Summary of I Hacked My Friend's Phone to Show How Easy It Is

00:00:00 - 00:30:00

In the YouTube video titled "I Hacked My Friend's Phone to Show How Easy It Is," Linus from Linus Tech Tips shares an incident where he and cybersecurity specialists Karsten Nohl and Alexandre De Oliveira exploited vulnerabilities in the Signaling System No. 7 (SS7) to intercept calls and steal two-factor passcodes from a friend's phone. They did this remotely without touching the phone or sending any messages. The video then delves into the history of phone hacking, discussing the creation of a "blue box" in the 1970s that hacked the telephone network to make long-distance calls for free. The hackers explain how they gained access to SS7, intercepted and redirected calls and text messages, and tracked a target's location. They emphasize the ease of exploiting these vulnerabilities and the potential consequences, such as intercepting SMS two-factor authentication codes and emptying bank accounts. The video also promotes Brilliant , a video sponsor, as a free platform for learning various skills, including math, data analysis, technology, and programming, to help individuals stay prepared for future vulnerabilities.

• 00:00:00 In this section of the YouTube video titled "I Hacked My Friend's Phone to Show How Easy It Is", Linus from Linus Tech Tips describes an incident where they hacked a friend's phone network to intercept calls and steal two-factor passcodes. They did this remotely without touching the friend's phone or sending any messages. Linus then reflects on the history of phone hacking and shares a story about Steve Jobs and Steve Wozniak's creation of a "blue box" in the 1970s. This device hacked the telephone network to make long-distance calls for free. Linus explains that before rotary dial telephones, phone calls were manually connected by operators, and the blue box allowed them to bypass this process. The use of control signals and the development of touch-tone telephones are also discussed as solutions to the problem of automating long-distance calls.
• 00:05:00 In this section, cybersecurity specialists Karsten Nohl and Alexandre De Oliveira explain how they exploited vulnerabilities in the Signaling System No. 7 (SS7) to spy on a friend named Linus. SS7, introduced in 1980, was designed for mobile phones to communicate with foreign networks, but as the number of mobile phones grew, so did the need for telcos to trust each other. They do this by using unique addresses called Global Titles (GTs) to identify where requests are coming from. By gaining access to SS7, they could intercept and manipulate calls, allowing them to trick Linus' phone into revealing his location and calls. They achieved this by infiltrating SS7, gaining his trust, and then attacking his phone with a spoofed call. The telephone companies addressed these vulnerabilities by introducing a new signaling protocol called SS7, but it may not be as secure as once thought. The discussion then shifts to a different topic about Princess Latifa of Dubai's alleged escape attempt and her father's use of an SS7 attack to locate her.
• 00:10:00 In this section of the YouTube video titled "I Hacked My Friend's Phone to Show How Easy It Is", the hacker explains how the telecommunications landscape has changed since the development of SS7 in the 1980s, making the system less secure. With over 1200 operators and 4,500 networks, many of which are not trustworthy, there are thousands of ways into SS7 at a reasonable cost. The hacker then describes the process of gaining access to an International Mobile Subscriber Identity (IMSI) to appear trusted and attack the target's phone. After establishing that the phone works as a normal one, the hacker attempts to intercept an important call between the target and James from Hacksmith. However, the call is intercepted on the hacker's end instead, revealing that the target's phone number is associated with the hacker's SS7 access.
• 00:15:00 In this section of the YouTube video titled "I Hacked My Friend's Phone to Show How Easy It Is", the hackers explain how they were able to intercept and redirect phone calls and text messages by tricking the network into thinking the target phone is roaming. By doing so, they were able to seize control of the target's phone number and forward calls and messages to their own numbers. The attack required no more than the target's phone number, and they demonstrated the potential for more advanced attacks such as intercepting one-time passwords used in two-factor authentication.
• 00:20:00 In this section of the YouTube video titled "I Hacked My Friend's Phone to Show How Easy It Is", the hacker explains how to use SS7 (Signaling System 7) to track a target's location. SS7 is a telecommunications protocol that allows mobile networks to communicate with each other. The hacker describes three steps to execute an SS7 attack: infiltrating SS7, gaining trust, and attacking. The first step involves gaining access to the SS7 network, which can be done by exploiting vulnerabilities or purchasing access from unsecured networks. The second step is gaining trust by sending legitimate requests to the network to avoid detection. The third step is issuing location requests to identify the cell tower the target is connected to, which can place them within a hundred meters. The hacker also mentions that SS7 doesn't rely on GPS to locate someone and can be used to track someone's location even in urban areas with many towers. The hacker uses the example of tracking US Congressman Ted Lieu in 2016 as a demonstration of how SS7 attacks work. The threats of SS7 attacks are real, and they can have devastating consequences, such as intercepting SMS two-factor authentication codes and emptying bank accounts. Criminals have used SS7 to gain access to targeted phones, and companies like NSO Group have acquired SS7 tracking companies to use as the first step in their cyber surveillance operations.
• 00:25:00 In this section of the YouTube video titled "I Hacked My Friend's Phone to Show How Easy It Is", the discussion revolves around the vulnerabilities of the Signaling System 7 (SS7) network, which is used for 2G and 3G communications. Experts estimate that there are over two and a half million tracking attempts per year, and it used to be even easier to request location data without knowing the IMSI or network. Researchers Karsten Nohl and Tobias Engel exposed these vulnerabilities publicly in 2014, leading to immediate action from German telcos. However, there are over 150 other messages that need to be stopped to make SS7 completely secure. Despite the risks, SS7 remains the de facto standard due to its role as the backbone of 2G and 3G communications and the presence of legacy systems, such as emergency call buttons in cars. The shift to 5G signaling protocols can stop the attacks, but the inertia to change is significant, and it could take another decade or more until SS7 networks are finally switched off. The video's creator expresses surprise at how easy it was to exploit these vulnerabilities as a YouTuber and emphasizes the importance of privacy for democracy. There is not much individuals can do to prevent location tracking, but they can use alternatives to SMS-based two-factor authentication, authenticator apps or hardware tokens, and encrypted internet-based calling services like Signal or WhatsApp.
• 00:30:00 In this section of the YouTube video titled "I Hacked My Friend's Phone to Show How Easy It Is", the speaker discusses the imperfection of technology and the importance of building knowledge and problem-solving skills to stay prepared for future vulnerabilities. He promotes Brilliant, a video sponsor, as a free and effective platform for learning various skills, including math, data analysis, technology, and programming, through interactive lessons. The speaker highlights Brilliant's first principles approach, which helps build understanding from the ground up, and mentions a new course on data clustering that equips learners with tools to spot trends and navigate a data-driven world. The speaker encourages viewers to try Brilliant for free for 30 days by visiting brilliant.org/veritasium or scanning the QR code provided.