How Hard is It to Hack a Phone? Understanding Its Protection Features
Vložit
- čas přidán 15. 08. 2023
- The purpose of this video is to help you properly assess your threats. Many will make assumptions about hacks being the main threat. The real threat as explained in this channel repeatedly is surveillance. Could hack themselves be a significant threat?
Let me explain the main obstacles to hacking a phone. These are the main protections built in to all mobile phones running iOS and Android. If you take certain precautions, it will be quite difficult to hack and assumptions by many that they have been hacked will often prove to be materially false.
However, it is still possible to hack a phone. First by improper user choices. Next by those having a special skillset and funds to make use of Zero days. Very few people, seriously few, will be a target for the costly attacks using zero days.
So are you a target? Judge for yourself based on what I will explain.
You however are being surveilled via your phone. And it is not a hack. It is intentional.
-----------------------------------
De-Googled phones are available on brax.me. Sign in to the platform to see the store.
-----------------------------------
Merch Store
my-store-c37a50.creator-sprin...
-----------------------------------
I'm the Internet Privacy Guy. I'm a public interest technologist. I'm here to educate. You are losing your Internet privacy and Internet security every day if you don't fight for it. Your data is collected with endless permanent data mining. Learn about a TOR router, a VPN , antivirus, spyware, firewalls, IP address, wifi triangulation, data privacy regulation, backups and tech tools, and evading mass surveillance from NSA, CIA, FBI. Learn how to be anonymous on the Internet so you are not profiled. Learn to speak freely with pseudo anonymity. Learn more about the dangers of the inernet and the dangers of social media, dangers of email.
I like alternative communication technology like Amateur Radio and data communications using Analog. I'm a licensed HAM operator.
Support this channel on Patreon! www.patreon.com/user?u=17858353
Contact Rob on the Brax.Me App (@robbraxman) for encrypted conversations (open source platform)
brax.me/home/rob Store for BytzVPN, BraxRouter, De-googled Privacy AOSP Phones, Linux phones, and merchandise
bytzvpn.com Premium VPN with Pi-Hole, Cloud-Based TOR Routing
whatthezuck.net Cybersecurity Reference
brax.me Privacy Focused Social Media - Open Source
Please follow me on
Odysee
odysee.com/$/invite/@RobBraxm...
Rumble
rumble.com/c/robbraxman - Věda a technologie
![[柴犬ASMR]曼玉Manyu&小白Bai 毛发护理Spa asmr](http://i.ytimg.com/vi/0TsXQ7z2Dh4/mqdefault.jpg)
Agree with Rob 100%. I need physical access to hack a phone and even then I have to get lucky. It has to be one of the phones with known vulnerabilities and it has to be behind on security patches.
He never said that. There is plenty of malware on the Android Store that can act as a trojan horse to allow your data to potentially be accessed.
Not all cyber-attacks are because someone starts attacking you. A piece of malware you install can signal to a command and control server that your phone is available to be exploited, at which point further software can be deployed to get more data from your phone.
Most attacks are automated, it's not worth a human wasting time attacking systems unless the target is a well known person or a big corporation from which they can get a lot of kudos in their community.
Great video Rob. You really are providing a public service for users. Any chance you could do one for the Linux desktop: security, vulnerabilities etc?
For some people a video like this might be a bit on the technical side but myself I love it when you really get into the nitty gritty and explain the terms. This is my favorite kind of video on your channel! But it's also great that you mix it up.
What I've always wondered about and I'm praying you can answer now is how you can have any kind of serious encryption that's based on a pin code that I presume is four digits? You ALWAYS hear security people talking about the importance of long random passwords. Shouldn't it take them about one micro second to crack that by brute force? I feel like I'm missing a big part of the puzzle here and am hoping you can fill me in. Thanks Rob.
I'm getting mixed results on the more detailed videos. Sometimes it performs extremely well and sometimes the more simplified videos do better. I can't predict. Maybe it's my titles and thumbnails
Ok I will just give my theory for what this might be. That the OS rate limits login attempts and will lock up if an unusually high number is reached. Is that right? But what I still wonder about that is why couldn't they just make an image of the whole thing for unlimited attempts?
The pin code is stored in the secure enclave. Not something you can access externally. It is not accessible via "flashing". So it is not possible to back it up
@@robbraxmantech
Thanks for that answer. I'd still like to understand it a bit better though. Whatever SDD or firmware a smartphone uses to store data I don't get why they couldn't just rip that out of the phone and put it into a specially made forensic enclosure to read its data.
For example they can do that with your PC ram if you have a fully on the fly encrypted drive. They can pull the ram out and put it into their tool and see what was in the computer's volatile memory before it was turned off. With such advanced techniques for PC's I really don't get why they can't do something similar with smartphones especially considering their dominance these days. Why can't they rip out the hardware where the secure enclave is stored with the phone off, put it into an enclosure and image it?
I don't think I've actually gone in super detail on the Secure Enclave. There's a hack for it as well but extremely risky. You could lose the data you're trying to capture. But at least the proof of concept showed it can be done (by accessing RAM)
Now, tell us how Temu found 30 holes in the security layers and penetrated them in unrooted phones
Much appreciated series of explanations. I'll definitely have to re-watch it a bit to more fully understand but appreciate the information!
Would be neat to have permission control as with SELinux on the desktop implemented properly. That could help GNU/Linux based phones as well.
Excellent video, very informative
Useful information. Thanks
Thanks Rob. Does MacOS run apps in VM if installed from Mac App Store, so more secure?
great work, love this channel
CZcams not letting me subscribe. Previous subscriber.
Law enforcement can gain access easily to your phone once it has physical access. Even though they would not call it "hacking" the user would. So the common belief that because your phone is password protected and cannot be accessed or hacked is not true. It is very vulnerable with physical access, unless it is physically encrypted via hardcore 3rd party encryption. Braxman is by far the most knowledgable tech guy I have seen to date so I was surprised to hear him praise cell phone security. Im a computer tech myself of 27 years, and Braxmans knowledge dwarfs my own, but your average cell phone is not unhackable. The average law enforcement data forensics lab can gain access to your data in less than 30 minutes.
Pegasus self opens via an SMS and they then have full control.
Thanks for the information 😅
NO CLICK required, for pegasus, it merely (as far as reports go), needs to be 'SENT' to ones phone, basically, self activating.. .. scary.
Its horrible that we live in a time where people must buy and sell freedom. At the end of the day, i think it'd be even more suspect in the mind of the powers that be, if a citizen is purchasing freedom. A mind would possibly conclude that something important or detrimental may be being concealed. Idk. Its all crazy times🤯 great vid...(couldnt understand it all cause im not so great with tech) but great vid!
What about the security of a Linux desktop computer, that only receives its Internet from the internal SIM of a router (i.e. no landline)? Using a Turris Omnia (with just a SIM) would be a good example of this.
Rob, can you explain what Samsung Knox will do to a phone? Make some things impossible, or just provide an extra security layer? Downsides?
It's an ANTIVIRUS. LOL. I had to research that. :)
I never activated it, mainly because the TOS are 3km long and only in German (on my phone brought in France), and selecting is disabled when I view them, so I can't use any translating software.
This is snake oil! Avoid like the plague 🤔
They just applied for a warrant to get past my PIN code lock easy peazy rights violated
Where do you live? Commiefornia?
@@BearBig70your a good example how important good education is.and how capitalism destroy human civilisation.ty
...and a dinosaur just stood on the roof of my Rolls Royce car and dented it.
So what? You could be anyone making up any kind of sh1t, just like me above.
Maybe you're just paranoid and just THINK they are out to get you.
@@BearBig70 Never-Never-Land by the sounds of it - with Goldilocks and Chewbacca.
They can force you to hand over your phone, with a warrant, but they can't force you to give them your PIN. Some places, they can force you yo provide your biometrics (face, fingerprint), if that's how your phone is locked, but they can't make you hand over a PIN code. Use a PIN.
Can you comment on the quick charge phone charger product that is supposed to stop planned obsolescence? I do believe that phone companies give mandatory bogus updates that degrade the phones, so that you have to buy a new one sooner. This product claims to stop those degrading updates, but does it actually work? It says it was featured on many mainstream news outlets and there is a legal battle going on behind the scenes. In my opinion, if you buy a product, the company has no right to degrade your product through mandatory updates after purchase. Can you imagine if your car dealer was in your driveway at 5am removing your vehicles exhaust system and putting pvc pipe on instead? You buy these products as is, not as they will be with the secret planned mandatory downgrades that are beyond your control, disguised as "updates."
What you described is not a legitimate product. The way you charge your phone has nothing to do with software updates. There is a product that has Bluetooth and it monitors your phone charge state and prevents certain types of overcharging.
@jmr right, charging is not rela5ed to updates, but that product claims to have software loaded onto the adapter, which is supposed to download to your phone when plugged in and claims to disable the preloaded software / updates for planned obsolescence. I know its possible, it could have software loaded on anything that plugs into your phone by USB, whether it charges or not, which is a common way computers get attacked when someone unsuspectedly plugs a USB into their computer or a work computer.
@@utube7917 Listen to Rob's hacking phone talk again. They can't override the underlying operating system. That thing is a hoax.
@@jmr thank you, haven't heard that episode yet
@@utube7917 I'm referring to this video you're commenting on. It explains how hard it is to hack a phone. selinux is very secure.
Paying cash for your computer and getting a paper reset help with privacy.
My BraxOS was hacked. How would I do a dump to forensic the data?
Rob can a chrome back be hacked...?
Usually I root for the purpose of removing the spam that comes with almost every phone. Often these are apps that harmful themselves, such as by Facebook, shopping apps, or things that try to remote-control me from Google. Therefore, I also like installing firmware that does not use Google services.
Then you are very foolish and haven't a clue about how phone security works. You need to watch this video properly.
If you don't want spam on your phone, de-Google it with a custom ROM - you don't even need root for that.
@@terrydaktyllus1320you do need to unlock your bootloader tho
I gave the same advice to many people but it's not as easy to do and there are many downsides
@@terrydaktyllus1320 I would not call trying to solve an issue foolish, and I watched the video. There is a lot more "spam" on the phone than displayed as icons on the screen. And also, nowadays most custom ROMs come with Foogle. Mine not.
It seems that there is a proper way to root a device, that is reversible. I think Terry is right in principle, but if you need an "official" phone for a reason, maybe this could be a middle ground, locking it back after cleaning it up?
@@NorthernChimp If you de-install Magisk the phone will be automatically unrooted. My recovery can uninstall Magisk. Some banking software and other can still detect that the phone was once rootet.
Here in Singapore many government office functions are done via Android or Iphone apps. Most of these refuse to even open on rooted and now un-rooted devices.
I personally scan through the content inside the app file of every single app I install, and remove all references to Facebook, Amazon, Google as far as possible, Yandex and other known trackers. My Google dashboard is absolutely empty, since 2013.
The Aurora app store displays the trackers each app has. It is not 100 % but a starting point. What we see with our eyes on screen is only a fraction of the actual spyware and tracking. One day I had in 24 h 700 trackers trying to get into my phone, all at my bandwidth and my cost.
What about adds I have seen about gaining access to “ your children’s phone, to keep them safe “ ( of course) “ text, email, social media, photos, camera, microphone, internet “. “All you need is their number, you don’t need physical access to the phone “ for a monthly fee. I’ve never tried it, so no idea if it actually works .
What about already the known vulnerability in Android and other applications they could be exploited
Wht about already installed app by phone maker the bloatware and unnecessary apps with unnecessary permission.
In my phone I used adv to remove them and phone maker has kept restrictions on tht too now my settings not open and adb isn't able to access shell
Rob Braxman, which smartphone brand has the most privacy? I have a Samsung Smartphone and when I try to remove a permission from an app, for example the app: "Google Play Services", this message appears: "Device requires this permission to operate" and I can't remove it, this also happens in other apps, Samsung apps require a lot of permissions, sometimes unnecessary, my Smartphone Discharges very fast, I suspect that it is being tracked by Big Techs and other companies, but what do you think about all this?
You have no ability to restrict Google code
The only privacy choice for the typical consumer is a de-Googled phone
What is a de-Googled phone? A regular cell phone that you install an operating system free of Google code?
@ I do, because I spend hours looking for exploits and found rwo in 48 hours. Not bad MR Braxman.
Samsung has "baked" these applications into the phone for their own profit, and there's no way for the common user to remove them. When Rob suggests one of the few available deGoogled phones, that's the only reliable way--and even then there's collateral damage.
Hello, my gmx mail account has been hacked. Can you help?
🤔How come you do your videos from an RV? 😁
I was hoping to speak with you via the app but it says it's only for older devices.
I have a serious issue with Private Detective's sending phone hacking software via SMS, forcing hate messages into my social media, stealing money out of my bank accounts via PayPal purchase's and so much more.
I need help.
The sheriff’s office working with Feds to violate your rights. Get ready for new world order
I have cops that hacked my phone so they can screw with me. Can you help me find the app they installed on my phone.
Zero-days may not be a threat for the common folk as long as they use an updated OS on the device. However, a lot of devices are still being used long after their support is dropped by the manufacturer, and for those users, the risk of zero-day-based attacks is no longer negligible.
You are more right then you know.
@@kentallard1881"than" you know. 👍
@@thekeysman6760 Then,Than,Thanks for pointing that out,Now please,Eat shit?
yah 0days are patched constantly. i have someone telling me phones are so easy to hack, they delete their social medias and think phone service is identical to isp. because they were tricked to thinking they were hacked. smh
@@kentallard1881 *than 😂❤️
Is there any Linux version that supports this? I don't think SELinux does, does it?
How about someone that accesses your speaker ??
Malicious links to websites containing javascript that can access android phone location,camera and mic..there are youtube videos demonstrating this on an android phone..it’s still a form of social engineering..but a valid example
CZcams seems to have unsubscribed me from numerous channels.
I always wondered how secure the Google Titian security chip is
i'm shocked i did not know this
Left my phone in the sun by the pool . It's rooted .
Hi Rob! You are looking good. ❌♥️Deborah
Thank you my friend. Good to see you're still here!
What about non rooted linageos devices for example?
You don't need to root a device to install Lineage OS (or any of the others) on it - you need to unlock the bootloader which is completely different.
Rooting a phone removes an entire security layer that protects your data, it is a STUPID thing to do on your daily driver devices.
Sure, go get a burner phone or two and have fun rooting them and trying out some cool security tools to learn something new - but keep any personal information off of them because rooting creates a big security hole on any device.
@@terrydaktyllus1320
Doesn't rooting just put it to a similar situation to windows where apps have greater control? In fact even a rooted phone would be safer than windows because of SELinux. So do people who say rooting a phone is stupid say that using windows is super stupid? If not I don't see how you can reconcile that.
LOL on Windows being stupid! Fact is that was the only way software was made originally. Mobile apps is a new way. Good news and bad news there. Depends on what the programmer wants to accomplish
@@linsqopiring6816 No, SELinux does not directly defend against root access permissions being granted by enabling the root account.
Have you never heard of "Defence In Depth" where the concept of security is to apply multiple layers that need to be breached before access might be achieved?
Do you not understand that SELinux acts as one security layer, and leaving root disabled is another one?
Just because one exists does not negate the need for the other to exist.
@@robbraxmantech
So a Brax phone is the best of both worlds, it has no google spyware and the security bonuses of AOSP?
Hello👋 so I seen on TikTok where people was putting a certain code into their phone to see if they had been hacked. As though someone was listening in on our phone calls. Was just wanting to know how true it is😳🤔
That is simply to see if your call forwarding is enabled. Won’t tell you if you are hacked or not
land tele was so robust safe
I know that all my working phones has been hacked by corrupt cops. I am on constant surveillance even though I am 64 years old and am not a criminal or ever has been. I know they did something to my phones because my new phone battery runs out quickly and I'm always getting a notification that I need to clean my phone. They watch me and listen to my phone calls read all my messages my email messages as well and so much other like interrupt my wifi signal when nobody else is around. they can see everything I do on it including they know all my passwords. I cannot disable the camera their technology they had access to is so advanced that nothing I have been able to do has worked so far not to mention I know very little about codes. What can I do
Sometimes the simplest explanation is the correct one. Could be your phone is just broken. I'd get a new one and see if it happens again. A brax phone will protect you from many types of spying. But no phone is 100% secure so best not to put anything sensitive on it.
My friend, perhaps we have conversed before. But just to make it clear, your actual threats are EXTERNAL to the phone. Cops have access to you via CALEA systems. They don't even have to touch your phone. So I'm not countering your fear of a threat, but likely it is not inside your phone. Cops can also do Stingray and other surveillance but all external to the phone itself. Physical manifestations on the phone are not likely hacks because if I hack your phone, you're not going to know it.
You should get rid of your smart phone and go back to a simple flip phone that it's main purpose is making phone calls. No Internet access, no data on it, and not worth the effort to hack. It sounds like you have a virus infestation of some kind, which is another problem you won't have with a flip phone
If while browsing you see a notification telling you that you need to clear your phone, it does not come from your phone but from the website. If you click on it, that's when malware is installed. Just leave the rogue site forever. If you ever once agreed to "clean your phone", I'm afraid that's where all that comes from.
@@LynyrdSkynyrd.4Everold flip phones are the least secure because they operate on 2g/3g. With the move to 4g/5g most flip phones are just as vulnerable as smart phones anyway. Only difference is they don’t have wifi. Sheriffs office is working with Feds to hack your phone through cell network
Rob, I think I missed something. How, by adding his son's iPad (presumably living with mom) to his own Apple ID, does dad gain access to anything on mom's iPad? I understand that dad could spy on the son, maybe even "listen in" but surely mom's texts are on her iPad, on a totally different Apple id?? Wouldn't this allow mom to spy on dad?
You no longer have to be an important person to be targeted by the government. The more people they put on the watchlist the more funding they get. They are incentivized to put you on the list!
I can see a light that blinks in my phone that is not a camera light. I disabled my camera but the light is still blinking
Ghost of Jobs
Depending on the phone model there are alert lights which a programmer can use for various purposes (like to indicate a phone alert, battery status, charge status). Hacks have to have a purpose. For so much effort to hack, flashing a light doesn't really do much. If I wanted to instigate fear into a person, I'd send a message with personal data only you know...that's real proof of a hack.
@@robbraxmantech my phone also beeps this loud sound when I'm on the phone I can't hear the other person talking it's so loud and don't police surveillance use this blinking light. My ex has the same phone and his phone does not have a blinking light that is not the camera
@@teresajackson5859 A beep is a notification, isn't it? Did you look in your received notifications, and in your notification settings?
What about tablets?
Same protections. But the good news is that tablets without cell do not have a baseband modem so that attack vector does not exist
That's easy, take 2 tablets before every meal..
@robbraxmantech a question regarding backing up and phone wipe. If someone managed to corrupt the device, if you back up before wiping the device would the rogue software be also backed up and reinstated afterwards?
Well this video certainly ended on a bad note...
As Apple releases another patch for IOS back doors😂
a girl is swearing to me she knows how hacking works yet tells me they have my phone ip! omg she will not listen
Who cares you’re a police informant anyway
The paper Bitcoin I fear is the one we might end up having if we ever need to onboard people at a rate over 7 per second, opening s LN channel per newcomer.
Once you have billions of people onboarded, for all to be peers, unlike in the Fiat world, everybody needs to have some kind of ownership proof on sats on the layer 1.
If we do not solve this problem, most people will end up onboarding on pure Bitcoin IOUs, and be second class citizens on this new money. That looks a lot like the gold weaknesses that lead to its demise.
I think we should be able to figure it out, but it is still pending.
Somehow we should be able to split UTXO ownership without bloating the blocks nor requiring weird protocol extensions.
If Android is so secure, why don't you open untrusted links in a mobile browser?
Did you try it? What did it do to your phone? Seriously.
I do it everyday on my Android phone
@@robbraxmantech Wasn't it you who said, "I don't open links"?
I can hack it. just kidding I don't even know how to tie my own sneakers. I think the best way to hack a phone or application is to dive deep and see what makes it tick.
People are just paranoid
question is this, how does one bypass or DENY an app (for android), these requests for access to ones phone. MOST, but not all, apps, REQUIRES one to ACCEPT their terms of service WHICH includes this level of access, if you decline, then NO APP. FRUSTRATING!!
PEGASUS
😂😂😂😂nothing online or that has a IP address is secure, period, absolutely nothing
Same with anything connected to cell network
Hello Bob.
Please gives your thoughts whether a YUBYKEY can prevent BIG-TECH telemetry to each of us.
Greeting from Costa Rica