Every Computer Can Be Hacked!
Have you ever heard the sentence that every device can be hacked? I have talked to several security researchers who have experience in hacking Browsers, iPhones and more, to figure out if this is true. And if it's true, should you be worried?
You should worry more about Phishing: • Crazy Steam Phishing Page
@steventseeley: / steventseeley
@s1guza: / s1guza
@itszn13: / itszn13
@xerub: / xerub
@gf_256: / gf_256 / / @basteg0d69
---
00:00 - Can Every Device Get Hacked?
00:53 - Collaboration
02:24 - Law of Security: The More Complexity, The More Insecure
03:20 - Proof #1: Zerodium
04:55 - Proof #2: Phone Vendor Security Updates
05:33 - Proof #3: Hacking Competitions
06:28 - "Can You Find The Vulnerabilities Alone?"
09:27 - "Weaponized" (or Operationalized) Exploits
10:35 - The Original Question Is Useless
11:18 - Risk Of Your Device Getting Hacked?
12:32 - The Economics Of The Attacker
14:30 - Who Should Be Worried About 0days?
15:11 - Attack On Security Researchers
16:06 - What Can You Do Against Hackers?
18:15 - Trick Against Smartphone Hacking
19:22 - Summary and Conclusion
21:21 - Outro
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Instagram: / liveoverflow
→ Blog: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
"every device is hackable" "weaponized exploits" "every person can be killed" KZhead : _you are on thin ice there mister_
😂
also YT: "Hey, nothing wrong with that scam spamming comments you have reported. We wont delete it."
*on
Why should KZhead care what he is saying? Besides a few keywords that might automatically flag the video, there’s nothing KZhead would dislike.
@@supe4701 you clearly have living in a cave
I appreciate the dark video. It's different and easy on the eyes. Global dark mode ftw
Let the darkness rise
@@weakspirit_ hahaha
@@weakspirit_ Ok "Dawn Praiser".
the fact that some devs dont put in dark mode pisses me off
Me after watching this video: **reboots phone just in case**
there is no need to reboot, as china phones will reboot them self :D
@@DanielandStuff7 🤣🤣
There is post exploitation
@@whiskeyblaze Xiaomi Mi 11 ?
every human could be killed doesn't mean every human gets killed ~ LiveOverflow, 2021
We just need a killer.
@@bugswriter_ time ??
Climate Change: Hold my fossil fuels.
Yet every one dies, eventually ;)
@@bugswriter_ 👏👏👏
General rule of thumb: If you've seen Doom running on it, it's hackable. 😁
I have seen Doom on pregnancy test kit
@@sunnymishra1057 it's hackable.
@@sunnymishra1057 sadly it was just displaying Doom running on an RPi
@@sunnymishra1057 came to say that
@@efeyzee And it wasn't even the original hardware. The guy just put his own hardware into the kit and streamed doom to it, which is just boring and completely negates the entire purpose of the challenge. :(
Liking the new little edits like the glitches and stuff, adds more personality to your videos :D
The fact that every computer could in principle be hacked is the singular thing that makes me nervous about self driving cars
So can normal cars 🙃
@@golfmc7941 Cars with no computer can't be hacked.
There is no such thing as cars with no computer anymore. Furthermore, for instance, plains are completely automatic too, yet there are no known cases of hacking. Idk, I feel we just have to not think too much about it
@@tresuvesdobles planes have been hacked before by the CIA in order to kill people fighting against their oppression
@@tresuvesdobles well the USA military has cars without electronics in case of an emp so yea those aren't hackable
"Hey I think I have a virus" "Have you tried turning it off and on again?" "what"
I feel like this is awesome content! Love the input from the other experts sprinkled throughout the video, each in their own style. So cool! 😎
Could not thank enough for sharing these. I use to think no one can hack my phone unless they have a physical access to my device.
I really enjoyed this format. I need mooore :D
Thank you for this well made video. Interesting discussions and pointers raised!
thanks for this video brother, got to learn a lot from this video. I too definitely disabled jit and webassembly for no obvious reason, but since the experts do and it's good to do so then why not
The subtitle is golden haha. Loved your content
i remember when LO didn't show his face. he has come so far and it's been incredible watching. keep up the good work.
Thank you, this video was really interesting and helpful :)
Dude casually has a pwn2own award hanging behind him
Excellent video, thanks!
I couldn't have summarized it better myself. And congrats to being published in Phrack
Expectation: _Free WiFi is dangerous it could pwn your phone and drain your wallet._ Reality: *Ahhhahaha free routers botnet goes brrrrrrr!* *Ohh this kid downloaded our fake cracks and installed malware on their parents' desktop! By disabling the antivirus as what we told them! Lmao!*
I think a more useful question is: "Can every device be hacked remotely without your interaction or awareness." This is the type of attack that concerns me the most and fortunately there are several ways to prevent this almost completely.
???
yeah put your phone in the microwave lol
dude, your content has to be one of the best in KZhead, love what you're doing!
tambem!
Great video! :-)
:) Ayy it's the guy from the video
U r videos sure go over head but they are very good
Nice to see some of the legends talking about vulnerabilities.
Awesome video 😸 So lucky cts didn't get hit by the exploit targeting researchers! I'm also among the 3% that use Firefox 🔥🦊😎
me 2 😎
I’m thinking what researcher would ever use chrome
🔥🦊 gang
Use brave
I agree
The amount of proficiency in this video is pure MindOverflow 😅
Cool dich hier zu sehen :P
Ich erwarte eine Kollaboration zwischen euch! Ihr seid schließlich beide deutschsprachig.
@@DarkyBoy 😊
@@BenjaminAster Ich werde es mal anbringen :)
Zwei deutsche sprechen Englisch miteinander --- Two Germans speaking English with each other
@ 14min...you stay away from my cookies. This was a very great piece.
You should also, in the general guidelines, include that its better physically disable stuff that using some software, like how you should detach your webcam and mic when not in use. great video
Seeing how so many of these vulnerabilities are memory-related, it would be interesting to see how the solutions that tackle it at the programming language level pan out. If you would make a video on that it'd be really cool.
i think the production value of this channel is going up, and I love it! however I think the shadows on your face were too dramatic
Tell us the truth.. why Todesco refused to be interviewed? BTW, always good content!
I wonder if you buy a phone that's 4 years old, if it's vulnerable to attacks because the factory software is out of date and still has to perform a system update to the latest security version. So there might be a time frame in which you could get trojaned or something.
depends on how you define "every device"
Step 1: Define "device" in a meaningful way Step 2: check if your target is a device
Thanks for the video =)
sometime big software firms leave vulnerabilities unpatched just because they accept risk and put blidfold
running debian unstable with a cron that runs every 6 hours: sudo apt-get update -yqq && sudo apt-get upgrade -yqq so basically, I'm super vulnerable when the debian repository gets hacked xd
Reboot or live patch?
breaking into fort knox for a gold heist, may be possible, how many armored divisions do you have? worth?
Originally I read it as fart box, but that doesn't matter. Security solution for newer samsung phones is literally named knox.
I am unsure of the processes of Fort Knox, but I am sure they have incoming and outgoing shipments of things. Access to the ledgers for these would provide a much more realistic attack vector. After all, your goal is to get the material out, why not use the systems they have to your advantage and weaken the target? I am sure much more research went into the development of the Fort than the armored transports. Physical security still has the same weaknesses of mismanaged I/O and backdoors. Plus when the physical security is controlled by electronics, an armored truck is just a mechanized safe with lethal security measures on wheels, right?
@@gameglitcher Im sure you are right. but I'm giving this as a benchmark. This is the immediate solution, that sets a baseline for risk and cost. All other solutions are going to be higher risk and lower cost, or they are bad vectors.
@@CraneArmy Fair XD. if it wasn't for your comment I wouldn't have had a response >.>
Your content is gold, you just need more appealing thumbnails
my phone fucks itself up so often, it gets rebooted sometimes even twice daily
"phishing or a company mishandling your data" kinda reminded me of the new (at least german) IDs requiring you to let them store your finger prints and even though I don't know why that could be a problem, I do not even remotely trust them with those... it feels like telling them my password which they then probably just store in plain text
> Always remember, always reboot your phone Yeah right, like I have any other choice with my PinePhone. That thing is a little unstable ;)
Would be great to hear what the researchers think is the best or more secure browser? is it Google Chrome? Microsoft Edge? Firefox? Opera? Brave Browser? Safari? or any other browser. Which one do they think is better?
Yeah even I would love to know this, glad the guy was using Firefox but considering how Firefox is one of the most used browsers out there wouldn't there be people trying to make 0day exploits that can work on both chromium and Firefox too? Should I really rely on Firefox so much?
lynx (¾ joke)
no one safe, it's just less targeted than others
Nice. Thanks 👍
7:45 Full chain. I've clicked on Google ads using a Google browser and gotten malware, so I can confirm this.
Can you do a video about row hammer exploitation please ?
you are a lot better then alot of others people around on KZhead. can you give that SUDO exploit, this will make you very famous.
I also hadn’t updated my phone! Thanks
The subtitles go haywire starting at 10:35 and 13:13
If for example a journalist uses a second machine (and maby a second network) for projects which is not connected to global network (or to anything else outside his control) anny way of access should be eliminated right?
Nee Video!!! Yaaay ❤️
Thank you for the dark mode. My eyes are grateful. Wish more ppl would do this.
Even with an infinite amount of ways to hack a computer, there can still be unhackable computers.
Man it would be so cool to be able to do this .
You're lying. You can't hack my Broken PC
haha Axe go brr
If somebody hacks my pc thats literally the only person, that has access to it.
What about my Sega Mega Drive?
but what is the most common method to discover 0days ? fuzzing, code audit(only for open source) or reverse engineering?
I know you can run separate systems on Android in a VM which I do from time to time for browsing the web. I really don't bother with Apple products because of their unethical opposition to the right to repair movement but VMs are a good way to isolate your activity.
I got a question for you. What's the risk when Android phone manufactures stop pushing updates to their devices after the devices are 3 years old? When my Phone started getting kernel updates from the manufacturer, I started using LineageOS. I know someone could theoretically edit my system partition to put their nasty stuff instead if they have physical access, but wouldn't being unable to receive system updates for your phone make you more vulnerable to drive-by's?
If your kernel has release-keys builds (which I believe Lineage does), you should be able to re-lock your bootloader and still receive OTA updates.
@@ActualAshCam ah, the issue is that I use magisk so I can bypass the non-manufacturer-approved OS checks so I can still use my banking app on my phone. Re-locking the bootloader in that state still bricks the phone.
@@ARitzCracker Ah, I see. You still probably could, it would just take a lot more work, including creating your own signing keys, and signing patched boot images.
Question is the video supposed to cut off around 8:04 with a message "An error ocurred. Please try again later.(Playback ID: xxxxxxxxx)"?
Ok, but what about intentional backdoors either in software, or hardware?
Great Video
I am so curious if he really rebooted his phone in that video or if he just slid his finger over the screen
it's incredible that buying and selling these exploits to third parties isn't illegal even though it definitely should be
it's heavily regulated
@@LiveOverflow May I ask why? I mean, what is the purpose? If it's government, I could see it, but a third party?
It's just information. Regulating this gets really close to regulating free speech. A lot of third party buyers are also governments and tech companies themselves. Making a market illegal just moves the buyers into the black market. Also, security researchers are smart enough to hide their traces anyway.
@@TheElexec you've got a point. Moving the market to the black market just make things worse.
pagacus is made by israel and very advances in real life.
The subtitles from 10:35 to 10:57 say something elsee 🤔🤔🤔🤔
We all get killed by the grim reaper in the end... Time to put me computer in a safe.
I'm guessing using the Lynx browser in termimal also reduces the attack surface quite a bit?
No, you need to hide in the woods and communicate only by pigeon. Make sure to inspect every pigeon packet to be double safe.
Is it dangerous to use an old android phone that does not get updates for more than 3 years now?
This video reminded me to restart my phone. Thank you.
"every device is hackable" *turns on on incognito mode* You can't touch me now buckaroo :)
16:49 umatrix shouldn't be used as a mitigation of javascript-related threats. Development is ended and the github repository is archived. Use alternative solutions for js blacklisting.
Outdated stuff. The developer has just said to use unlock origin since it has similar features from same developer. Also what she mean with iphone? There's only safari on iphone, that's the only engine used for all of them. It's very outdated as well apple not supporting web standards to keep monopoly on app store. Also exploits for Android has been more expensive than iOS because iOS had so many they had to disable the security firm couldn't take any more and closed reporting for a time don't know the situation now. Also pretty curious how famous people like Elon musk with extreme confidential information deal with this it's pretty known he uses an iPhone.
10:36 the subtitles break here, probably because of an exploit...
My issue with one point in this video is that a software "weapon" is very different from real weapons, like you said. However in my opinion the key difference here isn't the level of damage that can be caused (quality), it's the amount of people that can be affected (quantity). We know that exploits like Pegasus do exist in the real world, and they are relatively hard to detect. Because a zero click exploit could be effectively deployed on any device, it can therefore be deployed on every device. Without trying to sound too much like a conspiracy theorist, we know that historically nation states are usually 10-20 years ahead of consumer technology. I don't see why we should consider the Digital Age any different in that regard. If you were a dictator, and you wanted to have near omnipotence of anything that happens in your country (or abroad, the Internet doesn't abide by physical borders), why wouldn't you pay a few million (or billion, you have country-level money) and get a nice new zero click zero day that you can deploy on any number in the phone book? Sorry for the ramble, happy to chat with people further about this. I'd love to be proved wrong, because right now I can't really see a fault in my logic here, apart from speculating on potential technology, which I am willing to admit debases the premise a little.
I use Windows 10 Mobile. 0.01% market share. No chance there is an exploit for my phone one would be able to sell.
"Every computer can be hacked" well good luck trying to hack an offline computer lol
just restarted my phone... and ill update later
that was epic! cheers.
Have you covered anti-cheat and drm system exploits in games?
He has a series on Guild Wars 2 botting
Ok but that’s quite scary
16:30 good info
One question I always had. Is copying and pasting my password from a password manager is a really stupid way to get pwned?
No
palo alto 0day wreaking havoc atm
wait... is that company (zerodium) business model even legal?
15:50 the firefox master race wins again. obviously this isn't saying there aren't firefox exploits, but it is saying that chromium exploits are much more sought-after, popular and common than firefox, because of market share. all the more reason to use pale moon - present-day pale moon is hard forked from no newer than firefox 52, making upstream firefox 0-days incredibly unlikely to work on it. and no matter what browser you use, turning off javascript completely except for a small whitelist makes it exponentially more difficult to target your attack surface.
Using old software doesn't make you more secure, it makes you much more unsecure. Furthermore Pale moon is maintained by a retarded furry and should not be used by anyone. Palemoon has already been attacked once when one of their servers got hacked and every executable was bundled with malware. Don't give security advice when you don't know what you're talking about.
@@isse6790 the fact you think pale moon is old software automatically makes your entire opinion invalid and discarded
Any advice for crypto users? Especially with DeFi stuff, disabling js is definitely not possible. Do you have recommendations?
The question isn’t can you be hit by a 0-day of course you can, the question is instead are you worth it, are you in possession of have access to something that would justify using the work of 5-10 highly skilled engineers? 90% of the time the answer is no.
this autoupdate crap is double sided edge and i feel sheer lack of UAT/ DTAP model of delivering updates. consider that updated browser doesn't support password saving "for security reasons". or what's worse, stuff their annoying ad banners to menu, because they can. no,thank you, i'll decide by myself if its worth of applying certain update.
5:54 lol Microsoft exchange anyone surprised
I can hack every device if I get my hands on it. * sharpens his hatchet *
They can't hack my mechanical turing machine without having physical access :D
The true answers is yes & no xd, depending on the phase of the moon
The answer for every question is "it depends"
@@zyansheep is this reply a reply?
@@gl3nda96 It depends
@@du42bz Thank you, I was in an existential crisis over that
Nyc video 👍❤️
oop, captions decided to go fast again :(
Looks like i wont go into learning exploit development 😂
“Amy” scares me
that steven guy looks like white rose from Mr Robot
19:19 I rebooted my phone without giving it a second thought!
When you're a nobody and has good opsec, there's nothing much to worry about.😊
good video
Paper Notebook!!!!!!!
Subtitles have problem at 10:50