Someone just pointed me to a couple cute new security-related toys for mobile phones.

One converts text to speech, using the camera, and the other provides an image-based second-factor authentication mechanism.

Iansyst CEO Tim Sutton told silicon.com: “It takes a standard HTC TyTN smart phone and turns the inbuilt camera into a scanner but a scanner which can be taken anywhere and used anytime”.”

Exciting stuff. Seems extreme, but if someone is blocked from downloading data, they might be able to do a screen record and send the data to a remote audio output. In fact, imagine if someone could redirect the audio of this gadget. Could a “transcribing” attack vector become more relevant? Also wonder what would happen if you just left the scanner on as you walked around town — could the resolution handle billboards, or even street signs? Transcription via highly-mobile scanners presents a new frontier.

The other gadget is less of a tangent:

Users create a pattern by choosing four squares on a grid (pictured) and it is this pattern which is then used to authenticate purchases or passwords, instead of a fixed PIN or password.

The grid is filled with random numbers every time a password or PIN is required. Therefore, a unique number is entered and not the same four-digit code.

The amusing thing to me about this is that the grid is made up of numbers instead of images. Why? Are people expected to be more comfortable with numbers? Maybe it’s just easier to implement and less offensive. Seems backwards and upside down to me. Might be a good idea to reconsider the possibilities of allowing people to enter “something they know” on “something they have”, when that thing they have is a high resolution color screen.

Don’t get me wrong. I think it’s clever that the phone assigns random numbers to a keypad that has nothing to do with numbers (just color and position are meant to be remembered), but why use numbers?

The BBC reports:

For four years, finalists were chosen before lines closed – meaning those who rang later wasted up to £1.80 a call.

Money for nothing, apparently. That did not go over so well with the regulators, who protect consumer interests.

Ofcom said the breaches “constituted a substantial breakdown in the fundamental relationship of trust between a public service broadcaster and its viewers”.

[…]

The problems began in January 2003 and lasted until March 2007, when they were uncovered by the BBC’s Panorama programme.

During this period, GMTV’s revenues amounted to more than £63 million.

It claimed viewers lost £10m a year, as up to half of all callers never had a chance of winning.

The “never had a chance of winning” is a very strange-sounding phrase. I suppose it is this measure of certainty that made it such an open and shut case. In contrast, things like environmental harm might have greater consequences but industry leaders and government cronies (e.g. the Bush administration) are almost always able to find someone who will try and challenge the notion of certainty.

This process of intentional obfuscation and uncertainty can then lead to trust (i.e. snakeoil) ironically and unfortunately. It seems as though GMTV was unable to obfuscate the fact that they had closed the system and thus took in subsequent money on false pretense.