I appreciate the dark video. It's different and easy on the eyes. Global dark mode ftw

"every device is hackable" "weaponized exploits" "every person can be killed" KZbin : _you are on thin ice there mister_

every human could be killed doesn't mean every human gets killed ~ LiveOverflow, 2021

Liking the new little edits like the glitches and stuff, adds more personality to your videos :D

Me after watching this video: **reboots phone just in case**

General rule of thumb: If you've seen Doom running on it, it's hackable. 😁

The fact that every computer could in principle be hacked is the singular thing that makes me nervous about self driving cars

"Hey I think I have a virus" "Have you tried turning it off and on again?" "what"

Awesome video 😸 So lucky cts didn't get hit by the exploit targeting researchers! I'm also among the 3% that use Firefox 🔥🦊😎

Great video! :-)

Could not thank enough for sharing these. I use to think no one can hack my phone unless they have a physical access to my device.

I really enjoyed this format. I need mooore :D

I think a more useful question is: "Can every device be hacked remotely without your interaction or awareness." This is the type of attack that concerns me the most and fortunately there are several ways to prevent this almost completely.

i remember when LO didn't show his face. he has come so far and it's been incredible watching. keep up the good work.

breaking into fort knox for a gold heist, may be possible, how many armored divisions do you have? worth?

The amount of proficiency in this video is pure MindOverflow 😅

Dude casually has a pwn2own award hanging behind him

dude, your content has to be one of the best in KZbin, love what you're doing!

The subtitle is golden haha. Loved your content

Expectation: _Free WiFi is dangerous it could pwn your phone and drain your wallet._ Reality: *Ahhhahaha free routers botnet goes brrrrrrr!* *Ohh this kid downloaded our fake cracks and installed malware on their parents' desktop! By disabling the antivirus as what we told them! Lmao!*

Can you do a video about row hammer exploitation please ?

Thank you for this well made video. Interesting discussions and pointers raised!

I couldn't have summarized it better myself. And congrats to being published in Phrack

Question is the video supposed to cut off around 8:04 with a message "An error ocurred. Please try again later.(Playback ID: xxxxxxxxx)"?

I feel like this is awesome content! Love the input from the other experts sprinkled throughout the video, each in their own style. So cool! 😎

my phone fucks itself up so often, it gets rebooted sometimes even twice daily

depends on how you define "every device"

@ 14min...you stay away from my cookies. This was a very great piece.

Would be great to hear what the researchers think is the best or more secure browser? is it Google Chrome? Microsoft Edge? Firefox? Opera? Brave Browser? Safari? or any other browser. Which one do they think is better?

running debian unstable with a cron that runs every 6 hours: sudo apt-get update -yqq && sudo apt-get upgrade -yqq so basically, I'm super vulnerable when the debian repository gets hacked xd

thanks for this video brother, got to learn a lot from this video. I too definitely disabled jit and webassembly for no obvious reason, but since the experts do and it's good to do so then why not

sometime big software firms leave vulnerabilities unpatched just because they accept risk and put blidfold

Step 1: Define "device" in a meaningful way Step 2: check if your target is a device

7:45 Full chain. I've clicked on Google ads using a Google browser and gotten malware, so I can confirm this.

I wonder if you buy a phone that's 4 years old, if it's vulnerable to attacks because the factory software is out of date and still has to perform a system update to the latest security version. So there might be a time frame in which you could get trojaned or something.

Excellent video, thanks!

"phishing or a company mishandling your data" kinda reminded me of the new (at least german) IDs requiring you to let them store your finger prints and even though I don't know why that could be a problem, I do not even remotely trust them with those... it feels like telling them my password which they then probably just store in plain text

If for example a journalist uses a second machine (and maby a second network) for projects which is not connected to global network (or to anything else outside his control) anny way of access should be eliminated right?

i think the production value of this channel is going up, and I love it! however I think the shadows on your face were too dramatic

Seeing how so many of these vulnerabilities are memory-related, it would be interesting to see how the solutions that tackle it at the programming language level pan out. If you would make a video on that it'd be really cool.

Nice to see some of the legends talking about vulnerabilities.

Thank you, this video was really interesting and helpful :)

it's incredible that buying and selling these exploits to third parties isn't illegal even though it definitely should be

I got a question for you. What's the risk when Android phone manufactures stop pushing updates to their devices after the devices are 3 years old? When my Phone started getting kernel updates from the manufacturer, I started using LineageOS. I know someone could theoretically edit my system partition to put their nasty stuff instead if they have physical access, but wouldn't being unable to receive system updates for your phone make you more vulnerable to drive-by's?

The subtitles go haywire starting at 10:35 and 13:13

Even with an infinite amount of ways to hack a computer, there can still be unhackable computers.

> Always remember, always reboot your phone Yeah right, like I have any other choice with my PinePhone. That thing is a little unstable ;)

You should also, in the general guidelines, include that its better physically disable stuff that using some software, like how you should detach your webcam and mic when not in use. great video

make video in row hammer exploitation please :)

Ok, but what about intentional backdoors either in software, or hardware?

Is it dangerous to use an old android phone that does not get updates for more than 3 years now?

but what is the most common method to discover 0days ? fuzzing, code audit(only for open source) or reverse engineering?

Subtitles have problem at 10:50

One question I always had. Is copying and pasting my password from a password manager is a really stupid way to get pwned?

The subtitles from 10:35 to 10:57 say something elsee 🤔🤔🤔🤔

I'm guessing using the Lynx browser in termimal also reduces the attack surface quite a bit?

I am so curious if he really rebooted his phone in that video or if he just slid his finger over the screen

16:49 umatrix shouldn't be used as a mitigation of javascript-related threats. Development is ended and the github repository is archived. Use alternative solutions for js blacklisting.

You're lying. You can't hack my Broken PC

15:50 the firefox master race wins again. obviously this isn't saying there aren't firefox exploits, but it is saying that chromium exploits are much more sought-after, popular and common than firefox, because of market share. all the more reason to use pale moon - present-day pale moon is hard forked from no newer than firefox 52, making upstream firefox 0-days incredibly unlikely to work on it. and no matter what browser you use, turning off javascript completely except for a small whitelist makes it exponentially more difficult to target your attack surface.

Your content is gold, you just need more appealing thumbnails

you are a lot better then alot of others people around on KZbin. can you give that SUDO exploit, this will make you very famous.

Thanks for the video =)

My issue with one point in this video is that a software "weapon" is very different from real weapons, like you said. However in my opinion the key difference here isn't the level of damage that can be caused (quality), it's the amount of people that can be affected (quantity). We know that exploits like Pegasus do exist in the real world, and they are relatively hard to detect. Because a zero click exploit could be effectively deployed on any device, it can therefore be deployed on every device. Without trying to sound too much like a conspiracy theorist, we know that historically nation states are usually 10-20 years ahead of consumer technology. I don't see why we should consider the Digital Age any different in that regard. If you were a dictator, and you wanted to have near omnipotence of anything that happens in your country (or abroad, the Internet doesn't abide by physical borders), why wouldn't you pay a few million (or billion, you have country-level money) and get a nice new zero click zero day that you can deploy on any number in the phone book? Sorry for the ramble, happy to chat with people further about this. I'd love to be proved wrong, because right now I can't really see a fault in my logic here, apart from speculating on potential technology, which I am willing to admit debases the premise a little.

just restarted my phone... and ill update later

"every device is hackable" *turns on on incognito mode* You can't touch me now buckaroo :)

10:36 the subtitles break here, probably because of an exploit...

I use Windows 10 Mobile. 0.01% market share. No chance there is an exploit for my phone one would be able to sell.

Hi , Can someone hack into a Bank to increase their balance or into a Broadband Operator to get unlimited data for example ?

We all get killed by the grim reaper in the end... Time to put me computer in a safe.

Thank you for the dark mode. My eyes are grateful. Wish more ppl would do this.

I also hadn’t updated my phone! Thanks

Nice. Thanks 👍

Have you covered anti-cheat and drm system exploits in games?

Nee Video!!! Yaaay ❤️

wait... is that company (zerodium) business model even legal?

I know you can run separate systems on Android in a VM which I do from time to time for browsing the web. I really don't bother with Apple products because of their unethical opposition to the right to repair movement but VMs are a good way to isolate your activity.

Man it would be so cool to be able to do this .

I use TempleOS btw

The question isn’t can you be hit by a 0-day of course you can, the question is instead are you worth it, are you in possession of have access to something that would justify using the work of 5-10 highly skilled engineers? 90% of the time the answer is no.

Reboot means restart or reset?

short answer?

"Every computer can be hacked" well good luck trying to hack an offline computer lol

THX for the info Beginner question - does the low Zero Day risk for a normal user mean browsers without plugins or plugins included ? In other word - does the risk rise for normal user, if plugins are installed?

16:30 good info

They can't hack my mechanical turing machine without having physical access :D

The true answers is yes & no xd, depending on the phase of the moon

Any advice for crypto users? Especially with DeFi stuff, disabling js is definitely not possible. Do you have recommendations?

I actually need a phone tracked. No number and address and name.

Ok, so Apple is paying millions to prevent jailbreaking?

5:54 lol Microsoft exchange anyone surprised

Michael Cera explain about hacking

with a quantum computer yes. everything can be decrypted . no need for it to even be hacked

“Amy” scares me

Great Video

Wait, do you run your browser with Admin account/UAC(Windows)? If no, and control system by using browser bug doesn't it mean Windows has a problem?

Ok but that’s quite scary

I think the government has to worry, not the average citizen.

this autoupdate crap is double sided edge and i feel sheer lack of UAT/ DTAP model of delivering updates. consider that updated browser doesn't support password saving "for security reasons". or what's worse, stuff their annoying ad banners to menu, because they can. no,thank you, i'll decide by myself if its worth of applying certain update.

palo alto 0day wreaking havoc atm