the Hotspot
So, in a controlled experiment at a central London coffee shop, I set out to see what the hackers see. What I saw when the Watchdog cameras began rolling surprised even me:
— BBC Three (@bbcthree) April 20, 2016
With very little investment in time or equipment I learnt how to intercept traffic sent between users’ devices laptops, smartphones, tablets and the internet.
Just to be clear – I am not a hacker, I’m a journalist, but picking up the basics was worryingly easy.
The Man in the Middle
My attack (known as a ‘Man in the Middle‘ attack by ARP poisoning) targeted only a single device operated by a member of the BBC crew. It could equally have targeted a number of devices, perhaps all logged in to the Wi-Fi hotspot.
I found unencrypted traffic easily visible, plain text usernames and passwords flashed before my eyes in real time — gold dust for a hacker — and webpage images appeared on my hacktop just as they did on the victim’s machine. I was even able to work around some (but not all) websites’ attempts to enforce HTTPS security.
plain text usernames and passwords flashed before my eyes in real time — gold dust for a hacker
I was shocked that supposedly secure websites such as John Lewis, ebay and Amazon were vulnerable to this basic attack on an iPad, along with email accounts that didn’t have SSL security enabled. Facebook and Twitter didn’t fall for the hack.
Are we really aware of how easy it is for data we send over the airwaves to be intercepted by a silent criminal? I suspect not. This is a perfect crime where victims are unaware that their details have been compromised until the criminal executes his hack hours, days or weeks later when emails get intercepted, accounts get hijacked and funds go missing.
There’s nothing here that’s difficult to get hold of:
- Sony Vaio laptop
- External USB antenna
- Kali Linux operating system
- Tools including Wireshark, sslstrip, ettercap, driftnet
I should add that none of the software used here was illegal; Kali Linux and its bundled utilities are open source, promoted as ‘penetration testing and ethical hacking’ software and is used by security professionals to ensure their corporate networks and public websites remain secure to hackers. Of course, the very same software may also be used by hackers for malicious means. And then, of course, there is YouTube – there’s any number of tutorials here to help you get to grips with the tools and utilities mentioned above.
Stay Safe on Public Wi-Fi Hotspots
So there’s the scare story. But what can you do stay safe when on public WiFi?
- For light browsing I prefer to bring my own network and tether from my smartphone or Mi-Fi, but my data plan is generous (and yes, expensive) to allow for that; if cellular reception is poor it’s painfully slow or impossible.
- A VPN, or Virtual Private Network, is my next security measure – this creates a secure ‘tunnel’ between my laptop, tablet or smartphone and a server elsewhere on the internet into which a fraudster cannot eavesdrop. These can be free, fairly cheap or you can even build your own.
- If all else fails I make sure that websites I exchange data with support safe browsing, denoted by HTTPS and the green padlock (but beware that tools like ‘sslstrip’ can subvert this). I do not ignore errors from the web browser which talk about invalid certificates, even if I don’t understand exactly what they mean – I can visit those websites later when I’m on a secure connection.
How secure are apps? How do you know whether they’re secure if there’s no green padlock or HTTPS visible in an address bar? In my testing I found some apps that are blatantly not secure broadcasting personal details, but I’ll be exploring this in more detail very soon.
Watchdog Wednesdays, a spin-off from the popular BBC1 investigative consumer affairs show, has launched on BBC Three and I’m excited to be fronting its films about online hacks and scams.
My first film, a re-version of an item which aired in Watchdog in October, sees me and LBC’s James O’Brien shed light on a scam known to many as the ‘Microsoft Support Scam’, eventually catching the crooks red-handed.
A three-minute short can only tell so much of the story, so for the many who’ve gotten in touch here’s the technical bit:
On an Apple MacBook running virtual machine software I performed a fresh install of Microsoft Windows 7, loaded anti-malware software, and seeded files in my Users folder and desktop to make it look like a well-used PC. On the host Mac I ran screen recording software, an X server and the Wireshark packet sniffing software to help identify where the scammers were connecting from (alas, we didn’t get to cover the last bit in the film). My final tool was a web browser with some simple who.is tools, and an hour or so raking through some ‘who called me’ forums to find some leads.
On Challenge TV’s Videogame Nation recently I chatted with presenter Dan Maher about the challenges faced by studios when developing games for Virtual Reality platforms.
Videogame Nation is that rare thing on mainstream television: a show about video games.
Hosted by Inside Xbox co-host Dan Maher, Aoife Wilson and John Robertson, produced by Ginx TV and airing in the UK on Challenge TV, VGN celebrates games and gaming culture with a maturity and intellect that appeals to gamers and non-gamers alike.
In this week’s episode I speak with Dan about a pet subject of mine: virtual reality. We discuss the specific challenges that studios face when developing for VR platforms, and the role that mobile can play in VR’s future.
Here’s a clip from the show where Dan and I talk about the challenges, how mobile will be an invaluable on-ramp for VR, and get hands on with Kickstarter project prototype, Goblin VR.
Hardware is one of the challenges faced by developers – platform fragmentation is already real – and so is grammar: a successful VR experience is not simply a case of lifting traditional a game and dumping it into a pair of virtual reality goggles. The fact is that developers don’t know what works yet; it’s frontier-land all over again which makes VR development a very exciting – if very risky – arena for studios to be working in.
*** UPDATE: Since I wrote this story in early 2016 VGN has, after four series and much critical acclaim, used up all of its credits – much to the disillusionment of gamers all over the internet. Fear not: without too much searching you can still find pretty much every episode of Videogame Nation on YouTube.