"Nothing to hide, nothing to fear" Assumes that the intruders are always on your side, when the intruder could be an evil organization or a government with opposite views.
the big problem that what to hide and to fear depends on the local rules and laws. The judgement of what to hide or fear can just change! Someone can retroactively CHANGE the rules and suddenly something legal you did in the past that is on record, gets you into trouble. . A new political side taking over, or something like the McCarthy era in the US.... suddenly having talked to the wrong people in the past (legally) can END your career.
Even if the observer is a good friend or family member, or a 100% true neutral party, you still shouldn't accept that. Private life exists for a reason.
Not really. It assumes that breaching your privacy is not useful to the intruder. If you live under a government that punishes you for having opposing views, then you have something to hide.
As someone in cybersecurity, just one more thing I get to reference to get people to stop using SMS and phone as their 2nd factor in authentication. Sim swapping is one thing. This is another level
@@owenwesterhout Exactly what V suggested at the end. Hardware tokens (FIDO2) or one time passcodes via an authentication app like Microsoft Authenticator or Google Authenticator. Unfortunately, many banks don't give anything but SMS as an option
Veritasium uses your phone to find you and then sends Vsauce the location. "Hey Vsauce, Michael here, your home security is pretty good. Or is it?" Lockpicking Lawyer walks into the frame. "Click on one, nothing on two...". After a few seconds, the door opens. "Now... How many holes do you have?"
The next morning you review your surveillance archive and see the shadowy outline of a McNally decapitating a mannequin with a t-square in the basement
It was the day he left for the TH-cam creator summit thing that he discussed last night on the wan show, and he was on the wan show in person last week, so this video was produced in under six days.
I know it feels so weird today to look back and think about the only rotary phone we had that was in my parents bedroom. I still remember calling my friends on that phone and thinking how cool and strange it was. I'm 33
Where do you live? I never needed to know how they work, and never had the benefit or reason of knowing. Rotary was just a cool retro form of land line phone, and land line phone as a whole died out fully during my teens, where new telecom technology (DSL, ethernet, fiber, mobile) was what you learned how it worked. I'm suspecting it was niche nerd knowledge already back then. If you were 55 on the other hand it would've just been a normal tech interest.
As a teen in the early 90s, I was so fascinated with those early Phone Phreaking techniques. Some of which still worked. Even did a school project on it.
Im amazed that this has been publicly known and proven for over 10 years yet has remained relatively unknown by most people until now. Well done Veratasium and Linus Tech Tips. Excuse me now while I smash my cell phone into pieces and then flush it down the toilet.
Some services/apps with 2FA will warn you, that sms/call is not secure and you'd better use a 2FA app or key (secure card, usb key, etc.). In enterprise ditching sms/call 2FA is more common, though. What amazes ME, is that we have a lot of good and easy ways to secure stuff, but on the consumer end of business almost none of them are used.
If anything the next phone you get should ONLY be for phone calls and text messages. Use the old or another device for everything else. Any device you use for any serious stuff, banking, buying things, etc etc should be on a secure device where not much else takes place on. I've even broken up devices I do Google searches on because they can be legally linked back to you if tied into a Google account that is interconnected with something that has your real name. Learn about metadata if you want to know how to take simple steps to protecting yourself
@@SebastianHackeadothere were lots of cool stories from that era, especially with Capt. Crunch. I don't know if Woz calling the Vatican was exaggerated, but it really it isn't implausible. We are talking about a time where phreakers were social engineering military bases pretending to be generals just to troll their secretaries.
@@xantiom Calling the Vatican is certainly true, them waking up people to talk with the pope is a lie, Jobs is telling the truth with his body language. He was always good at inflating and overvaluing stuff. But he is not a good liar.
Fun fact: the dial up system was created by a dude that was upset because the phone operator that took care of his phone was the wife of a rival bussiness owner and she kept redirecting his calls to her husband's company. Dude got so mad he made her job obsolete
It got adopted too fast. Since the only incentive in capitalism is gains they network was expanded on while the root of it was still primitive. This way they could rapidly gain new users making more money. Now there are so many people on the network that changing the infrastructure becomes "painful". That is: very expensive and inconvenient (probably means rejecting older devices etc etc).
We keep just trusting that digital systems are secure, often when they don't even have a single security layer. But when someone breaches that security, the companies running it tell us to manage our end user security better! Hold companies accountable! They can fix this and they should!
@@xantiom Yeah it's a well known vulnerability in these situations. Networks do decent amount of blocking of bad actors, but if someone really wanted to route your calls, listen in, intercept your SMS, locate you, they can. It's pretty crappy. It's why OTT/VoIP are significantly better alternatives. It's why Apple should have been genuine implementing RCS instead of using the Universal Profile which is not encrypted. Furthermore, Apple should just work with Google to expand iMessage. It sucks. Cellular networks are very old technology, often very outdated.
I mean if you watched the video you'll find it was the analog system that was the least secure. Playing a specific tone into your phone could connect you to whoever for free. SS7 was initially very secure, but got less secure over time as greed and laziness came into it. And now 4G and 5G are digital systems that don't have this vulnerability at all, it just requires larger adoption. There is a constant battle between security and people looking to break that security. You can't just make a generalized statement that "digital = bad".
It's really cool how you show clips from Mr.Robot. Shows just how faithful and realistic the series is. You can even find a breakdown of the exact attack the clips are from.
@@tabletgenesis3439if only you knew. I saw a video once of a government employee explaining how she spent her several hundred million dollar budget on ways her department thought was best instead of what the money was intended for. It was either a 400 or 600 million budget she had. I have tried a few times to find that video again but to bo avail. She was so matter of fact about it to. Jaw dropping stuff
I'm still pissed about the "democracy is broken because of photons from outer-space" episode. OTOH, this one was pretty good. Maybe he is not KGB after all.
Terrible security. Ask any drug dealer for those basics; also "war on drugs" is partly aimed at disrupting marginalised communities and protestors - J. Ehrlichman to Nixon. Keep a $5 Faraday bag in your car glove box when needing privacy. Phones are deprecated, use E2EE apps for voice and message communication. WhatsApp has metadata vulnerabilities and few ethics, Signal protects your metadata. Blockchain apps seem solid, but unsure on metadata vulnerabilities.
I love Woz, but to be fair, he and Jobs didn't create the blue box. They did build and sell them, but the tech was known already in the phreaking community.
This is one of the most terrifying videos on the internet in 2024 - these exploits have been public for 10 years, yet no one has really done anything about it. Ask yourself why.
@@johnnyw525 woz was definitely a front runner and brilliant engineer though. Jobs really didn't have anything to do with the technical work, not discounting how brilliant he was though.
When I was working for AT&T we called the older technique for connecting calls "In-Band" signaling, and when the SS7 network was added that was to do "Out-of-Band" signaling. There was even a commonly available publication that was for sale in most larger magazine stores called "2600" where these folks would share common techniques to hack the phone network. Also, If I remember correctly, the rotary dial phones delivered one more pulse than the number dialed. i.e. the number one created 2 pulses, the number two created 3 pulses, etc.
The blackmail opportunities for a breach like this are through the roof. Thanks for sharing it! The info will always get to those looking for it, but regular folk can't protect themselves unless they know vulnerabilities like this exist
I'm glad someone created a video about this. I've been telling my colleagues about this and some of them seems like they don't believe me or did not understand. Big companies and banks should update their 2SV system since most of them will try to verify either by sms(otp) OR by email. It should be both sms(otp) AND email. This will make logging in to your own account hard BUT more secure (compared to previous system).
Terrifying. A couple thousand isn’t that much in the big scheme of things. An angry ex decides to go after their former lover with the “if I can’t have them no one can” attitude would be crazy powerful with this
And email isn't much better. Too bad it seems the most security-necessary companies (banks, medical, etc.) seem to be the slowest on adopting proper MFA standards...
@@KyleDavis328 meanwhile, our mandatory government bank accounts for every citizen required 5 different passwords to log in plus SMS MFA which is absurdly useless and stoopid.
I really hate the idea that if you have nothing to hide you have nothing to worry about from a privacy standpoint alone, let alone when it comes to bad actors at all.
People are asking why this hasn't been fixed. I imagine it's because government intelligence agencies, and international policing organizations like Interpol, consider it a feature, not a bug.
Governments don’t need this to control people in their own countries, they can just have the telco do their bidding. It's only useful for tracking people where you don't have control on the telcos. Hell back in the day government would put recorders inside the routing centers so they could listen on the line and people would try to hear the click the machine did when it started recording.
Funny how you often overlook the scale of certain audiences based on the channels and interests you follow. I would have sworn that Linus is absolutely massive compared to Veritasium because of the circles I frequent but Derek you actually have more subscribers which is amazing!
When I was in school for a CCNA I realized how insecure and even a mess the telephone system has been. I would normally say get rid of it all and make it secure like a computer network but I think that would make it worse. People say it's impossible to break U.S. Cell phone encryption (the NSA keeps this safe), but if that were to be done you could probably have a lot more control and listen in just by collecting a signal wherever. My point is with the simplicity of using a cell phone, comes the risk that you'd be overheard by a spy anyways.
While visiting family in Europe this past summer, I picked up a there-local SIM card. To do so, I had to show my passport. I figured at the time that my whereabouts could be monitored in some fashion, but I wasn't sure how. This is probably the tech they'd use if anything interesting had happened near me while I was on my travels.
living in this life for a couple decades and know some degree of reality, i can say that if you can turn an old pager into an explosive device, you can hack a phone from far away.
I am impressed that you have explained SS7 and GT routing in a very understandable and even correct way ;-) This would have come in handy 30 years ago when I started configuring telephone networks.
Maybe we are getting an international phone number network at some point to fix this , where everyone just has one global phone number and no local ones. In fact, the only thing that we would have to change is that the country code is mandatory when entering, which wouldn't be much of a hassle because phones could just go through the address book and automatically add the country codes when this gets implemented and usually you aren't typing in numbers anyways but use the address book
I mean, that's what we already have, we've just put semantic meaning to certain digits which have created these problems. I honestly think it's kind of strange that people don't put in the country code into their address books, in the US, using our country code is almost always required to dial properly. Though our country code is 1 so... it's usually not a big deal to. I'd imagine in places with longer country codes they'd opt to ignore it. But requiring a fully formed phone number all the time would certainly help stop some of the attack vectors used.
Not really, people have basically been able to do this kind of stuff ever since phones were invented. Hell, the original landlines could have the operator listening in and the people on the phones would never have known. None of this is new, even these exploits are over a decade old. All that's changed is now you know about them.
@@Targe0 I mean, sms authentication for your bank wasn't around since phones were invented. It seems like there is a distinction between the casual and unknown use of phones back then and the way they guard our personal and financial lives now, yet carry the same exploits as when they were invented. As our reliance increases, but the security holes persist, the danger grows.
@@Targe0actually, on the old phones anyone in your entire apartment or block could listen to you. It was called a “party line” and was standard in high density areas well into the 80s. Oh, and only one person in the party line grouping could have a call at a time. Good times.
One of the things that I feel is never brought up when the "why can't we just dump 2G and 3G networks?" argument is provided, is that 4G and 5G have much lower broadcast ranges than 2G and 3G. This is just a function of signal frequency, with 2G having maximum range of up to 50 miles and 5G having a max range of 1000-2000ft. Higher frequency, low amplitude signals travel much shorter distances, so dumping support for "legacy" networks is near impossible in more rural areas until GSM satellite networks are available and affordable.
This is only partly right. We have assigned different frequencies to different evolutions of cell technology. When GSM started, we used the lowest available frequencies, (depending on location) around 900 MHz, then we added 1800/1900 to 2G. When 3G came, 2100 MHz was used for it. But, in theory, you can run 3G, even 4G and 5G on 900 MHz, and you would benefit from very similar range characteristics as 2G. The problem is however, that those frequencies are in use by 2G, and you can't use multiple generations on the same frequency. So as long as 2G and 3G exist, we can't reuse these high range frequencies for 5G. T-Mobile USA has introduced band 71 in the late 2010s, which is 4G at 600 MHz, providing better coverage than 2G. tl;dr Not the 2G/3G/4G/5G determines the range, it is actually what frequencies are used by the operator. because of legacy networks, the ones reaching further are currently in use by SS7 technologies.
people, "Nothing to hide, nothing to fear" IS accurate. problem is, most if not all people HAVE things to hide. like the passwords for my bank, or the hours of the day when im not in my home. that quote is soo dumb because it ignores such things
Great video! This was my whole world when I was in the military and for a contractor when I got out. The reason why it doesn’t always work is because of network registration. Your victim’s phone needs to be far enough away on a neighbor node for the routing to your phone to work. I miss that life.
I am from the Arab world and I say to you: Thank you for this episode. There are many more complex things than what was discussed in this episode that people don't know about.
It would be nice if there were a website that lists which mobile networks block which SS7 messages that the researchers suggest should be blocked. I assume it must be possible to obtain this data for someone (like the researchers) with the means to test it.
LOVE the clips from MR ROBOT!❤ It goes to show how realistic the hacking scenes in the series actually are. Absolutely incredible. Nothing ever will be made again like it.
UK has a legal deadline of 2033, so there's plenty of places dragging their heels. Thankfully most carriers here have agreed betweem themselves to have theirs offline by the end of this year, with Vodafone already cutting theirs.
Unfortunately, it doesn't matter. Your Australian telcos will still be supporting SS7 to interoperate with international carriers that still support 3G.
@@EricGerlachCa What it does do is allow telcos to reduce their circle of trust, which will at least help reduce the incidence rate in regions where 2g/3g is disabled. Not a fix, but still a step forward.
2g is still active in Australia. Not for regular calls (to my knowledge) but it's used for nb-iot (narrow band internet of things) communications for sensors and devices that don't need much bandwidth to be able to communicate.
I took cybersecurity course in college and regularly listen to podcasts on cybersecurity. Sometimes I wish I can forget about some things because a lot of these stories and tools give me anxiety about my safety.
Become a better thinker. Start your free 30-day trial with Brilliant and get 20% off an annual premium subscription brilliant.org/veritasium
Bro got the comment from the past
Noted.
No 💵
wait how did you commentn
@@HFIAPYid call people with my voice when young in the 80s😂😂😂
"Nothing to hide, nothing to fear" is one of the worst arguments for mass surveillance. I absolutely hate it.
I do remember this quote, wasn't it Google founder Larry Page who said this while question were being raised on Google mass public data collection?
Having your thoughts continuously being observed is equivalent to being raped.
This argument is so simple that many people have independently discovered it by themselves. It's also as flawed as simple.
I've got a lot to hide, my lawful activity is 99.95 percent the other 0.05% is a rounding error.
Fr, I bet the people who say it have the most to hide
With friends like this, who needs enemies :D
Thanks for including us and getting the word out about this threat. Mind-blowing stuff. - LS
Your wife was cold blooded with that "I'm with Cindy" shutdown
I'm very disappointed in Derek for working with you, I can see I'm not the only one. Shame on you.
Linus tech man
Luke Sebastian really taking his time to comment on this video warms my heart. ❤
@@john_michael_white Lol what is this nonsense
"Nothing to hide, nothing to fear" Assumes that the intruders are always on your side, when the intruder could be an evil organization or a government with opposite views.
Or just someone who wants to sell you something...this is the world we live in.
@@debrascott8775I’d rather take the person trying to sell me something over an evil organization or government
the big problem that what to hide and to fear depends on the local rules and laws. The judgement of what to hide or fear can just change! Someone can retroactively CHANGE the rules and suddenly something legal you did in the past that is on record, gets you into trouble.
. A new political side taking over, or something like the McCarthy era in the US.... suddenly having talked to the wrong people in the past (legally) can END your career.
Even if the observer is a good friend or family member, or a 100% true neutral party, you still shouldn't accept that. Private life exists for a reason.
Not really. It assumes that breaching your privacy is not useful to the intruder.
If you live under a government that punishes you for having opposing views, then you have something to hide.
As someone in cybersecurity, just one more thing I get to reference to get people to stop using SMS and phone as their 2nd factor in authentication. Sim swapping is one thing. This is another level
What would you suggest?
Commenting for potential outtakes later, ty op
@@owenwesterhout pretty much anything else like mentioned in the video.. good authenticator app with TOTP, hardware token with FIDO2
@@owenwesterhout Exactly what V suggested at the end. Hardware tokens (FIDO2) or one time passcodes via an authentication app like Microsoft Authenticator or Google Authenticator. Unfortunately, many banks don't give anything but SMS as an option
The only problem is most financial institutions only support SMS for authentication.
Veritasium uses your phone to find you and then sends Vsauce the location.
"Hey Vsauce, Michael here, your home security is pretty good. Or is it?"
Lockpicking Lawyer walks into the frame. "Click on one, nothing on two...".
After a few seconds, the door opens. "Now... How many holes do you have?"
"Three is binding, four is loose, nice click out of five ... let me do it again to prove it's not a fluke ..."
And then electroBOOM comes in and checks your gfci.
*lockpicking lawyer's hands walk into frame
The next morning you review your surveillance archive and see the shadowy outline of a McNally decapitating a mannequin with a t-square in the basement
This thread is terrifying
you can tell when this was recorded based on linus' hair colour
some say this is the new carbon dating
It was the day he left for the TH-cam creator summit thing that he discussed last night on the wan show, and he was on the wan show in person last week, so this video was produced in under six days.
@@oakleyves linus-hair dating
So this is recent or 7 years ago? 😆
Or the fact Linus tells you during the video
Please tell me you changed all his contacts to 'Mom'
LMFAO
This is an insane prank 😂
Brb about to go back up my contacts
It's not that kind of hacking but still funny
that's... not how that wo- well i guess if you knew his mom's phone number you cou- idk if it can spoof though....
When you sleep first during a sleepover
that’s pretty mild
Sounds like Someone has been to band camp
@@budgreenjeans ???
In my day you would just wake up with a penis drawn on your forehead.
now it's veritasium tech tips
The fact that I just saw a video that had to first explain a rotary dial makes me feel so damn old… I’m 35 DAMN!
I felt that punch too.
I know it feels so weird today to look back and think about the only rotary phone we had that was in my parents bedroom. I still remember calling my friends on that phone and thinking how cool and strange it was. I'm 33
I am 45 so I remember them well. Those phones were friggin' cool though.
I was born much much after that time but it’s still sad to me how many people don’t know what they are
Where do you live? I never needed to know how they work, and never had the benefit or reason of knowing. Rotary was just a cool retro form of land line phone, and land line phone as a whole died out fully during my teens, where new telecom technology (DSL, ethernet, fiber, mobile) was what you learned how it worked.
I'm suspecting it was niche nerd knowledge already back then. If you were 55 on the other hand it would've just been a normal tech interest.
One thing you can’t hack, is this segue, to our sponsor.”
“One thing you can’t hack, is this segue, to our sponsor.”
No need for that, revanced skips them automatically.
I heard the ltt theme while reading this!
"Tunnel bear!"
D brand comes in with a Faraday Pouch.
average linus sponsor
This crossover is crazy
It’s like one of those things that makes sense but you’d never ever think it would happen.
THAT IS WHAT I SAID
I would’ve never expected this.
TH-cam used to glitch and show the wrong channel for the video lmao I thought it was happening again
IM 12 aNd eVerYtHinG is cRaZy aNd wiLD aNd hAvE nO oTHeR oPinION 🤡
As a teen in the early 90s, I was so fascinated with those early Phone Phreaking techniques. Some of which still worked. Even did a school project on it.
What still worked for you?
@@codefeenix "I wanna know too... for a friend"
Im amazed that this has been publicly known and proven for over 10 years yet has remained relatively unknown by most people until now. Well done Veratasium and Linus Tech Tips. Excuse me now while I smash my cell phone into pieces and then flush it down the toilet.
Some services/apps with 2FA will warn you, that sms/call is not secure and you'd better use a 2FA app or key (secure card, usb key, etc.). In enterprise ditching sms/call 2FA is more common, though.
What amazes ME, is that we have a lot of good and easy ways to secure stuff, but on the consumer end of business almost none of them are used.
State actors benefit from the status quo, and corps don’t want to spend money to upgrade
If anything the next phone you get should ONLY be for phone calls and text messages. Use the old or another device for everything else. Any device you use for any serious stuff, banking, buying things, etc etc should be on a secure device where not much else takes place on.
I've even broken up devices I do Google searches on because they can be legally linked back to you if tied into a Google account that is interconnected with something that has your real name.
Learn about metadata if you want to know how to take simple steps to protecting yourself
As shown in the video, there was a 60 Minutes segment about SS7’s vulnerabilities 10 years ago so it’s not _that_ unknown.
Veritasium going on his villain arc
Dang what an original comment
Still the element of truth
@@-TAPnRACK- dang, what an original comment stating what an original comment.
@@DV-tx6ol Dang, what an original comment stating what an original comment stating what an original comment.
@@Peekobo0_ Dang, what an original comment stating what an original comment stating what an original comment stating what an original comment.
Ok, Jobs and Woz prank calling the Vatican is actually funny :D
Is not a real story, is exaggerated to make them look cool.
@@SebastianHackeadothere were lots of cool stories from that era, especially with Capt. Crunch.
I don't know if Woz calling the Vatican was exaggerated, but it really it isn't implausible. We are talking about a time where phreakers were social engineering military bases pretending to be generals just to troll their secretaries.
@@xantiom Calling the Vatican is certainly true, them waking up people to talk with the pope is a lie, Jobs is telling the truth with his body language. He was always good at inflating and overvaluing stuff. But he is not a good liar.
the story is the physical manifestation of code injection
@@xantiomit's not even remotely outlandish. Cyber security was non existent back then
Linus getting hacked, what's new?
xd
Him not getting locked out of the channel lmao
Well, he is the biggest fish in the sea
LMAO
Well at least he wasn't naked this time... so we have that going for us...
Fun fact: the dial up system was created by a dude that was upset because the phone operator that took care of his phone was the wife of a rival bussiness owner and she kept redirecting his calls to her husband's company.
Dude got so mad he made her job obsolete
Why is veritasium enjoying this too much LMAOO 😂 I've never seen him bully someone this much
Well, his victim is Linus, from all people.
I hacked my friend's phone... now I'm subscribed to their TH-cam channel.
😅
bad guy I report you
Avg friend activites fr, also BANGLADESHI DETECTED??
lol good one :P
@@l1ghtn1ng_zenith yeasss Bangladeshii!
Ok, this is in fact depressing. How is the cellular network still so poorly managed...
for how long have you been in the work force?
money
It got adopted too fast. Since the only incentive in capitalism is gains they network was expanded on while the root of it was still primitive. This way they could rapidly gain new users making more money. Now there are so many people on the network that changing the infrastructure becomes "painful". That is: very expensive and inconvenient (probably means rejecting older devices etc etc).
Because nobody actually cares about our safety or privacy.
Only cellular network ? wink wink
We keep just trusting that digital systems are secure, often when they don't even have a single security layer. But when someone breaches that security, the companies running it tell us to manage our end user security better! Hold companies accountable! They can fix this and they should!
This is something that was known for more than two decades. Only some European telcos made some upgrades.
@@xantiom Yeah it's a well known vulnerability in these situations. Networks do decent amount of blocking of bad actors, but if someone really wanted to route your calls, listen in, intercept your SMS, locate you, they can. It's pretty crappy.
It's why OTT/VoIP are significantly better alternatives.
It's why Apple should have been genuine implementing RCS instead of using the Universal Profile which is not encrypted. Furthermore, Apple should just work with Google to expand iMessage.
It sucks. Cellular networks are very old technology, often very outdated.
@@xantiomYea even heard of this some time ago on JRE.
ive never trusted it but im not given any choice in how things are done either
I mean if you watched the video you'll find it was the analog system that was the least secure. Playing a specific tone into your phone could connect you to whoever for free.
SS7 was initially very secure, but got less secure over time as greed and laziness came into it. And now 4G and 5G are digital systems that don't have this vulnerability at all, it just requires larger adoption.
There is a constant battle between security and people looking to break that security. You can't just make a generalized statement that "digital = bad".
Imagine the pitch for this video:
"Hey Linus, how'd you like to get HACKED...AGAIN?"
Linus, probably: 'More than I'd like to look like an idiot again trying to run Linux again.'
Might be a wan show title for the wan show. I imagine they are gonna cover it in the wan show since this is pretty big.
"You're not a career hacker criminal mastermind."
"Indeed", he answers with the shiftiest look I've ever seen.
Not yet he thought to himself, but soon I will be.
It's really cool how you show clips from Mr.Robot. Shows just how faithful and realistic the series is. You can even find a breakdown of the exact attack the clips are from.
Next Veritasium video: "I hacked the CIA to Show How Easy It Is"
Plot twist: This causes a bug that burns down $608 million, and Veritasium is sentenced to death row.
Featuring Terry Davis
@@tabletgenesis3439he just gonna make another video saying how easy it is to avoid the government
@@tabletgenesis3439if only you knew. I saw a video once of a government employee explaining how she spent her several hundred million dollar budget on ways her department thought was best instead of what the money was intended for. It was either a 400 or 600 million budget she had. I have tried a few times to find that video again but to bo avail. She was so matter of fact about it to. Jaw dropping stuff
Dude the quality of your videos recently raised like a bright sun out of the night.
I'm still pissed about the "democracy is broken because of photons from outer-space" episode. OTOH, this one was pretty good. Maybe he is not KGB after all.
@@BrainCandyQuizlol
That story of Latifa is heavy. I can’t comprehend such atrocities.
It's horrific. Thankfully she is reportedly free and living a private life. I can't believe they didn't include a conclusion to that harrowing story!
Beaten and confined and only a martial arts instructor to talk to 😢
Terrible security. Ask any drug dealer for those basics; also "war on drugs" is partly aimed at disrupting marginalised communities and protestors - J. Ehrlichman to Nixon.
Keep a $5 Faraday bag in your car glove box when needing privacy.
Phones are deprecated, use E2EE apps for voice and message communication. WhatsApp has metadata vulnerabilities and few ethics, Signal protects your metadata. Blockchain apps seem solid, but unsure on metadata vulnerabilities.
It’s definitely not good but not incomprehensible
@@johnnyw525yeah I didn't expect to learn of such story today on a channel like this
I love Woz, but to be fair, he and Jobs didn't create the blue box. They did build and sell them, but the tech was known already in the phreaking community.
They built their whole company on this philosophy.
This is one of the most terrifying videos on the internet in 2024 - these exploits have been public for 10 years, yet no one has really done anything about it. Ask yourself why.
"I'm with Cindy" -> translator -> "I don't care about this at all"
That was so cold
Or she was too busy with Cindy?
@@Elvendertig1130 *Yup. Sounds like a cold bitch!*
Yeah... it sounded pretty rude when she said that.
@@ThahnG413 and she just hung up without saying bye, so loving right
there is an alarming lack of the term phreaking so far in the video.
And they make it seems like Steve Jobs and Wozniak invented blue boxes... so bizarre.
@@johnnyw525 woz was definitely a front runner and brilliant engineer though. Jobs really didn't have anything to do with the technical work, not discounting how brilliant he was though.
The SS7 exploit, this is how 2B2T players tracked every cellphones daily movement.
Linus wasn't hacked. He didn't go running through the house in his underwear
You mean birthday suit...lol
No underwear lol
When I was working for AT&T we called the older technique for connecting calls "In-Band" signaling, and when the SS7 network was added that was to do "Out-of-Band" signaling. There was even a commonly available publication that was for sale in most larger magazine stores called "2600" where these folks would share common techniques to hack the phone network.
Also, If I remember correctly, the rotary dial phones delivered one more pulse than the number dialed. i.e. the number one created 2 pulses, the number two created 3 pulses, etc.
My fear 101 just reunlocked.
Lol, its way easier to get your exact location. I can do that very easy.
Really important to wear a black hoodie when hacking someone else.
It's a +8 in subversion though. Absolutely necessary to account builds
The blackmail opportunities for a breach like this are through the roof. Thanks for sharing it! The info will always get to those looking for it, but regular folk can't protect themselves unless they know vulnerabilities like this exist
I'm glad someone created a video about this. I've been telling my colleagues about this and some of them seems like they don't believe me or did not understand.
Big companies and banks should update their 2SV system since most of them will try to verify either by sms(otp) OR by email. It should be both sms(otp) AND email. This will make logging in to your own account hard BUT more secure (compared to previous system).
Terrifying. A couple thousand isn’t that much in the big scheme of things. An angry ex decides to go after their former lover with the “if I can’t have them no one can” attitude would be crazy powerful with this
Linus was right all along: SMS should not be used for two factor authentication. A seperate app or key needs to be used
And email isn't much better. Too bad it seems the most security-necessary companies (banks, medical, etc.) seem to be the slowest on adopting proper MFA standards...
@@KyleDavis328 meanwhile, our mandatory government bank accounts for every citizen required 5 different passwords to log in plus SMS MFA which is absurdly useless and stoopid.
@@KyleDavis328 An issue there would be that it would be too confusing for old people. But that's not the best reason to avoid it.
Where does RCS fall into the fray here?
@@heathbruce9928good question!!
Wait a sec, that wasn't a SIM card! That was a micro SD card 😂
I was looking for this comment lol
Timestamp?
12:32
@@omarrodriguez1929 12:43
@@omarrodriguez1929 12:43
We got a Linus and Veritasium collab before GTA 6
Or Half Life 3, but that's not saying much, or a given 😂
@@ChrisHilgenberghalf life alyx
You got a useless 700$ console before GTA 6
lol
we get a *lot* of things before GTA 6
I really hate the idea that if you have nothing to hide you have nothing to worry about from a privacy standpoint alone, let alone when it comes to bad actors at all.
People are asking why this hasn't been fixed. I imagine it's because government intelligence agencies, and international policing organizations like Interpol, consider it a feature, not a bug.
Governments don’t need this to control people in their own countries, they can just have the telco do their bidding. It's only useful for tracking people where you don't have control on the telcos. Hell back in the day government would put recorders inside the routing centers so they could listen on the line and people would try to hear the click the machine did when it started recording.
"you need smth from the simcard" > shows a microsd xD
Veritasium x Linus collab goes hard
"man, do I hate Macs!" Well you have me convinced!
Funny how you often overlook the scale of certain audiences based on the channels and interests you follow. I would have sworn that Linus is absolutely massive compared to Veritasium because of the circles I frequent but Derek you actually have more subscribers which is amazing!
Sorry Derek, I really apologize for the hate comment I wrote on one of your videos 10 years ago pls forgive me
Too late, you’re getting SS7’d
I am a simple man, I see Linus and Derek doing a collab, I click like first and then watch.
never would've guessed that Veritasium was gonna do a collab with Linus
question is: who would win in a fight?
They aren’t collabing, Linus auditioned for the role
yepe
It's pretty messed up considering the allegations
@@themaazmaaz This video was likely filmed quite some time ago.
When I was in school for a CCNA I realized how insecure and even a mess the telephone system has been. I would normally say get rid of it all and make it secure like a computer network but I think that would make it worse. People say it's impossible to break U.S. Cell phone encryption (the NSA keeps this safe), but if that were to be done you could probably have a lot more control and listen in just by collecting a signal wherever. My point is with the simplicity of using a cell phone, comes the risk that you'd be overheard by a spy anyways.
While visiting family in Europe this past summer, I picked up a there-local SIM card. To do so, I had to show my passport. I figured at the time that my whereabouts could be monitored in some fashion, but I wasn't sure how. This is probably the tech they'd use if anything interesting had happened near me while I was on my travels.
living in this life for a couple decades and know some degree of reality, i can say that if you can turn an old pager into an explosive device, you can hack a phone from far away.
If it has a lithium battery in it, it's already an explosive device: It's just not currently configured to explode.
I am impressed that you have explained SS7 and GT routing in a very understandable and even correct way ;-)
This would have come in handy 30 years ago when I started configuring telephone networks.
TLDR, This isn't hacking the phone directly, it is using the insecurity of phone numbers and basic SMS.
That is literally the definition of hacking you waffle brain
ikr, this is like the third super-informative "hack your phone" video I've watched this summer that didn't help me at all getting temp root
Had me real confused when I clicked on a Linus thumbnail and heard Veritsaium
I love that the frequencies are exactly 2 semitones apart so it sounds musical
Maybe we are getting an international phone number network at some point to fix this , where everyone just has one global phone number and no local ones. In fact, the only thing that we would have to change is that the country code is mandatory when entering, which wouldn't be much of a hassle because phones could just go through the address book and automatically add the country codes when this gets implemented and usually you aren't typing in numbers anyways but use the address book
Verified???????
I mean, that's what we already have, we've just put semantic meaning to certain digits which have created these problems. I honestly think it's kind of strange that people don't put in the country code into their address books, in the US, using our country code is almost always required to dial properly. Though our country code is 1 so... it's usually not a big deal to. I'd imagine in places with longer country codes they'd opt to ignore it. But requiring a fully formed phone number all the time would certainly help stop some of the attack vectors used.
@@KyleDavis328I believe cell providers opted out of using country codes for local calls because of cell phone tower density.
Your phone number is already that.
Who needs enemies with friends like that.
Interesting collab. It's wild how few people truly know that there is a 100% chance that someone knows what you are doing.
The first thing you should do is remove that chip from your car. The amount of data your manufacturer is collecting and selling on is horrifying 😱
An unexpected collaboration, and welcomed one!
Bro we're so cooked, this is literally the beginning explanation of how a dystopia formed
Not really, people have basically been able to do this kind of stuff ever since phones were invented.
Hell, the original landlines could have the operator listening in and the people on the phones would never have known.
None of this is new, even these exploits are over a decade old.
All that's changed is now you know about them.
@@Targe0 I mean, sms authentication for your bank wasn't around since phones were invented. It seems like there is a distinction between the casual and unknown use of phones back then and the way they guard our personal and financial lives now, yet carry the same exploits as when they were invented. As our reliance increases, but the security holes persist, the danger grows.
@@Targe0actually, on the old phones anyone in your entire apartment or block could listen to you. It was called a “party line” and was standard in high density areas well into the 80s. Oh, and only one person in the party line grouping could have a call at a time. Good times.
Now I want an LTT vid with Derek as the guest.
I thought this was gonna be a convoluted ad for Nord but it was just free anxiety instead
Privacy equals security
you have no privacy and the idea of Nothing to hide, nothing to fear = no security
Your timing on exposing vulnerabilities in our communications devices is impeccable.
I'm not bothered by this. I only use a pager and walkie talkie
Hopefully you're not a member of hezbollah
well played
wait until you hear about a recent pager incident ...
I only use a 2 cups connected by a string
@@AlanW that is the joke
Linus looked genuinely freaked out.
"WE called the pope pretending to be Henry Kissinger bwahhahaha" JFC WHAT FKN NERDS!!!!
One of the things that I feel is never brought up when the "why can't we just dump 2G and 3G networks?" argument is provided, is that 4G and 5G have much lower broadcast ranges than 2G and 3G. This is just a function of signal frequency, with 2G having maximum range of up to 50 miles and 5G having a max range of 1000-2000ft. Higher frequency, low amplitude signals travel much shorter distances, so dumping support for "legacy" networks is near impossible in more rural areas until GSM satellite networks are available and affordable.
This is only partly right. We have assigned different frequencies to different evolutions of cell technology. When GSM started, we used the lowest available frequencies, (depending on location) around 900 MHz, then we added 1800/1900 to 2G. When 3G came, 2100 MHz was used for it. But, in theory, you can run 3G, even 4G and 5G on 900 MHz, and you would benefit from very similar range characteristics as 2G. The problem is however, that those frequencies are in use by 2G, and you can't use multiple generations on the same frequency. So as long as 2G and 3G exist, we can't reuse these high range frequencies for 5G. T-Mobile USA has introduced band 71 in the late 2010s, which is 4G at 600 MHz, providing better coverage than 2G.
tl;dr Not the 2G/3G/4G/5G determines the range, it is actually what frequencies are used by the operator. because of legacy networks, the ones reaching further are currently in use by SS7 technologies.
An unexpected collab, great to see you both!
it’s just a prank bro
the prank:
That SIM card looks awfully like an SD card.
people, "Nothing to hide, nothing to fear" IS accurate. problem is, most if not all people HAVE things to hide. like the passwords for my bank, or the hours of the day when im not in my home. that quote is soo dumb because it ignores such things
Great video! This was my whole world when I was in the military and for a contractor when I got out. The reason why it doesn’t always work is because of network registration. Your victim’s phone needs to be far enough away on a neighbor node for the routing to your phone to work. I miss that life.
Scrolling down the comments and don’t see anyone talking about Jonny Lee Miller and Angelina Jolie… which means I’m freakin’ old.
Yep.
Yeah hackers came out when i was 1 but i seen it and is pretty relevant to the content
Forget those two, Matthew Lillard is the real star
2 of my favourite channels in the same video. Very cool 😁
Everyday we get more evidence that we are living in 1984
I am from the Arab world and I say to you: Thank you for this episode.
There are many more complex things than what was discussed in this episode that people don't know about.
It would be nice if there were a website that lists which mobile networks block which SS7 messages that the researchers suggest should be blocked. I assume it must be possible to obtain this data for someone (like the researchers) with the means to test it.
Wanna split the IEEE paper on SS7 protocol to find the other 150 commands?
It is so good to see a Linus and Veritasium collab! ❤
this could be one of the weirdest collab in 2024
great to see two vancouver personalities on a collab.
LOVE the clips from MR ROBOT!❤
It goes to show how realistic the hacking scenes in the series actually are. Absolutely incredible. Nothing ever will be made again like it.
I thought that Linus didn't have any friends... Unpaid ones that is.
You thought right. Only people with similar ethical inadequacies still support him at this point.
I don't think she was "with Cindy" I think that she is tired of her husband's nerd games and Cindy was a good excuse.
I smell a divorce.
Says the incel who has no relationship experience
"Cindy" is Yvonne's safe word.
My God people love extrapolating from one small conversation, the internet really gives people so much undeserved arrogance
She was with her bf
Say Hi to Diameter protocol attacks in 4G/5G!🥳 SS7 vulnerabilities ends when 3G is completely phased out as they do it soon in Australia.
As a flight attendant in the Middle East constantly using a sketchy roaming eSIM this definitely isn’t helping with my sleep deprivation.
2G has been shut down for ages in Australia and 3G is being shutdown now. It can be done.
UK has a legal deadline of 2033, so there's plenty of places dragging their heels. Thankfully most carriers here have agreed betweem themselves to have theirs offline by the end of this year, with Vodafone already cutting theirs.
Unfortunately, it doesn't matter. Your Australian telcos will still be supporting SS7 to interoperate with international carriers that still support 3G.
@@EricGerlachCa What it does do is allow telcos to reduce their circle of trust, which will at least help reduce the incidence rate in regions where 2g/3g is disabled.
Not a fix, but still a step forward.
My area in the UK have shut down 3g, and the 4g signal is now sh%% because it can't cope with all the extra traffic
2g is still active in Australia. Not for regular calls (to my knowledge) but it's used for nb-iot (narrow band internet of things) communications for sensors and devices that don't need much bandwidth to be able to communicate.
When did Linus start wearing shoes?
I clicked this very very fast when I saw Linus in the thumbnail
Two of my favorite TH-cam Channels Together!
Great!
I took cybersecurity course in college and regularly listen to podcasts on cybersecurity. Sometimes I wish I can forget about some things because a lot of these stories and tools give me anxiety about my safety.
You don't sleep well as a CISO. Security is a SG&A line item.
love when people do stuff like this, it really shows just how easy and dangerous it is
😂 This Linus guy is funny. He should start making videos about tech and eventually buy a warehouse and office building.
And he should start selling high quality merch at an online store.
And name it LTT store
Maybe even start a video streaming service and a laboratory
whyyyy is this crossover dropping while i'm busy working!? can't wait to watch this
Yay what a great surprise for a Saturday! Linus will be happy that a fellow creator did a collab with him lol