Capabilities of Hackers, Tools Hackers use, and 5 Things You Can Do To Protect Yourself

00:00

I'm not gonna hack your Wi-Fi but I'll

00:01

give you a little example of what I

00:03

could do so all of these networks here

00:05

they probably appear to be legitimate

00:07

right it's very illegal to do that of

00:09

course but if I wanted to go outside

00:11

right now I could even demonstrate later

00:13

for you you know I pull this antenna out

00:15

this is just a small antenna and we

00:17

could receive airplanes see where

00:18

they're at there's nothing illegal about

00:20

receiving them transmitting is where it

00:22

gets a little bit funky

00:24

man you are a dangerous man

00:28

let's go through all the things that you

00:30

personally could have if you wanted to

00:34

um I mean there's it's countless but I

00:36

could give you some major daily things

00:37

uh absolutely let's talk about some of

00:40

the devices those devices you have right

00:42

here let's talk about all the stuff you

00:45

can hack into sure and then and then

00:48

we'll get into maybe how we can prevent

00:50

that a little bit so I guess we'll just

00:52

start with a daily routine you know you

00:54

wake up in the morning you uh you make

00:56

your coffee or maybe you take your phone

00:58

off the charger and you um you check

01:01

your phone in the morning you might you

01:03

might check your email you might have

01:05

you got to make sure you every email

01:06

that you have while you're half asleep

01:08

is coming from a real person it's not a

01:10

phishing email someone pretending to be

01:12

a company that they're not stealing your

01:14

credentials then you go outside to your

01:16

garage you get in your car and you have

01:19

to make sure that there's nobody out

01:20

there listening for your you know your

01:23

car key frequency while jamming your car

01:25

so that they could steal your car later

01:27

or access your car later and then when

01:29

you go hit your garage door button that

01:31

somebody doesn't capture that frequency

01:32

on 4 33 megahertz and uh and you know

01:36

and those rolling codes have already

01:38

been broken for most of the models

01:40

um so then you get in your car and

01:41

you're driving to uh to to your office

01:44

or to your kids school doing whatever

01:46

you want and um

01:49

you know you could get out you let your

01:51

kid out to school and now somebody as

01:53

you walk into school just skimmed your

01:54

back pocket and stole your credit card

01:56

information

01:58

so I mean all of that plus you know any

02:01

anything remote infrared like a TV

02:03

remote that goes for projectors uh audio

02:06

devices ceiling fans I mean very simple

02:10

stuff uh along with Access Control

02:12

badges anything sub gigahertz like like

02:16

key fobs or remote controls for anything

02:19

um parking Gates

02:21

so much everything everything I mean

02:24

everything anything with a battery and a

02:26

connection a remote connection in any

02:29

type of way where it reaches the outside

02:31

of that device is hackable or has been

02:34

hacked

02:36

what are these devices here

02:38

this is a water bottle

02:43

so this right here is a this is a

02:46

flipper zero with some custom

02:48

modifications

02:52

and uh it does a lot so this is just a

02:54

proof of concept device but when you

02:56

start to add your own little editions

02:58

onto it like this

03:00

um

03:02

let me uh let me enable for example

03:04

Wi-Fi I'm not gonna hack your Wi-Fi but

03:07

I'll give you a little example of what I

03:09

could do

03:11

I'll just do something stupid but

03:21

okay and then we'll do I'm not gonna

03:24

shut your network down

03:28

okay so now if you if

03:31

I can show you on my phone or you could

03:33

look at your phone but you'll see that

03:35

instead of me mirroring your network I

03:38

just created a bunch of fake Networks

03:45

so all of these networks here

03:48

they probably appear to be

03:51

legitimate right

03:52

yeah

03:53

but they're not these are all fake

03:56

networks they're all powered by me so as

03:58

soon as you connect to any of those I

04:01

have your password I have anything in

04:04

between

04:06

so that's that's one thing that's just

04:08

Wi-Fi and you just oh man

04:11

so this is so this is is this how people

04:14

are

04:15

stealing information

04:16

this is one of them anyways in in an

04:19

airport

04:20

in an airport oh yeah I mean airport

04:23

Starbucks

04:24

um when you uh it's called a man in the

04:27

middle attack so if I'm on the same

04:28

network as you I can essentially control

04:31

the traffic

04:33

uh you know as if I was the modem or

04:35

router so instead of when you type

04:38

google.com instead of your computer

04:40

telling the router you want google.com

04:41

you're telling my computer you want

04:43

google.com and I'm giving you what I

04:45

what I'm telling you google.com is

04:48

so it would be called a DNS DNS attack

04:51

so is this what people are using in the

04:54

airports when there's I'm not the

04:55

specific device this is just something

04:57

that I concocted together but the

04:59

flipper you can buy this thing on the

05:02

top here is is uh custom

05:04

I guess what I'm asking is this the

05:06

method they throw so could you can so

05:09

let's what does um would like Wi-Fi

05:12

flight or uh Gogo Gogo inflate yes

05:16

they're actually I mean you can

05:18

obviously you can hack anything but GoGo

05:20

inflate they they have a pretty good

05:22

segment on their Network so you're

05:25

pretty safe with GoGo uh you there's a

05:27

chance of getting hacked but not the

05:29

same as like a Starbucks or a or here

05:32

like you know your network has to be

05:34

segmented into chunks okay and uh go go

05:37

segments it pretty well okay I guess

05:40

what I'm saying is because you create a

05:41

fake Wi-Fi network with that thing that

05:43

says

05:45

go go

05:46

in Flight one yeah that must be it I can

05:51

do that here I mean it's a I can make

05:53

any any they're called as bssids ssids

05:57

the name of a network

05:58

you could do that with any name but

06:00

instead of that what you do is you just

06:02

scan the local area

06:04

and then you know I know all the

06:05

networks names around here and then I'll

06:07

Target all of them at the same time so

06:09

that that way anyone in this complex or

06:12

where we're at

06:14

um you know anyone that connects to a

06:15

network is going to you know think it's

06:17

their Network and they're going to

06:19

connect to me instead

06:21

holy that's just one of many Wi-Fi

06:24

attacks so there's many ways yeah what

06:26

else can this thing do oh this thing's

06:28

like the size of the palm of your hand

06:29

yeah well with this with this little you

06:32

know custom extension especially when I

06:33

have my big these aren't the big

06:35

antennas but I got big antennas because

06:37

you know I want to get long range but uh

06:39

you know that's Wi-Fi this this side of

06:42

things is also Wi-Fi but uh also it's an

06:45

NRF uh 24 so it does Wireless mice and

06:49

keyboards so if you use a wireless mouse

06:51

and keyboard not every single one of

06:53

them is vulnerable a lot but a lot of

06:55

them are I'd highly recommend you go

06:57

back to wired even though it sounds old

06:59

school that's what you should do because

07:01

I could control your mouse and keyboard

07:03

with this device and send keystrokes way

07:06

faster than you can type them and uh

07:08

take over your computer without even

07:10

having to see you or it so I could do

07:12

that through the wall

07:14

um

07:15

this is scaring the out of me

07:19

um and then I you know I the sub

07:21

gigahertz stuff with bigger antennas of

07:24

course I can go further away so with the

07:26

car car keys garages Gates anything

07:29

that's on radio frequency I could do

07:32

with this

07:34

um RFID that's Access Control badges for

07:37

doors and and pool Keys you know

07:39

anything that has like a little beeper

07:41

where you beep into the the door yeah

07:43

and NFC is credit cards and access

07:45

control and it does also some more

07:47

things too you could also like I could

07:49

tap your phone and give you my Instagram

07:51

or tap your phone and give you my

07:53

business card so NFC is a little more uh

07:56

versatile than RFID but they both

07:59

essentially are uh I believe it's called

08:02

passive uh devices they're powered by

08:05

the uh the receiver

08:07

they don't have a battery in them so

08:09

what let's just run through just a list

08:12

of all the things you can hack with that

08:14

one little device

08:16

I mean I don't want to make it into an

08:17

ad about flipper because it's not

08:19

flipper itself like I'll tell you but

08:21

I'm just saying that flipper itself if

08:23

you're gonna go online and buy one of

08:24

these and expect to be able to do

08:25

everything that I'm talking about you

08:28

need to have custom firmware or software

08:31

whatever you want to call it

08:33

um that allows you to do that and you

08:34

need to know how to modify it so don't

08:36

go out spending 180 on this device

08:38

thinking you're going to hack somebody's

08:40

car or steal their credit card because

08:41

that's not gonna happen

08:43

um but if I if you want to go down the

08:45

list

08:46

I mean there's a ton of things there's

08:47

like you know all the radio things I

08:50

just told you about

08:52

um the RFID stuff the NFC which is the

08:55

credit cards and and more infrared which

08:58

is TVs projectors and many other devices

09:00

gpio which is just anything that

09:03

connects to the outside of this device

09:04

so I can make devices work and this be

09:08

the controller for it uh I button which

09:11

is a form of authentication that uses

09:14

um these things these little metal

09:15

prongs as a key

09:17

uh bad USB which emulates a keyboard

09:20

types like you know a couple thousand

09:22

words a second wow or I'm sorry a minute

09:24

I'm sorry a thousand words a couple

09:26

thousand words a minute

09:27

uh and then it also has some use cases

09:30

that aren't hacking like uh two-factor

09:32

authentication this is a you know

09:35

offline device where you can generate

09:36

your two Factor without needing a device

09:39

that's connected to the internet

09:40

so it does that too and then there's a

09:43

ton of other sub applications that are

09:45

on here like hundreds of them that do

09:46

little little things so a lot just with

09:49

this one device this thing

09:52

you know it it does just radio but it

09:55

does a lot more than this thing really

09:57

yeah what does that one do this one you

09:59

can hack airplanes with I mean that I

10:03

mean that's an extreme but that's

10:04

something that you can actually

10:05

accomplish with this using adsb

10:08

um you can choose to either receive or

10:10

transmit

10:12

um so you can choose either receive or

10:14

transmit adsb with this device and

10:17

that's the frequency to tell a plane you

10:19

know this call sign position and and

10:22

more and um it's very illegal to do that

10:26

of course but uh if I wanted to go

10:28

outside right now I could even

10:29

demonstrate later for you think you know

10:31

I pull this antenna out this is just a

10:33

small antenna

10:35

um and we could receive airplanes see

10:36

where they're at there's nothing illegal

10:38

about receiving them

10:41

um transmitting is where it gets a

10:43

little bit funky you know uh but yeah

10:46

adsb this one does a lot I

10:48

something like a joke for example Touch

10:51

Tunes they're at a bar their little

10:52

jukebox machine Duke box machines that

10:55

you pay for yeah this device uh Brute

10:58

Forces them meaning goes through zero

11:00

zero zero to 999 looking for a PIN code

11:03

and once it gets it I can fully control

11:06

that jukebox like like I have like I'm

11:08

the owner of it so you know just just

11:10

for fun or Subaru car some some years of

11:13

Subaru I have this pre-programmed that

11:15

can unlock and unlock unlock and lock a

11:17

Subaru no problem

11:19

um I could do that with this as well but

11:21

this thing way stronger bigger range way

11:25

more support way more programs out there

11:27

this device is a lot more dangerous in

11:29

my eyes than that device really yep

11:33

man you are a I think if this is the

11:36

fifth time I've said it I think you are

11:38

a dangerous man but well I'm safe safe

11:42

you know ethical you could be if you

11:44

wanted to be I'm trying to go into

11:46

detail about these things just for the

11:48

just for the Nerds out there like me

11:50

that are listening I'm not going into

11:52

exhaustive detail about these devices

11:54

because most people are not going to

11:56

care so I'm just giving the general

11:58

overview oh I think I think they're

12:00

gonna care when they realize how

12:02

vulnerable they are no I don't mean they

12:03

don't care about what what they can do

12:05

but they care about the technical

12:06

specifics yeah

12:08

we get a lot of our we pretty much

12:11

everything that we have is from China

12:14

okay you know all of our Electronics

12:17

everything it all what do you say 90 of

12:21

it probably comes from China do you

12:23

think

12:24

we need to worry about what they're

12:26

putting in our Electronics

12:28

uh yeah yeah I mean I'll give you one

12:31

example I bought this awesome vacuum and

12:34

mop that's in one it's a All-in-One

12:36

Vacuum out called tinico and uh it

12:40

completely connects to a Chinese server

12:42

to uh to transmit and receive

12:44

information like I made it I made a joke

12:46

out of I actually have a video of it

12:48

where you could turn the audio on for it

12:50

like when you plug it in it says

12:51

charging started charging stopped like

12:53

when you put it on and off I can control

12:55

that with my computer through a Chinese

12:57

Cloud Server there's no reason that that

13:01

vacuum and MOB should connect to a

13:03

Chinese cloud

13:04

uh Cloud infrastructure whatsoever but

13:07

uh it does and at any point they could

13:10

change the way that functionality works

13:12

and take over my home network with this

13:14

vacuum mop

13:15

so are you serious with a vacuum mop yep

13:18

how many devices do you think has have

13:21

these things in them

13:23

anything with a Wi-Fi connection that's

13:25

you know not ever not everything's going

13:27

to be

13:28

China beaconing back and forth but

13:30

anything with a Wi-Fi you know anything

13:32

with Wi-Fi capability is going to open

13:35

up you know an attack vector washing

13:39

machines refrigerators just oh what is a

13:42

vacuum mop I don't know Wi-Fi capability

13:46

I'd love to tell you it's uh I have I

13:49

have the video I could show you I could

13:50

find it sometime but it's a I have that

13:52

and then I have the app I could show you

13:54

I can adjust the volume I can check when

13:55

the last time I used it doesn't need to

13:57

be cleaned does it you know it tells you

13:59

all that stuff but it's using a Chinese

14:01

server that I can control from my

14:04

computer now that I've captured the

14:05

traffic between the mop and the server

14:09

how many devices do you think we have

14:11

that are connected to a Chinese

14:14

server and what would they be getting

14:16

out of it

14:17

I mean it's all about data nowadays so I

14:20

mean I think that data is the most

14:22

important thing to them because it's

14:24

worth money and uh advertising dollars

14:27

or or would be spent better for you know

14:30

with targeted demographics so I think

14:33

that they're using that information to

14:36

Target you on the stuff that they that

14:39

you need you know if you or someone that

14:41

you love is looking up something

14:42

obviously Google's going to figure out

14:44

uh how to Target you on that on that

14:47

thing and then sell that data to other

14:49

people and they go they call it

14:50

retargeting whereas if they have access

14:53

to your direct Network and they can see

14:55

you know things that you didn't even

14:57

fully like search out or you're typing

15:00

on a different application like a chat

15:02

application where you're not even

15:03

searching about you're just talking

15:04

about it that data is very valuable

15:06

because they know about something before

15:08

Google does or somebody some other large

15:11

data broker

15:12

interesting

15:14

what are what are five simple things

15:19

that people can do to protect themselves

15:21

from from hackers

15:23

use a password manager

15:26

um install an antivirus or consult with

15:29

an I.T company that has cyber security

15:32

expertise or a cyber security company uh

15:36

one of one of those many options but

15:37

talk to somebody unless you're an expert

15:39

yourself

15:41

uh use an RFID blocking wallet uh and

15:45

potentially if you want to be extra safe

15:47

use a key fob that has an RFID shield on

15:50

it that way your key fob doesn't work

15:53

outside of that Shield can't be cloned

15:55

some cars require you know top to start

15:57

so you know use something like that uh

16:00

be careful with the websites that you're

16:02

visiting if the browser is telling you

16:04

the site looks unsafe then it's probably

16:05

unsafe and if uh you know if you're told

16:09

otherwise make sure who who's telling

16:11

you otherwise is legitimate

16:13

and

16:15

you know just be careful I mean just use

16:18

your common sense if something looks too

16:20

good to be true it probably is okay what

16:22

about we're we live in a day and age

16:24

where you're getting spam calls every

16:27

five minutes you're getting spam text

16:28

every five minutes and a new marketing

16:31

emails coming in every two minutes it's

16:34

I mean it's ridiculous

16:37

do we need do we need to worry about

16:39

that stuff if I open a text

16:42

could I be hacked just from opening the

16:44

text technically yes I mean like I said

16:47

earlier the zero click attacks that

16:49

they're willing to pay a ton of money

16:50

for there's government agencies that

16:52

already have them you know that there

16:54

was one going around for uh quite a long

16:56

time

16:57

uh there was one going around for quite

16:59

a long time called Pegasus and then

17:02

there was another one called Pegasus 2.0

17:04

and it didn't require any user

17:06

interaction from you know from anyone

17:09

you would just send to a phone number

17:11

they'd have full remote access to your

17:13

phone even without opening the text

17:15

without opening anything

17:17

holy how do you defend against

17:19

something like that yeah you can't

17:21

there's no there's no way to Defenders

17:23

that's why they're so valuable because

17:25

there's nothing you can do

17:28

how do most hackers get in do you have

17:31

to click a link

17:33

yeah yeah I mean sometimes it's a link

17:35

sometimes it's a file sometimes it's a

17:37

photo sometimes it's a chain of exploits

17:41

of multiple things that turn into it it

17:43

could be a Word document it could be

17:44

anything

17:46

um when it comes to zero days and zero

17:48

click exploits it's uh it doesn't

17:51

require any user interaction and you

17:53

will not know that your phone's infected

17:55

hey everybody I'm Sean Ryan click here

17:57

to subscribe to the Sean Ryan Show

17:59

YouTube channel for the hottest and most

18:02

compelling interviews that you will not

18:04

see anywhere else I've also made a

18:06

playlist of all the previous SRS

18:09

episodes so they're easy to find you can

18:11

find that

18:12

right here