How Hackers Access Your Phone — Ryan Montgomery, Ethical Hacker

as soon as you connect to any of those I have your password I have anything in between oh man you can hack anything car keys garages Gates anything that's on radio frequency Access Control badges for doors and credit cards there we go I just read my card there and and if you want I can show you the beginning of it oh my gosh dude this is Ryan Montgomery known as the ethical hacker he's demonstrating on camera how easily anyone can be hacked please pay close attention to what follows and share it with your family there are many ways in which anyone can be hacked I will show you a few methods that you and your family should be aware of and of course I will present a few solutions to help you protect yourself so please stay tuned Ryan is showing how hackers can trick people using fake Wi-Fi networks they set up Wi-Fi connections that look real like the ones you might see at a cafe or airport so all of these networks here is probably appear to be legitimate right yeah but they're not these are all fake networks they're all powered by me so as soon as you connect to any of those I have your password I have anything in between so that's that's one thing that's just Wi-Fi and you just oh man so this is so this is is this how people are stealing information this is one of many ways when someone connects to one of these fake networks the hacker can see everything they do like the websites they visit or passwords they type in instead of your device talking directly to the real Internet it's actually talking to the Hacker's computer which pretends to be the internet the hacker can then send you fake websites or steal your information without you knowing this type of attack is called a man- in the- Middle attack and it can happen in places where public Wi-Fi is used so what about the Wi-Fi connections in airplanes they're actually I mean you can obviously you can hack anything but GoGo inflate they they have a pretty good segment on their Network so you're pretty safe with go go uh you there's a chance of getting hacked but not the same as like a Starbucks or a here like you know your network has to be segmented into chunks okay and uh go go segments it pretty well although someone can create a fake Wi-Fi network that tricks people into connecting to it they mentioned that they could easily make a fake WI WiFi network with a name like go go inflight which people on an airplane might recognize and connect to thinking it's legitimate the attacker can create fake networks with any name they choose including names that look like the real networks people are used to seeing instead of just creating one fake Network the attacker scans the area to find all the real networks around them and once they know the names of all the nearby networks they can create fake versions of each one this this way when people in the area try to connect to Wi-Fi they might unknowingly connect to the attacker's fake Network thinking it's their normal trusted one once they connect the attacker gains control of their connection and can steal information besides Wi-Fi the device they're talking about can also exploit wireless devices like mice and keyboards using a technology called nrf24 some wireless keyboards and mice are vulnerable to attacks where the hacker can remotely take control of I'd highly recommend you go back to wired even though it sounds old school that's what you should do because I could control your mouse and keyboard with this device and send keystrokes way faster than you can type them and uh take over your computer without even having to see you or it so I could do that through the wall Ryan Montgomery mentions other types of Wireless attacks like this one this is actually a really good one here so if you're ever in a business for example this is a device that you would plug into USB and then as you see there's an Ethernet adapter here and when this plugs in this has a mini computer inside of it so as soon as this thing gets plugged into a computer or to the internet the first thing it does is try to reach back out to one of my servers so if I put this in you know your closet or where your modem was at I don't think that you would ever think this is a dangerous device we're constantly bombarded with Spam calls texts and marketing emails making it feel overwhelming a common question people have is whether simply opening a text message which can lead to being hacked the answer is technically yes it is possible in some cases this can happen through what's known as zero click attacks which are especially dangerous because they don't require you to click on anything or interact with the message in any way government agencies and hackers pay large sums of money for these kinds of exploits because they allow remote access to your phone without you even realizing it if I open a text could I be hacked just from opening the text technically yes there was one going around for quite a long time called Pegasus uh and then there was another one called Pegasus 2.0 it didn't require any user interaction from anyone you would just send to a phone number they'd have full remote access to your phone even without opening the text without opening anything holy how do you defend against something like that you can't there's no there's no way to defend that's why they're so valuable because there's nothing you can do another thing that can be hacked is your credit card with a simple swipe of radio frequency identification device they can read the details from a tap toay credit card this process is so fast that the person can steal your information instantly just by brushing past you this works best with modern credit cards that use tabt pay technology which includes an RFID chip older cards without this feature can't be read by such devices there we go I just read my card there and and if you want I can show you the beginning of it oh my gosh dude yeah so so it's that easy to steal your credit card number this is just a proof of concept device you know there's devices out there that could do this from further away how fast could you just Brush by somebody and instantly instantly yeah it's there's no delay there the solution you should be using an RFID blocking wallet to protect yourself from this type of theft if you can't afford an RFID blocking wallet a quick fix is to wrap a layer of tin foil around your wallet this will stop devices from being able to read your card even though new credit cards have a security chip the introduction of the RFID tapto pay feature has made them more vulnerable to this type of theft than older non-t cards it's surprising and a bit of weird because the RFID feature was supposed to make payments more convenient but ended up introducing new security risks another scary thing is that your car key can be hacked easily first they use a frequency analyzer to find the exact frequency that the cars key fob operates on modern key fobs are a controlling Code system for security this means that each time you press the unlock button within range of your car the code changes and the previous code expires but if you press the button while out of range for example while you're inside your house the codes remain valid and could be used later to unlock the car here's how it works most cars are going to be in the 315 433 mahz range uh but on this case I'll do the frequency analyzer so I can see exactly what that frequency is so I press the lock button I see that this is 34999 so that tells me that most likely this is going to be at 315 uh key so now I'm going to record and as I hit unlock unlock unlock unlock stop so now I have four uh captures here that will work because how these work the these use a rolling code so every time I press this unlock button and the car is within range that code expires if I'm out of range of the car then these are valid codes so if I went back to you know where to my house and I pressed send and I went and transmitted like like I'm doing now if I transmitted these signals it would unlock the car four times he explains how a roll Jam attack can be used to steal your car by intercepting and jamming the signals from a key fob he describes how an attacker uses a device to send static on the key frequency blocking the signal from reaching the car while simultaneously capturing it so you would get another device like the device I showed you with a big antenna I'd get that device I would jam so I'd send a bunch of scattered frequencies on 315 mahz cuz I know that's what this key is I'd send a bunch of static on 315 and then while I'm standing at the store or wherever the person I want to steal something from their car is I would be listening on 315 so now I'm closer to you listen listening and then the Jammer is closer to your car so your car is not going to receive the signal because of the static but I'm going to receive the signal clear as day from this device so now my combinations are valid so when I go to open your car later mine will work that device can do a lot more than just radio related tasks it operates on sub gigahertz frequencies and by using bigger antennas it can work over longer distances it also has infrared capabilities meaning it can control things like TVs projectors and and other devices that use infrared signals the device has GPI o which allows it to connect and control external devices making it act as a controller for various systems it also has a feature called I button a type of authentication that uses small metal prongs like a key additionally it includes a bad USB which imitates a keyboard and can type thousands of words per minute for quickly inputting data besides hacking related uses the device can also generate two Factor authentication codes without needing an internet connection making it useful for security purposes you thought that was all what about all the electronics manufactured in China Ryan mentions a vacuum mop he purchased which connects to a Chinese Cloud Server to send and receive information do you think we need to worry about what they're putting in our Electronics yeah I mean I'll give you one example I bought this awesome All-in-One Vacuum M called tinaco and uh it completely connects to a Chinese server to uh to transmit and receive information I can control that with my computer through a Chinese Cloud Server there's no reason that that vacuum and MOB should connect to a Chinese Cloud everyday devices like a vacuum mob that connect to the internet compose security risks even though it's just a household appliance its Wi-Fi connection opens up the possibility for someone to remotely control it if it connects to an external server like one in China there's a chance that the device could be used to compromise your home network the concern is that any device with Wi-Fi whether it's a vacuum washing machine or refrigerator can become vulnerable not all of them are constantly communicating with external servers but once they are connected they can create a potential security risk this is because these devices are often connected to the internet even when they don't really need to be making them a possible Target for hacking or unauthorized control one of the reasons they do that is data which is incredibly valuable today because it helps companies make money especially through advertising when you search for something online like on Google companies can track what you're looking for and use that information to show you ads related to your interests this makes it easier for businesses to Target you with products or Services you more likely to buy which means more money for them it's not just about what you actively search although if a company has deeper access to your network or personal information they can see see what you're doing even when you're not searching for something directly for example if you're chatting with someone about a product or interest that data can also be collected and used to show you ads later this information is valuable because it helps advertisers understand what you're interested in before you even start looking for it on Google in simple terms companies want as much data as possible because it helps them figure out what you want allowing them to sell things to you more effectively now that you know all of this here's what you need to do to protect yourself from hackers first use a password manager I would recommend using a password manager for anything that you're storing your passwords with the number one ranked password manager recommended by Ryan is one password this is the one I already use so I will leave a link in the description below one password one password yeah is that the only one that's worth a damn I don't want to speak on ones that I don't know all right we're going to have to make some changes and second install antivirus software or consult with an IT company that specializes in cyber security or reach out to a dedicated cyber security firm thir use an RFID blocking wallet and potentially if you want to be extra safe use a key fob that has an RFID shield on it be cautious about the websit you visit if your browser warns you that a site looks unsafe it's probably unsafe if someone tells you otherwise make sure they're a trustworthy Source always use common sense if something seems too good to be true it likely is and one of the most important ones I would recommend staying up to dat you know buying new routers when they come out stay up with technology when it comes to your your daily uh devices make sure you have a new smartphone if you can afford one laptop make sure you keep it updated computer desktop what whatever whatever computer you use make sure you keep it on the latest update patch so these this is why they keep putting out these software updates it's for it's to combat this kind of stuff of course if you don't update your software you're leaving your device exposed to these known vulnerabilities once an update is released companies often publish details about what they've fixed including security issues hackers can then study these updates to understand the weaknesses in older versions of the software by not updating you're essentially allowing hackers to exploit those vulnerabilities putting your device and personal information at risk in short keeping your software up to date is one of the easiest and most effective ways to protect yourself from cyber attacks hackers can get into your device in many different ways and it's not always about clicking a suspicious link sometimes it's a link but it could also be a file a photo or even a Word document that contains hidden mware in some cases hackers use a combination of different exploits meaning they take advantage of multiple weaknesses in your device or software to gain access essentially almost any type of file or interaction could be a potential way for a hacker to break in if the device isn't well protected so think twice before clicking on anything especially in your email inbox