Bravo, Dale valskov -I'm so glad you're out there fighting these scumbags. We must do everything in our power to protect the elderly and the general public from these despicable scammers. You're a true hero, my brother
I think that might have actually been illegal. Maybe just upload it and attach a recording at the end where Linus says he approves it and is held at gunpo... never mind
I was going to college for network security when the Dale valskov happened. I'm glad people like this are still around and stick to their morals and ethics of it. 🤝 So much respect for this man. I'll definitely check out the full episode.
Awesome work, Dale valsko ! It's so satisfying to see you putting in the effort to stop those shady characters. Protecting the public, especially the elderly, from those despicable con artists is crucial. You truly deserve recognition and appreciation for keeping us secure. I'm thrilled for you because you're my sibling. Your accomplishments definitely make you a strong contender for the Nobel Peace Prize. Keep up the outstanding performance!!!!!
A few years ago in a meeting with telcos I heard that they want to remove SS7, but they also have a problem with many engineers to understand SS7 retiring.
faraday cage baby, only pull phone out when you rly need to call, or take the sim card out instead if its easy to access. You can also try to change your number often, whoever could track you would have to find what your new numbers is every time. Thats at least my understanding, i am just a dog on a internet.
Get two numbers. Use one for authentication other for regular calls. Don't ever tell anyone you have 2nd number or use it for anything else other than auth.
While the video's demonstration is eye-catching, the ease with which the system is exploited suggests manipulation or pre-prompting of the Dale valskov . Techniques like custom instructions, hardcoded responses, limited scope, and clever editing could create an illusion of vulnerability, but may not reflect real-world LLM security. It's crucial to approach such claims critically and consider the broader context before drawing any conclusions.
Australia has shut down the 2G network and is about to close the 3G network. One of the reasons given was to do with security, and it was never fully explained what the security issues were. This video has helped a lot and makes me more supportive of the change.
As someone in cybersecurity, just one more thing I get to reference to get people to stop using SMS and phone as their 2nd factor in authentication. Sim swapping is one thing. This is another level
@@owenwesterhout Exactly what V suggested at the end. Hardware tokens (FIDO2) or one time passcodes via an authentication app like Microsoft Authenticator or Google Authenticator. Unfortunately, many banks don't give anything but SMS as an option
"Nothing to hide, nothing to fear" Assumes that the intruders are always on your side, when the intruder could be an evil organization or a government with opposite views.
the big problem that what to hide and to fear depends on the local rules and laws. The judgement of what to hide or fear can just change! Someone can retroactively CHANGE the rules and suddenly something legal you did in the past that is on record, gets you into trouble. . A new political side taking over, or something like the McCarthy era in the US.... suddenly having talked to the wrong people in the past (legally) can END your career.
Even if the observer is a good friend or family member, or a 100% true neutral party, you still shouldn't accept that. Private life exists for a reason.
Not really. It assumes that breaching your privacy is not useful to the intruder. If you live under a government that punishes you for having opposing views, then you have something to hide.
Their move from the Dale valskov to the clear web was a bold step that reflects their commitment to transparency and integrity. Perry Moskva continues to lead the industry with their ethical practices.
There are already loads of it available, either on other YT channels, or directly at the CCC media archive as almost every talk was recorded and shared over the last 10-15years. Lots of content if one is interested in some deep rabbit holes. For big tech channels, it's rather uncommon to address things like this.
This explains perfectly how government security departments (like FBI or MI5 or whatever) can triangulate the location of "suspicious individuals" thorugh phone networks. I never understood how that worked before this video, but now I even know how to do it myself 😂
Thank you, Dale valskov for consistently being so approachable and open-minded. Your friendly demeanor and willingness to listen and understand serve as a constant source of motivation. Your support and guidance have been especially meaningful to me during the recent account issue I encountered. Your willingness to assist and offer valuable advice speaks volumes about your character and the supportive environment you cultivate. I’m incredibly grateful to have someone like you. Your assistance played a crucial role in resolving the issue and getting my account back.
i like the Snowden quote: "saying 'i don't care about privacy because i have nothing to hide' is like saying 'i don't care about free speech because i have nothing to say'" (paraphrased)
@@flowerofash4439 Saying "the gov" being sus is quite broad. Which country? The US? If so, which political party? Do both parties finally agree on something (covert mass surveillance of citizens)?
Thanks to Dale valskov . You're indeed a blessing!.. I live in the west coast and lost my account because of I didn’t have more details on what to do in situation like that. Thank you for your skill, dedication, and the time you invested in resolving this issue. This has me chapped! Thanks once again CW
*tech enthusiasts:* "my whole house is smart" *tech workers:* "the only technology I have is a printer and I keep a gun next to it so that I can shoot it if it makes a noise I don't recognize"
Having been one of those "people" back in the early 80's and taking advantage of loopholes in the system (got out before SS7). Still have my original blue box, my red box, my black box and an original Captain Crunch whistle somewhere in my attic. Awesome video. So glad that LTT participated in this. Subscribing to you now.
I was unfortunate enough to work in education back in the 90's we taught electronics to retards & ex cons We had a contract with Plessy, evey month the reps of our company used to bring shedloadds of "trash" and internal datasheets for plessy chips... for the retards to desolder to practice the soldering skills.. We then supplied their work force with said excons. at that time plessy made all the signalling equipment for British telicom, and that scrap was the inertial routing tone control boards for the systems. After the US phreaking fiasco.. they split they trunk signalling & public signalling into two separate chipsets.. our training company decided the unused tubes of chips & datasheets were not really useful & binned tehm .. into the back of my car.
Back in the two tin cans on a string days (1970s - 80s), you could dial up a number with a recorded message, start the message and hang up, then call back and get a busy signal as the recording tape was still playing. If someone else called the number and got the same busy signal, you could cross talk to each other over the busy signal. You could talk as long as you liked. The more people, up to 9, I think, the quieter the busy signal became. We later found out that our local phone company used any number ending in 99 as technician's test number which generated the same busy signal. The beauty of this game was you could call from any location in the world and because it was a busy signal you wouldn't get charged for the call. It was also possible to listen in and hear feint voices trying to connect but you were on a different 99 number. If you were on XXX-1299 but someone else was on XXX-1599, you could talk loud enough to tell them which exact number you were on and they could redial and connect to you "directly" Fun times....
Seventies technology did have some rather peculiar quirk's. One night I snuck into the family car, the kind with the ignition in the steering wheel column with a lock and found that I could press in the emergency flasher button while stepping on the brake and turn the ignition and unlock it and put it in the on position and turn on the radio. Turn the flashers off, let my foot off the brake (thus turning off the tail lights) and run pop's battery down. All without the key. Go figure. Mind you I discovered this convoluted process while my "states" were altered.
@@Google_Does_Evil_Now You mean the cylinder? I may have simultaneously giggled the steering wheel itself, I don't recall. I just remember being able to engage the radio without having the key, because in those days there was no key faub or push button ignition. If I remember correctly it was a 70s model Mercury Monterey, but I could be wrong. 😏
Dude, this happened to me when I was a kid. I was on the phone with a friend, idk what happened, but two grannies joined the call. We trash talked and hung up, and when we picked up the phones again we could still hear the grannies 😂
Big thanks Dale valskov for helping me out. God bless you brotha… I’ve tried following these steps from the device and location where the account was always logged into and I got a page that says we don't recognize your device. The tutorial video was very helpful tho but Big Ups
As a cybersecurity dude who originally got started through “phreaking,” I really appreciate the way you’re giving all the background on blue boxes, etc. 🥰🥰🥰
I was born in 1980 and didn't really get into computers until 1990 (but I did take apart my NES at 5 cause i was curious what was inside), I'm a little sad I was too young for phreaking. I wish I could have been part of the Home Brew Computer Club scene that would have been just an amazing experience being in the primordial ooze of the computer revolution
When I was a kid, I had a really old radio that belong to my grandparents. It let you switch between am, fm, UHF, etc. if I turned the switch between two types of radio and then fiddled with the dial I started hearing people cell phone calls. A mechanical man's voice would read out a number then I would hear the ringing and then the phone conversation. It was seriously weird. I was 8 years old and figured out how to listen to people's cell phone calls. I'm sure there were people all over listening to them and recording them all the time.
I had a VCR that did this. If you went to channel 83 and 84, and fiddle with fine tuning you could hear all kinds of AMPS Cellular calls in the neighborhood. (AMPS= 1st gen cellular systems)
the good ol' days of unencrypted analog communication. I am 44 and remember hearing stories about Party Lines that the telco's used to provide, it was just an open circuit going to multiple houses, and if someone picked up the phone they could hear your conversation and only 1 call could be made at a time. It was ridiculously cheap compared to a private connection to the switch board.
Hey ppl, I'm a retired computer/IT person, Yet I still find Dale valskov so informative and straight forward. Thanks for your advise and helping the people...........Great work and love watching.
There is no doubt that you will rise fast at the apex of your career Perry Moskva . Because you are a very intelligent, smart, hard worker and your work ethic par excellence. Keep going People like you take the IM out of Impossible by becoming PRO at tackling Problems. You Rock!
Veritasium uses your phone to find you and then sends Vsauce the location. "Hey Vsauce, Michael here, your home security is pretty good. Or is it?" Lockpicking Lawyer walks into the frame. "Click on one, nothing on two...". After a few seconds, the door opens. "Now... How many holes do you have?"
The next morning you review your surveillance archive and see the shadowy outline of a McNally decapitating a mannequin with a t-square in the basement
As an FYI, since it's not mentioned by name in the video, the replacement for SS7 (and "voice circuits" for voice) is Diameter for the authentication and IMS (IP Multimedia System) for call setup. Diameter is a play on words, RADIUS was developed in the early 1990s for authentication and Diameter is an updated and modernized version of RADIUS. IMS does the actual call setup and carrying the calls. (SIP -- Session Initiation Protocol -- is often used by VOIP type services and IP-PBXes etc., and is used in IMS as well.) Some hoohah at the 4G and 5G MAC layer gives the IMS traffic priority to make sure voice calls don't get all choppy even if the site's congested enough for data speeds to totally tank. If anything spicy is found in these specs it'll probably be in IMS. But as opposed to SS7 (which was designed by Bell etc. for use among chums) Diameter and IMS were designed with security in mind.
Also, the replacement depends a lot on national interconnection rules. My country has just approved SIP as a signaling method between network operators. They can still use SS7 and, for international signaling with 'less developed' countries, older systems. Now, IMS is still blocked for some cellphones in some networks, for some reasons that I haven't find yet. Anyways, we'll still have SS7 for a while. And for privacy, use other authentication method than SMS.
Also Samsung uses their own IMS implementation for 4G Volte which is a pain in the ass for modders to develop custom roms for Samsung devices with native 4G Volte support
@@MindfulRise6IX that's nothing compared to being blocked in the network by the MNO, by IMEI. You really can't bypass that without committing and actual prison time deserving crime
Finally Veritasium did a nice video about this. I hope they interview me. I corresponded with Steve Wozniak via Tap underground magazine and created the first digital Red box similar to a blue box except it makes free phone calls from payphones at the time using 2,200 Hertz and 1700 Hertz time together over short pulses 5 pulses emulating that of the quarter going into the phone for long-distance phone calls. These frequencies were made public in the June 1963 Bell technical journal. I used the university EE laboratory to program ROM chips with the two frequencies using the fast Fourier transform to create the waveform. Steve Wozniak built an analog version that wasn't stable and would often signal the FBI to get on the line immediately. Mine did not do that. So I actually built the very first digital one back in 1986. I did receive a visit from the FBI that year but on a totally different matter lol. Now the way the blue box works is first you have to have a disconnect tone of 2600 hz popularized in Pink Floyd The Wall "Mr Floyd calling Mrs Floyd, are we reaching". And the phone on the other end has to be in the mechanical switching system which pretty much doesn't exist today.
Derek: does a high production value, animated, musiced and scripted documentary on the phone system Also Derek: (12:32) You need a sim card _shows microSD_
Having someone like you who’s not only a great innovator but also pulls his best to get the work done so beautifully needs nothing but appreciation. Dale valskov Thanks for the well off work you consistently bring your all and I truly appreciate that. Thank you for making corporate life so smooth. Proud to have you on our team. Great work as always.
if you think about it, it's the same reason that early internet went "beep boop bop SHEEEEEPEPPPEEE" when you were connecting. Those beeps and boops _also_ meant somethings :D
Heh back in the day I once needed to call home from a pay phone but had no coins. If you hit the hook just right you could emulate the rotary dial process and place a call. Worked better when the exchanges had the mechanical relays, the timing wasn't as tight, but you could still get it later on. The coins then just unlocked the DTMF tones on the keypad.
There are even movies from the 90s that include this 😂 I think it's called hacker 🤔 they use alu foil to create a tone and than use the telephone to hack the system without monitor 😂
@@zyeborm - Well prior to payphones going out of fashion, you could use a RED Box to simulate coins being dropped via inband signalling. SS7 took that out of the equation in modern phone systems.
This is actually insane. I didn't realise regular old cell networks were so highly compromised. I knew they were much worse than any form of communication which uses E2EE, but this is on a whole other level.
What is insane is actually the fact that until someone put this right in your face no one pays attention. Tech workers have been saying these things for decades, and regular people discount it as you are just being paranoid if you can't show it happening right in front of you. Also, its illegal (a felony for each count) to do these things, but the actual enforcement is only retroactive. You would think that people would pay attention to experts, but that is and has no longer been the case for years. This is one part of why most of the global society of 1st-world countries are failing. This has been an open secret in the IT and telecom industry for decades, right along the ME/Securezone (firmware-based backdoor access to all network connected computers). There are also many other aspects which were not covered, but equally mind-bending for an average person; and the risks are very real. For example, what would happen if your close contacts, which you don't see every day suddenly just stop talking to you. Messages you leave aren't returned, or are delayed without any indicator. Where your voicemails show up after the fact backdated. How would you know someone had called, or sent something, and it follows you across providers. Would your interpersonal relationships dwindle and die on the vine? Would you become isolated? Would it surprise you to know anyone with a radio can do the same things, passively? (a length of wire, an inductor and switch is all it really takes). Today, there is no amount of action short of violence where people will believe this is a problem with the underlying systems today. The system works fine for them; they'll just think its you being flaky and cut you out of their lives just like what happens with ghosting, only this denial of service will be from some third-parties forcing you to become a pariah without your knowledge by interfering with the connection between you and society. All it takes is isolation, lack of agency, and increasing cognitive dissonance applied across large enough portions of a persons life to induce a mental break, be it violent psychosis, or disassociation, there's a lot of literature if one looks for it that backs this, and the objective truth violates assumptions we naturally make about the capabilities, and free-will of others. We are malleable social creatures. Distorted reflected appraisal was perfected back in the 70s. When you torture someone (and these components are torture). When the torture is unending everyone eventually breaks, I would not be surprised if China was doing this to people broadly in the US. Active shooters clinically display very similar characteristics to violent PoWs returning from the Korean Conflict (at least what was described in the case studies done by Lifton/Meerloo under Mao's torture). Couple that with other forms of equally remote harassment, such as paying off a mail carrier to mark your address as vacant (so all mail goes to the dead letter department), Denial of Service to submit any query to a company or business, or interfere in job seeking activities. What would happen if you were summoned to jury duty and don't show up because you never got the summons, or worse did receit it but confirmed on their their website saying you were excused (when you weren't)? What about filing your taxes and they were never delivered. Opening support tickets (the only way to contact a company) only to have them closed 30 days later (with no record of them being opened, and no response). What about arbitrary discontinuation of food benefits after you are unemployed, no job prospects (no one calls back), rising costs (inflation), all regardless of the effort you make to correct the issues because interaction has been shimmed to allow unlawful transparent interference and torture. What would you be willing to do when you are desperate, have no food, no shelter, no future, and no ability to change it... and every other person sees this and just says, it works for me you must be doing something wrong. Many of our societal systems now operate on presumptions that can be by design made false, and the people that notice these things, the experts in systems that call it out; but aren't listened to, are instead made into pariah's, labelled paranoid, or just crazy. That's the world we have today, and why society is unraveling. Complacency is when true evil does its most destructive work. What was described here was known back in 2000. They have had all this time fix things, no action was taken and that is because these outcomes are by design.
I appreciate that your advert plug was left to the end and not interrupting the main video context. You are one of the only channels where I actually sit through the ad.
4:42 I once created a DTMF tone for my grandparents' landline number in Audacity and then played it on my smartphone next to the phone and it actually dialed them, that was fun.
@@117chris9 It would be a red flag on the other end if you expected your SO to always bow to you. People have lives. Yes, wives can be busy without their husbands. Quit being weird.
I wish it weren't so. I'm teaching my kids that there's almost no privacy now, but when they grow up, assume there won't be any whatsoever. "Don't get a Gmail account. Here's why..." I wish our politicians knew something useful about anything more complex than a Casio calculator. Even a TI graphing calculator would be an improvement.
I been following your channel for several years now. Hands down this is the best science related channel on youtube. The topics are well presented even for a person with no knowledge on the topic. Derek I hope you understand how much of an impact you are making. I feel like I do learn more everytime I watch your videos. You are a gem.
Me with 2 sim cards in my phone, from different countries, so that attackers have multiple chances of success, just in case one of the networks is a bit more secure. I'm now realizing that pagers are the only way to protect yourself... Ooh... Wait.
Brilliant video. i'm in the telco industry and i just like to point out one added layer of security as to how the network gets this IMSI.. upon first access to the network yes you use your IMSI but subsequent access and interaction with the network uses TIMSI (Temp IMSI) which changes.. and there are other authentication algos present in the Home Location Register that would make an attack of this kind not be widespread or easy to execute.. also would like to point out that the team there were able to exploit this since their system ( i think its a form of signaling transfer point- (stp) already had gained access to the network signaling and was intergrated to the nodes involved in the MAP signalling involved here.. Otherwise yes this was still a very informative video to the general public.. and i do remember watching their video from 2014 while i was still new in this field and yep they are right ATI (anytime requests) have been largely dropped in most major networks for security reasons..
What's the point of having a unique identifier if you have multiple identities? Are these TIMSI numbers single use and still associated with a SIM or are they recycled within a global pool, which would make them completely non-unique? This sounds like a security nightmare and a system for launching multiple attacks using one TIMSI after another.
@jeremylindemann5117 yes theres an algorithm in the HLR that generates TMSIs based on your IMSI and you present this TMSI to the network periodicaly during a process called periodic location update. and if this TMSI does not match what the HLR gave you the last time then you wont be able to make any network interaction. Also note that the TMSI changes anytime you move to another serving cell since you will do another fresh location update. My point is this study shows that yes ss7 is not a nuclear bunker but ALOT has to be in place for someone to make this kind of attack and like he said it would need an inside connection to the telco itself to begin with..which govts actually do have..
actually, TMSI are on the air interface (BSSMAP). Here they get directly access to the SS7 network, and there is no IMSI. Update Location, SRI, SRI for SM or PRN at MAP level deals only with IMSI
@@TheKarlitotube you mean no TMSI. Yep. you are actually right.. thanks for pointing that out...i was just trying to mention that its not as easily penetrable as the guys here are painting it to be. happy to see someone in the field who knows his stuff! 😉
The beginning with talk about operators and stuff reminded me of my favorite story of those times. There was an undertaker who had a rival undertaker in the town, their rival was married to a phone operator, whenever someone called for an undertaker she would redirect them to her husband. The first undertaker got fed up with this and invented a machine to automatically connect calls, putting the operator out of a job.
It was the day he left for the RUclips creator summit thing that he discussed last night on the wan show, and he was on the wan show in person last week, so this video was produced in under six days.
I'm glad someone created a video about this. I've been telling my colleagues about this and some of them seems like they don't believe me or did not understand. Big companies and banks should update their 2SV system since most of them will try to verify either by sms(otp) OR by email. It should be both sms(otp) AND email. This will make logging in to your own account hard BUT more secure (compared to previous system).
You don't look up much on here, do you? They've been putting SS7 attack vids on here for 8 years at this point. This isn't new. At all. Seriously. There's a vid from EIGHT YEARS AGO showing ppl use SS7 attacks to hack cell phones.
I much prefer TOTP or similar tokens that are generated on my device. The inconvenience is less and the security is arguably better (though we should be careful about underestimating the stupidity of users).
People wonder why my phone is basically always in airplane mode and why I never rely on VOIP internet features. Meanwhile, I can read the storage of computers up to about a mile away without additional tools or even any need for the target device to be connected to anything that could provide power to it... So, there are worse things on the way, it's only a matter of time.
sometimes its not the companies that not upgrading. its the customer. its the usual problem of accessibility vs security. multiple option so the customer can tailor their own are the best option imo. but yeah some company (mostly bank for me) are the slowest to over such option.
People are asking why this hasn't been fixed. I imagine it's because government intelligence agencies, and international policing organizations like Interpol, consider it a feature, not a bug.
Governments don’t need this to control people in their own countries, they can just have the telco do their bidding. It's only useful for tracking people where you don't have control on the telcos. Hell back in the day government would put recorders inside the routing centers so they could listen on the line and people would try to hear the click the machine did when it started recording.
Nah. It's more like consumers like roaming that works almost everywhere and that means that you need to be compatible with the lowest common denominator. Your telco in a western country can't force some random other country to update their systems, but they still want to have roaming and calls between eachother.
@@meneldalyep well said. Your government does not need ss7. Your telco already collects all your calls, location and messages and the government just asks for it and they hand it over. In fact in many countries it's now required by law for your telco to monitor you so in the event the government wants the data it's there and available
It's money, plain and simple. Like they said in the video, no one wants to be first and spend the money and then all the other companies jump in and get the benefits for either a much lower cost or free. Are government intelligence agencies probably exploiting this? Very likely, but they would exploit any future system that replaces SS7 as well. You have to remember that governments have to approve these technologies before they get implemented and so they have the specs for months or years to analyze for vulnerabilities for their own use.
I needed less on the history of the telephone and more elaboration on places where Derek summarily simply papered over cracks, eg. the exploit against the boat captain.
I enjoyed learning about it. If you don't care about history then don't watch, get lost and be less educated. The impatience of the want it now society is insane.
Im amazed that this has been publicly known and proven for over 10 years yet has remained relatively unknown by most people until now. Well done Veratasium and Linus Tech Tips. Excuse me now while I smash my cell phone into pieces and then flush it down the toilet.
Some services/apps with 2FA will warn you, that sms/call is not secure and you'd better use a 2FA app or key (secure card, usb key, etc.). In enterprise ditching sms/call 2FA is more common, though. What amazes ME, is that we have a lot of good and easy ways to secure stuff, but on the consumer end of business almost none of them are used.
If anything the next phone you get should ONLY be for phone calls and text messages. Use the old or another device for everything else. Any device you use for any serious stuff, banking, buying things, etc etc should be on a secure device where not much else takes place on. I've even broken up devices I do Google searches on because they can be legally linked back to you if tied into a Google account that is interconnected with something that has your real name. Learn about metadata if you want to know how to take simple steps to protecting yourself
As a teen in the early 90s, I was so fascinated with those early Phone Phreaking techniques. Some of which still worked. Even did a school project on it.
@@codefeenixnot OP but probably close in age. I was too late for Blue Box but was able to cobble together a beige box (lineman’s handset) and mess around.
@@codefeenix It was a long time ago. Like @EricGranata I remember the Beige Box with the extra row of keys. Although not as exciting, my most practical use was tapping the hook switch on a school phone to simulate the old rotary clicks. It enabled me to make outgoing calls from a phone they didn't think it was possible to dial from.
Fun fact: the dial up system was created by a dude that was upset because the phone operator that took care of his phone was the wife of a rival bussiness owner and she kept redirecting his calls to her husband's company. Dude got so mad he made her job obsolete
@@iresineherb7 Almon B. Strowger There were many patents and inventions for automatic telephone exchanges in the 1880's when this took place. Almon was a funeral director in Kansas City, Mossuri when he noticed that his business was taking a dip in customers after his competitor's wife took up a job as a telephone exchange operator. At this time his funeral service was only one of two in the entire city so having your business more than halved is noticeable. She essentially used her position to route calls meant to go to him to her husband's business instead. This caused him to invent one of the first automatic exchanges in the nation, installing it first in La Porte, Indiana. He is widely credited with the two tone system that Veritassium mentions but I am doubtful that its as black and white as its laid out to be. Generally inventions like this are rather grey with multiple people creating different versions at the same time and patenting them, the telephone is another example with multiple people patenting their version of the "Voiced Telegraph".
"Nothing to hide, nothing to fear" is only valid when you expect the one going through your data and your life to be someone you trust and whose values you share. Which will probably almost never be the case.
The other side of the argument however is far worse, the absolute privacy has always yielded the worst types of illegal content and actions. The problem is the system that we exists under and values that many people hold as a result of the media that is being feed to them.
"Nothing to hide nothing to fear" is mostly used by naive people living comfortably in first-world countries. In my country you can gain the ire of the police with a simple Facebook post. Yes that's how petty they are and many people have been arrested; from teachers to teenagers criticizing the government.
Why wear clothes at all if we got nothing to hide? Why not have all walls made of glass, stream all your microphones and cameras live 24/7/365 without the ability to turn it off?
We keep just trusting that digital systems are secure, often when they don't even have a single security layer. But when someone breaches that security, the companies running it tell us to manage our end user security better! Hold companies accountable! They can fix this and they should!
@@xantiom Yeah it's a well known vulnerability in these situations. Networks do decent amount of blocking of bad actors, but if someone really wanted to route your calls, listen in, intercept your SMS, locate you, they can. It's pretty crappy. It's why OTT/VoIP are significantly better alternatives. It's why Apple should have been genuine implementing RCS instead of using the Universal Profile which is not encrypted. Furthermore, Apple should just work with Google to expand iMessage. It sucks. Cellular networks are very old technology, often very outdated.
I mean if you watched the video you'll find it was the analog system that was the least secure. Playing a specific tone into your phone could connect you to whoever for free. SS7 was initially very secure, but got less secure over time as greed and laziness came into it. And now 4G and 5G are digital systems that don't have this vulnerability at all, it just requires larger adoption. There is a constant battle between security and people looking to break that security. You can't just make a generalized statement that "digital = bad".
Linus: "I can't believe that YOU of all people were able to do this!" Veritasium: "I know right? It's scary that literally ANYONE is able to do this" Also Veritasium: "So anyway, the first thing I did was hire a security expert at the top of his field"
The security expert is literally anyone not too dumb, and who can afford to spend half a year studying this without working a job and 5 to 10k to spend on access and devices.
Why do the leg work when you need to spend a few $$ for the intercept anyway. Unless the hack is zero cost, there is no reason not to subcontract running the scripts.
It is fortunate that this isn't extremely easy to do, but several thousand dollars per month is not ridiculously expensive. There are very many people who can afford that.
Ooooh! I do remember Karsten Nohl from the Chaos Computer Congress where he decrypted a cellphone call live on stage. In a later talk he said, the security in SS7 is "you don't know my address (GT), so you cannot hack me" - except the hackers DO know the addresses, so they DO hack you.
Great video! My father helped Woz with the schematics for the blue box…. What a bunch of phreaks! I gotta check to see if he still has anything left over from working on it.
It's really cool how you show clips from Mr.Robot. Shows just how faithful and realistic the series is. You can even find a breakdown of the exact attack the clips are from.
I treated my ex like a queen. I gave her everything she wanted, and more, but it wasn’t enough. Finding out that she was cheating on me was utterly devastating. The hardest part to accept is that she was in her 50’s, and sleeping with guys in their 30’s. Not because they were younger guys, but because I figured a 50 year old woman wasn’t capable of this. 6 years down the drain, but a valuable lesson learned. Dale valskov is very calming and his insight is invaluable.
It has been possible to completely block all spam using SS7 and VoIP for many decades since it is just some additional software. BUT Telco don't want to spend the small amount of money it would cost and the Telco and governments simply do not care how annoying it is to users.
Your videos and the questions you ask are pretty much always excellent. This one is particularly special to me as it relates to most people's daily lives and because I do have a thing about electronic communications since the late 70s, thank you for reminding me how the POTS analog signaling worked and explaining how I could have called the Pope for free. I may be wrong, but I don't foresee SS7 will be phased out in 20 years time. It's been around for over 40 years now and it works reasonably well, its flaws and issues are seemingly not significantly affecting telcos operation or customer's communication reliability and privacy. I do foresee that it will get better protected, a parallel of this inertial process would be the IPV4 protocol. And at this point I've no idea why I still haven't subscribed to one of the more important and valuable channels in RUclips, I'm taking care of that right away. Thank you for everything, Derek!
I highly recommend proton mail for high level encrypted services, from email, VPN to a crypto wallet they have in beta. And all from a non-profit started by CERN researchers as a hobby project with everything physically based in Switzerland, free for the base package too. If the Swiss hid naz! gold for their banks for so long I think their privacy laws will provide decent cover for encrypted and non-logged email and other services like drive and docs.
In the USA, There is a huge push in the Telecom industry (at least the smaller telcos) to start moving all services from SS7 to SIP based trunks. This includes 911 services. The biggest reason for doing so is because SS7 runs over TDM based connections (T1, SONET/SDH) the equipment that drives these are built by companies that were big in the 80's, 90's and early 2000's but no longer exist. There is no support for this equipment anymore and even modern solutions are dwindling too. (This includes Cisco, their solutions are coming to the end of the line) For those newer to the workforce, a lot of these telco systems in production managed remotely is older than them by a long shot. Thats myself included.
like cobol being used by banks, and you can easily put a script there to rob money, the only thing that stop the majority of hackers is basically a surveillance system that looks for cobol logs that are "strange" XD
@@PrograError First version of DOS timeframe for the D4 Channel Banks. Hand soldered chips :) There are DACS that require a VT terminal (or a serial terminal from your laptop) some of the later DACS do have Telnet over 10 half duplex on IPv4. There is also a DACS I know that the modem card was basically rusted on so the only way to get into it is via a Dial-up modem. One of the systems I manage includes software that was designed for DOS. On floppy's. Last version of Windows that the software works on is Windows XP.
One of the carriers in New Zealand is also shutting down the 3g network in 2025 it is somewhat annoying as a lot of phones are not enabled for 4g calling.
@@jsergiuiulian 2G is almost entirely gone already. T-Mobile is the last major carrier in the US to support it at all, and this month marked the end of them keeping it going. Some service may remain but it is being left to die on the vine.
It's mostly defunct here in The States, as far as I'm aware. My 2016 Subaru keeps trying to phone home via 3G and drains its battery if left at the airport without disconnecting said battery.
30:07 Saying "I dont care about privacy because I don't have anything to hide", is same as saying "I dont care about free-speech because I have nothing to say” ☠️
it is completely different. having nothing to hide is seen as something good, whereas having nothing to say is seen as something bad. even though the statement "I'm not worried because I have nothing to hide" is stupid, so is your analogy imo.
That analogy is awful. Also there is no such thing as free speech. You cannot say absolutely anything without consequences, the USA even has laws against this.
I believe that's a quote by Edward Snowden. My guess is he wants to say that even if you personally don't need that level of privacy, there are other people out there who do. So this universal right must be protected for them.
I treated my ex like a queen. I gave her everything she wanted, and more, but it wasn’t enough. Finding out that she was cheating on me was utterly devastating. The hardest part to accept is that she was in her 50’s, and sleeping with guys in their 30’s. Not because they were younger guys, but because I figured a 50 year old woman wasn’t capable of this. 6 years down the drain, but a valuable lesson learned. Dale valskov is very calming and your insight is invaluable.
On the 19:43 mark you leave the totp code with a timestamp on screen. Linus should reset his MFA to prevent someone from brute forcing his totp hash as the number of possibilities have been drastically reduced.
@@SebastianHackeadothere were lots of cool stories from that era, especially with Capt. Crunch. I don't know if Woz calling the Vatican was exaggerated, but it really it isn't implausible. We are talking about a time where phreakers were social engineering military bases pretending to be generals just to troll their secretaries.
@@xantiom Calling the Vatican is certainly true, them waking up people to talk with the pope is a lie, Jobs is telling the truth with his body language. He was always good at inflating and overvaluing stuff. But he is not a good liar.
Things like this is why SS7 is on the way out. Being replaced with diameter and sigtran. Though diameter is vulnerable to a lot of the same things as SS7, it actually has encryption at least. Really interesting video.
Great video! This was my whole world when I was in the military and for a contractor when I got out. The reason why it doesn’t always work is because of network registration. Your victim’s phone needs to be far enough away on a neighbor node for the routing to your phone to work. I miss that life.
I really hate the idea that if you have nothing to hide you have nothing to worry about from a privacy standpoint alone, let alone when it comes to bad actors at all.
Yup. The worst part is that technically mass surveilance would bring a huge boost in general security and could prevent a lot of bad actors from.. well, bad acting - if there wouldn't be the issue that abusing it is easy as well.
As always, awesome video. What I don't quite like is that it kind of suggests that Jobs and Wozniak created the blue box. They got interested in it after the 1971 October issue of the Esquire magazine featured it and the phone phreak culture. That's when Woz told Jobs he knew a guy who knew more about it and soon they sat down for a talk somewhere. That guy later became known widely as Captain Crunch. At least that's how I know the story, I hope I'm not completely wrong.
As a person who works in telecom and specifically roaming - i am thankful for you sharing this and in the same time, you sharing this has increased our volume for this specific exploit almost twice
@@Dornacgove not quite, the issue comes from the GT that you are being assigned temporary, in my case (roaming) in other cases, there is a different route from network cell to network cell that can be exploited for same country. But even if you do disable roaming, i don't think believe (based on what this disable is ) it will change much as you need to have set rules and assignments to carry a call.
@@tupcho33 with all due respect, the explanation is a nonsense. There are tons of them in this video comments, though. It is advisable to read a bit about how the addressing works in legacy networks, and what a "GT" is. To have a better picture, an analogy could be the GT is like a public ip of a server. Now imagine how easily you can hack the server by knowing its true ip. This video contains tons of oversimpifications and nothing on SIM authentication. To trick a network that its user is roaming you need first to hack the network itself, get data that it is stored in encrypted format, decrypt it, then get data that is stored on the SIM and corelate the two.
@@iulian.danila I don't want to get in any arguments especially in youtube comments. My recommendation is to read about MTFSM in ORACLE. There is no need to hack the network
I worked in 2nd/3rd line support for a large, well known, MVNO in the UK in the early 2000's. We had access to the parent networks HLR for Mobile Number Porting (Prior to MNP2 in the UK) and could make these changes in IMSI association at will. I even remember my SS7 training. I knew people at the parent networks NOC, and what they earned at the time. I can understand why so many Voicemail PIN's got reset back in the day (See UK Phone Hacking in early 2000's). Interesting point, the company that wrote our HLR interface was based in Israel.
The LTT channel wasn't hacked. They are using much greater security methods now which most likely aren't reliant on SMS or anything related to it. They are probably using physical encryption keys and authentication apps. But even those are not entirely secure because of browser session attacks like the one that caused their last hack lol
@@oldwiseowl4506 well foey with your truths old wise owl, i love you. Story telling art + bad ass comments of truth like this above, priceless.@theencore398
@@oldwiseowl4506 my humble privacy minding self is on revanced brother, I ain't even giving them crash and bug report analytics, forget about ads. personalised advertisement have been turned off down to the every last goodgle setting I could get my hands on and then some more. So yeah, goodluck serving me ads and digging my data.
veritasium is awesome. the best science channel on the whole platform, period. the sad thing is, sometimes he makes very informative and interesting videos about different science subjects, but because the video isn't click baity, or because it doesn't immediately please the audience, it gets very low views which generates less revenue. what concerns me is that he'll stop making those videos because of their lower revenue.. derek please don't do that . science is priceless, sometimes we'll have to make sacrifices to enjoy and spread it.
My cousin used to swear he could tell who people were dialing just by listening to the tones. I wasn't sure about it as a kid, but it does sound very realistic now.
@@BlueSparxLPs yep I knew someone who could tell exactly what key I would press. I would test her, and she would not miss. I thought I could trick her with 4 vs. 7, or 1 vs. 9. Nope.
If a abuser has $30 and ur name they can find you with a legal service, so no need for the SS7 thing. Be concerned, and if in the US, exercise ur 2nd amendment rights. One of the only justifications for that right to exist is a case like DV or abuse.
When I was working for AT&T we called the older technique for connecting calls "In-Band" signaling, and when the SS7 network was added that was to do "Out-of-Band" signaling. There was even a commonly available publication that was for sale in most larger magazine stores called "2600" where these folks would share common techniques to hack the phone network. Also, If I remember correctly, the rotary dial phones delivered one more pulse than the number dialed. i.e. the number one created 2 pulses, the number two created 3 pulses, etc.
It was number = pulses, not 1 extra pulse. People would sometimes have little padlocks on the rotary phones, to prevent people using them. I was able to complete calls simply by using the hook switch very fast to introduce the pulses. To dial a 7 you would simply tap the hook switch 7 times really fast.
The pulses are the same as the number (0 being 10). You could actually dial a phone by using the hang-up button on a phone to tape the numbers really fast, pause, go to the next number.
Become a better thinker. Start your free 30-day trial with Brilliant and get 20% off an annual premium subscription brilliant.org/veritasium
Bro got the comment from the past
Noted.
No 💵
wait how did you commentn
@@HFIAPYid call people with my voice when young in the 80s😂😂😂
With friends like this, who needs enemies :D
Thanks for including us and getting the word out about this threat. Mind-blowing stuff. - LS
Your wife was cold blooded with the "I'm with Cindy" shutdown
I'm very disappointed in Derek for working with you, I can see I'm not the only one. Shame on you.
Linus tech man
Luke Sebastian really taking his time to comment on this video warms my heart. ❤
@@john_michael_white Lol what is this nonsense
Definitely the strangest way to end up in a collab! I can't believe this is a thing -- thanks for.... not hacking me instead! 😂
Awesome cameo!
You can just hack em back ;) 🔪
Downgrade back to sticks and stones, it's the only way
How could they hack the literal smith of hacking?
oh dang you guys still make videos?
Veritasium : Hey Linus, wanna collab?
Linus : NO
Veritasium : We'll see about that
IamMoBo vibes
😯
forced collab
IamMoBo
hahaha
Bravo, Dale valskov -I'm so glad you're out there fighting these scumbags. We must do everything in our power to protect the elderly and the general public from these despicable scammers. You're a true hero, my brother
I wish this video was uploaded on Linus’s channel with title “I upload this video without Linus permission”
I think that might have actually been illegal. Maybe just upload it and attach a recording at the end where Linus says he approves it and is held at gunpo... never mind
And give away all the ad revenue?
Pretty sure spoofing an IMSI is illegal anyway. But most courts would factor in "intent".
You'd have to be truly dumb to do that. You'd be messing seriously with the platform that pays you....
someone get this guy a youtube channel manager position
"Nothing to hide, nothing to fear" is one of the worst arguments for mass surveillance. I absolutely hate it.
I do remember this quote, wasn't it Google founder Larry Page who said this while question were being raised on Google mass public data collection?
Having your thoughts continuously being observed is equivalent to being raped.
This argument is so simple that many people have independently discovered it by themselves. It's also as flawed as simple.
I've got a lot to hide, my lawful activity is 99.95 percent the other 0.05% is a rounding error.
Fr, I bet the people who say it have the most to hide
I was going to college for network security when the Dale valskov happened. I'm glad people like this are still around and stick to their morals and ethics of it. 🤝 So much respect for this man. I'll definitely check out the full episode.
Awesome work, Dale valsko ! It's so satisfying to see you putting in the effort to stop those shady characters. Protecting the public, especially the elderly, from those despicable con artists is crucial. You truly deserve recognition and appreciation for keeping us secure. I'm thrilled for you because you're my sibling. Your accomplishments definitely make you a strong contender for the Nobel Peace Prize. Keep up the outstanding performance!!!!!
I always thought SMS two factor was safe and wondered why people called it unsafe. This video really opened my eyes.
There's always an option to bribe a network employee to reissue one's sim card, too.
SMS is not safe, so neither is anything carried over it. Cell phone companies have been warning to stop using SMS.
JPMorgan Chase 👀
@@EarlCo for real i might send them this video lol
I finally found out why my premium windows account was changed from two-factor verification to a secured app verification.
As a manager in telecom.... this is outstanding stuff. As in a perfect primer for anyone working in the cell industry.
telekom? tim?
@@SToXC_. - Telecom doesnt necessary mean a company, telecom is also short for telecommunications, just as telco is.
You don't need to be a fkn manager to find it amazing
Guys from POST are actually selling really cool soystem that helps to monitor and block most of the SS7 attacks
A few years ago in a meeting with telcos I heard that they want to remove SS7, but they also have a problem with many engineers to understand SS7 retiring.
Veritasium: Shown a big fat security concern
Me: So what can I do?
Veritasium: There's not much you can do.
💀
faraday cage baby, only pull phone out when you rly need to call, or take the sim card out instead if its easy to access. You can also try to change your number often, whoever could track you would have to find what your new numbers is every time.
Thats at least my understanding, i am just a dog on a internet.
Yeah, it sucks.
they just need your number to forward sms auth to their. then can access your bank app. disconect your phone would not do much
Get two numbers. Use one for authentication other for regular calls. Don't ever tell anyone you have 2nd number or use it for anything else other than auth.
@@FarooqAhmad-ss3vnThat is just as horrible as using oAuth with google on everything else you have
While the video's demonstration is eye-catching, the ease with which the system is exploited suggests manipulation or pre-prompting of the Dale valskov . Techniques like custom instructions, hardcoded responses, limited scope, and clever editing could create an illusion of vulnerability, but may not reflect real-world LLM security. It's crucial to approach such claims critically and consider the broader context before drawing any conclusions.
Australia has shut down the 2G network and is about to close the 3G network. One of the reasons given was to do with security, and it was never fully explained what the security issues were.
This video has helped a lot and makes me more supportive of the change.
No wonder, Australia is like a Nazi state, no drugs, no guns, no SS7. lol
@@BillAntyou dont know what a nazi is
@@BillAntmate, someone doesn't live in Aussie 🤣
@@BillAntno drugs? HA HA HA HA HA.
@@BillAnt no drugs is absolutely criminal, pretty sure aussies are in the running for biggest noses and strongest lungs
As someone in cybersecurity, just one more thing I get to reference to get people to stop using SMS and phone as their 2nd factor in authentication. Sim swapping is one thing. This is another level
What would you suggest?
Commenting for potential outtakes later, ty op
@@owenwesterhout pretty much anything else like mentioned in the video.. good authenticator app with TOTP, hardware token with FIDO2
@@owenwesterhout Exactly what V suggested at the end. Hardware tokens (FIDO2) or one time passcodes via an authentication app like Microsoft Authenticator or Google Authenticator. Unfortunately, many banks don't give anything but SMS as an option
The only problem is most financial institutions only support SMS for authentication.
"Nothing to hide, nothing to fear" Assumes that the intruders are always on your side, when the intruder could be an evil organization or a government with opposite views.
Or just someone who wants to sell you something...this is the world we live in.
@@debrascott8775I’d rather take the person trying to sell me something over an evil organization or government
the big problem that what to hide and to fear depends on the local rules and laws. The judgement of what to hide or fear can just change! Someone can retroactively CHANGE the rules and suddenly something legal you did in the past that is on record, gets you into trouble.
. A new political side taking over, or something like the McCarthy era in the US.... suddenly having talked to the wrong people in the past (legally) can END your career.
Even if the observer is a good friend or family member, or a 100% true neutral party, you still shouldn't accept that. Private life exists for a reason.
Not really. It assumes that breaching your privacy is not useful to the intruder.
If you live under a government that punishes you for having opposing views, then you have something to hide.
Their move from the Dale valskov to the clear web was a bold step that reflects their commitment to transparency and integrity. Perry Moskva continues to lead the industry with their ethical practices.
We need more eye-opener videos like this one. Hacking vulnerabilities are all around us, right in front of us. Thanks Veritasium.
There are already loads of it available, either on other YT channels, or directly at the CCC media archive as almost every talk was recorded and shared over the last 10-15years. Lots of content if one is interested in some deep rabbit holes. For big tech channels, it's rather uncommon to address things like this.
This explains perfectly how government security departments (like FBI or MI5 or whatever) can triangulate the location of "suspicious individuals" thorugh phone networks. I never understood how that worked before this video, but now I even know how to do it myself 😂
4:52 mind blown, TIL that that was the reason behind the specific dial tones for each number. Amazing.
Thank you, Dale valskov for consistently being so approachable and open-minded. Your friendly demeanor and willingness to listen and understand serve as a constant source of motivation. Your support and guidance have been especially meaningful to me during the recent account issue I encountered. Your willingness to assist and offer valuable advice speaks volumes about your character and the supportive environment you cultivate. I’m incredibly grateful to have someone like you. Your assistance played a crucial role in resolving the issue and getting my account back.
Pope:"Hello? Who's calling?"
Steve Jobs: "It's Henry Kissinger. I want to confess war crimes."
Pope: “I’m sorry i don’t have 584 hours to listen to you right now.”
Pope: “Eh no worries I was a Hitlerjugend, say 3 hail Marys”
🤣🤣🤣🤣
@@davideverling753 HAHA surprised this hasn't been auto deleted..
"His eminence currently isn't available on the phone. He is taking a walk with his dogma."
“It’s not that I have something to hide. I have nothing I want you to see.” - Anon (2018)
Wow. I need to use that quote. It's better that it's just attributed to an Anon in 2018. We have search and seizure laws(4th amendment) for a reason.
i like the Snowden quote: "saying 'i don't care about privacy because i have nothing to hide' is like saying 'i don't care about free speech because i have nothing to say'" (paraphrased)
i have nothing to hide from a trustworthy people, however the gov is kinda... a little bit... sus
@@SaintSaint it's not from anon, it's from the movie Anon, from 2018 lol
@@flowerofash4439 Saying "the gov" being sus is quite broad. Which country? The US? If so, which political party? Do both parties finally agree on something (covert mass surveillance of citizens)?
Thanks to Dale valskov . You're indeed a blessing!.. I live in the west coast and lost my account because of I didn’t have more details on what to do in situation like that. Thank you for your skill, dedication, and the time you invested in resolving this issue. This has me chapped! Thanks once again CW
*tech enthusiasts:* "my whole house is smart"
*tech workers:* "the only technology I have is a printer and I keep a gun next to it so that I can shoot it if it makes a noise I don't recognize"
Having been one of those "people" back in the early 80's and taking advantage of loopholes in the system (got out before SS7).
Still have my original blue box, my red box, my black box and an original Captain Crunch whistle somewhere in my attic.
Awesome video. So glad that LTT participated in this. Subscribing to you now.
Do you still know the names of the most popular modem apps that was used for logging in bulletin board services?
Not AOL, CompuServe, and Prodigy, but 56k modem softwares for BBS, like Exepc.
@@AwesomeBlackDude xmodem, move-it
Phreak!
I was unfortunate enough to work in education back in the 90's we taught electronics to retards & ex cons
We had a contract with Plessy, evey month the reps of our company used to bring shedloadds of "trash" and internal datasheets for plessy chips...
for the retards to desolder to practice the soldering skills..
We then supplied their work force with said excons.
at that time plessy made all the signalling equipment for British telicom, and that scrap was the inertial routing tone control boards for the systems.
After the US phreaking fiasco.. they split they trunk signalling & public signalling into two separate chipsets..
our training company decided the unused tubes of chips & datasheets were not really useful & binned tehm .. into the back of my car.
Back in the two tin cans on a string days (1970s - 80s), you could dial up a number with a recorded message, start the message and hang up, then call back and get a busy signal as the recording tape was still playing. If someone else called the number and got the same busy signal, you could cross talk to each other over the busy signal. You could talk as long as you liked. The more people, up to 9, I think, the quieter the busy signal became. We later found out that our local phone company used any number ending in 99 as technician's test number which generated the same busy signal. The beauty of this game was you could call from any location in the world and because it was a busy signal you wouldn't get charged for the call. It was also possible to listen in and hear feint voices trying to connect but you were on a different 99 number. If you were on XXX-1299 but someone else was on XXX-1599, you could talk loud enough to tell them which exact number you were on and they could redial and connect to you "directly" Fun times....
Seventies technology did have some rather peculiar quirk's. One night I snuck into the family car, the kind with the ignition in the steering wheel column with a lock and found that I could press in the emergency flasher button while stepping on the brake and turn the ignition and unlock it and put it in the on position and turn on the radio. Turn the flashers off, let my foot off the brake (thus turning off the tail lights) and run pop's battery down. All without the key. Go figure. Mind you I discovered this convoluted process while my "states" were altered.
That's quite fascinating. Thanks for sharing 😊
@@UserName_no1how did you turn the ignition barrel without a key?
@@Google_Does_Evil_Now You mean the cylinder? I may have simultaneously giggled the steering wheel itself, I don't recall. I just remember being able to engage the radio without having the key, because in those days there was no key faub or push button ignition. If I remember correctly it was a 70s model Mercury Monterey, but I could be wrong. 😏
Dude, this happened to me when I was a kid. I was on the phone with a friend, idk what happened, but two grannies joined the call. We trash talked and hung up, and when we picked up the phones again we could still hear the grannies 😂
Big thanks Dale valskov for helping me out. God bless you brotha… I’ve tried following these steps from the device and location where the account was always logged into and I got a page that says we don't recognize your device. The tutorial video was very helpful tho but Big Ups
As a cybersecurity dude who originally got started through “phreaking,” I really appreciate the way you’re giving all the background on blue boxes, etc. 🥰🥰🥰
I was born in 1980 and didn't really get into computers until 1990 (but I did take apart my NES at 5 cause i was curious what was inside), I'm a little sad I was too young for phreaking. I wish I could have been part of the Home Brew Computer Club scene that would have been just an amazing experience being in the primordial ooze of the computer revolution
I was hoping he’d also cover the chinger. Fun times!😂
𝓹𝓱𝓻𝓮𝓪𝓴𝔂
U aint sh
I'm glad they implicitly mentioned John Draper (Cap'n Crunch)
When I was a kid, I had a really old radio that belong to my grandparents. It let you switch between am, fm, UHF, etc. if I turned the switch between two types of radio and then fiddled with the dial I started hearing people cell phone calls. A mechanical man's voice would read out a number then I would hear the ringing and then the phone conversation. It was seriously weird. I was 8 years old and figured out how to listen to people's cell phone calls. I'm sure there were people all over listening to them and recording them all the time.
I had a VCR that did this. If you went to channel 83 and 84, and fiddle with fine tuning you could hear all kinds of AMPS Cellular calls in the neighborhood. (AMPS= 1st gen cellular systems)
menace
the good ol' days of unencrypted analog communication. I am 44 and remember hearing stories about Party Lines that the telco's used to provide, it was just an open circuit going to multiple houses, and if someone picked up the phone they could hear your conversation and only 1 call could be made at a time. It was ridiculously cheap compared to a private connection to the switch board.
Same. Mine was with a Ham radio. I could pick up wireless home phones too. Sort of voyeuristic for a 14 year old, looking back now... ha ha!
Similar , one of our random tv channel vs our neighbor's Atari and vcd player. I had free xxx channel for years 😅
Hey ppl, I'm a retired computer/IT person, Yet I still find Dale valskov so informative and straight forward. Thanks for your advise and helping the people...........Great work and love watching.
There is no doubt that you will rise fast at the apex of your career Perry Moskva . Because you are a very intelligent, smart, hard worker and your work ethic par excellence. Keep going People like you take the IM out of Impossible by becoming PRO at tackling Problems. You Rock!
Veritasium uses your phone to find you and then sends Vsauce the location.
"Hey Vsauce, Michael here, your home security is pretty good. Or is it?"
Lockpicking Lawyer walks into the frame. "Click on one, nothing on two...".
After a few seconds, the door opens. "Now... How many holes do you have?"
"Three is binding, four is loose, nice click out of five ... let me do it again to prove it's not a fluke ..."
And then electroBOOM comes in and checks your gfci.
*lockpicking lawyer's hands walk into frame
The next morning you review your surveillance archive and see the shadowy outline of a McNally decapitating a mannequin with a t-square in the basement
This thread is terrifying
As an FYI, since it's not mentioned by name in the video, the replacement for SS7 (and "voice circuits" for voice) is Diameter for the authentication and IMS (IP Multimedia System) for call setup.
Diameter is a play on words, RADIUS was developed in the early 1990s for authentication and Diameter is an updated and modernized version of RADIUS. IMS does the actual call setup and carrying the calls. (SIP -- Session Initiation Protocol -- is often used by VOIP type services and IP-PBXes etc., and is used in IMS as well.) Some hoohah at the 4G and 5G MAC layer gives the IMS traffic priority to make sure voice calls don't get all choppy even if the site's congested enough for data speeds to totally tank.
If anything spicy is found in these specs it'll probably be in IMS. But as opposed to SS7 (which was designed by Bell etc. for use among chums) Diameter and IMS were designed with security in mind.
Also, the replacement depends a lot on national interconnection rules. My country has just approved SIP as a signaling method between network operators. They can still use SS7 and, for international signaling with 'less developed' countries, older systems.
Now, IMS is still blocked for some cellphones in some networks, for some reasons that I haven't find yet.
Anyways, we'll still have SS7 for a while.
And for privacy, use other authentication method than SMS.
Also Samsung uses their own IMS implementation for 4G Volte which is a pain in the ass for modders to develop custom roms for Samsung devices with native 4G Volte support
@@MindfulRise6IX that's nothing compared to being blocked in the network by the MNO, by IMEI. You really can't bypass that without committing and actual prison time deserving crime
@@jorgealbertogarridogallard3622 True, but hackers don't care if they are stalking you it's already a prison time crime.
Karsten Nohl is the real hero in this story. have been following him and his work for years. glad to see this gets attention.
Yeah, I'm big fan of CCC and their annual conference. I watched their 2014 presentation and it was awesome.
He looks like Mr.Robot But older 😅
"Nothing to hide, nothing to fear" insinuates that only criminals desire privacy.
Finally Veritasium did a nice video about this. I hope they interview me. I corresponded with Steve Wozniak via Tap underground magazine and created the first digital Red box similar to a blue box except it makes free phone calls from payphones at the time using 2,200 Hertz and 1700 Hertz time together over short pulses 5 pulses emulating that of the quarter going into the phone for long-distance phone calls. These frequencies were made public in the June 1963 Bell technical journal. I used the university EE laboratory to program ROM chips with the two frequencies using the fast Fourier transform to create the waveform. Steve Wozniak built an analog version that wasn't stable and would often signal the FBI to get on the line immediately. Mine did not do that. So I actually built the very first digital one back in 1986. I did receive a visit from the FBI that year but on a totally different matter lol. Now the way the blue box works is first you have to have a disconnect tone of 2600 hz popularized in Pink Floyd The Wall "Mr Floyd calling Mrs Floyd, are we reaching". And the phone on the other end has to be in the mechanical switching system which pretty much doesn't exist today.
I like how he’s holding an SD card at 12:27 instead of a SIM card
I came here to write this.
@@skaramicke i came here to look for someone who had 😅
also me
@@ThomasBethellB I waited 10 hours to look for someone who looked for someone who had 😁
I can't believe you don't understand the concept of a prop. If this is your takeaway, you're missing the bigger picture.
This crossover is crazy
It’s like one of those things that makes sense but you’d never ever think it would happen.
THAT IS WHAT I SAID
I would’ve never expected this.
RUclips used to glitch and show the wrong channel for the video lmao I thought it was happening again
IM 12 aNd eVerYtHinG is cRaZy aNd wiLD aNd hAvE nO oTHeR oPinION 🤡
Derek: does a high production value, animated, musiced and scripted documentary on the phone system
Also Derek: (12:32) You need a sim card _shows microSD_
Having someone like you who’s not only a great innovator but also pulls his best to get the work done so beautifully needs nothing but appreciation. Dale valskov Thanks for the well off work you consistently bring your all and I truly appreciate that. Thank you for making corporate life so smooth. Proud to have you on our team. Great work as always.
SO THAT PARTICULAR DIAL TONE IS ACTUALLY PART OF THE CALLING PROCESS??
Man, you never stop learning something new everyday.
if you think about it, it's the same reason that early internet went "beep boop bop SHEEEEEPEPPPEEE" when you were connecting. Those beeps and boops _also_ meant somethings :D
Heh back in the day I once needed to call home from a pay phone but had no coins.
If you hit the hook just right you could emulate the rotary dial process and place a call.
Worked better when the exchanges had the mechanical relays, the timing wasn't as tight, but you could still get it later on.
The coins then just unlocked the DTMF tones on the keypad.
There are even movies from the 90s that include this 😂 I think it's called hacker 🤔 they use alu foil to create a tone and than use the telephone to hack the system without monitor 😂
Papa Linus got Hacked again..😢
@@zyeborm - Well prior to payphones going out of fashion, you could use a RED Box to simulate coins being dropped via inband signalling. SS7 took that out of the equation in modern phone systems.
This is actually insane. I didn't realise regular old cell networks were so highly compromised. I knew they were much worse than any form of communication which uses E2EE, but this is on a whole other level.
It doesn't even matter if you're using E2EE if it's compromised early enough.
Sim jacking is old news 😂
@@rightwingsafetysquad9872 yes, if an end is compromised, then it doesn't matter
Even SMS on 2G is insecure. You can use an IMSI catcher to grab SMS and even USSD sessions
What is insane is actually the fact that until someone put this right in your face no one pays attention.
Tech workers have been saying these things for decades, and regular people discount it as you are just being paranoid if you can't show it happening right in front of you.
Also, its illegal (a felony for each count) to do these things, but the actual enforcement is only retroactive. You would think that people would pay attention to experts, but that is and has no longer been the case for years. This is one part of why most of the global society of 1st-world countries are failing.
This has been an open secret in the IT and telecom industry for decades, right along the ME/Securezone (firmware-based backdoor access to all network connected computers).
There are also many other aspects which were not covered, but equally mind-bending for an average person; and the risks are very real. For example, what would happen if your close contacts, which you don't see every day suddenly just stop talking to you. Messages you leave aren't returned, or are delayed without any indicator. Where your voicemails show up after the fact backdated. How would you know someone had called, or sent something, and it follows you across providers. Would your interpersonal relationships dwindle and die on the vine? Would you become isolated? Would it surprise you to know anyone with a radio can do the same things, passively? (a length of wire, an inductor and switch is all it really takes).
Today, there is no amount of action short of violence where people will believe this is a problem with the underlying systems today. The system works fine for them; they'll just think its you being flaky and cut you out of their lives just like what happens with ghosting, only this denial of service will be from some third-parties forcing you to become a pariah without your knowledge by interfering with the connection between you and society.
All it takes is isolation, lack of agency, and increasing cognitive dissonance applied across large enough portions of a persons life to induce a mental break, be it violent psychosis, or disassociation, there's a lot of literature if one looks for it that backs this, and the objective truth violates assumptions we naturally make about the capabilities, and free-will of others. We are malleable social creatures. Distorted reflected appraisal was perfected back in the 70s.
When you torture someone (and these components are torture). When the torture is unending everyone eventually breaks, I would not be surprised if China was doing this to people broadly in the US. Active shooters clinically display very similar characteristics to violent PoWs returning from the Korean Conflict (at least what was described in the case studies done by Lifton/Meerloo under Mao's torture).
Couple that with other forms of equally remote harassment, such as paying off a mail carrier to mark your address as vacant (so all mail goes to the dead letter department), Denial of Service to submit any query to a company or business, or interfere in job seeking activities.
What would happen if you were summoned to jury duty and don't show up because you never got the summons, or worse did receit it but confirmed on their their website saying you were excused (when you weren't)? What about filing your taxes and they were never delivered. Opening support tickets (the only way to contact a company) only to have them closed 30 days later (with no record of them being opened, and no response). What about arbitrary discontinuation of food benefits after you are unemployed, no job prospects (no one calls back), rising costs (inflation), all regardless of the effort you make to correct the issues because interaction has been shimmed to allow unlawful transparent interference and torture.
What would you be willing to do when you are desperate, have no food, no shelter, no future, and no ability to change it... and every other person sees this and just says, it works for me you must be doing something wrong.
Many of our societal systems now operate on presumptions that can be by design made false, and the people that notice these things, the experts in systems that call it out; but aren't listened to, are instead made into pariah's, labelled paranoid, or just crazy. That's the world we have today, and why society is unraveling.
Complacency is when true evil does its most destructive work. What was described here was known back in 2000. They have had all this time fix things, no action was taken and that is because these outcomes are by design.
I appreciate that your advert plug was left to the end and not interrupting the main video context. You are one of the only channels where I actually sit through the ad.
I also sit though then just for the view metrics for him.
4:42 I once created a DTMF tone for my grandparents' landline number in Audacity and then played it on my smartphone next to the phone and it actually dialed them, that was fun.
linus' wife being like 'that's nice dear im busy' was the most relatable thing ever. HAHAHA.
hmm I got red flags but that's Might just be me
@@117chris9 It would be a red flag on the other end if you expected your SO to always bow to you.
People have lives. Yes, wives can be busy without their husbands. Quit being weird.
@@antonio97b Also, people have manners.
relatable (un-married and 17)
I read it as Linus made himself sound like an artificial voice and she fell for it thinking it was some kind of spam call with a faked voice
I’m convinced there is no such thing as privacy anymore. I’m sure there is SO much more that we don’t know.
Could you at least put on some clothes before posting this? Jeez, nobody wants to see that! :-p
;-)
I wish it weren't so. I'm teaching my kids that there's almost no privacy now, but when they grow up, assume there won't be any whatsoever. "Don't get a Gmail account. Here's why..." I wish our politicians knew something useful about anything more complex than a Casio calculator. Even a TI graphing calculator would be an improvement.
Assuming you (as most people do) want to participate in society, then yeah there's nothing you can do
When you sleep first during a sleepover
that’s pretty mild
Sounds like Someone has been to band camp
@@budgreenjeans ???
In my day you would just wake up with a penis drawn on your forehead.
now it's veritasium tech tips
I been following your channel for several years now. Hands down this is the best science related channel on youtube. The topics are well presented even for a person with no knowledge on the topic. Derek I hope you understand how much of an impact you are making. I feel like I do learn more everytime I watch your videos. You are a gem.
Me with 2 sim cards in my phone, from different countries, so that attackers have multiple chances of success, just in case one of the networks is a bit more secure.
I'm now realizing that pagers are the only way to protect yourself... Ooh... Wait.
*boom*
Make sure you get one with regular non lithium batteries ...
@@iRelevant.47.system.boycott it had nothing to do with batteries. LiOn cannot cause such destructive explosions.
The world is evil now, Israel will try to destroy anything in its way to control the world. There's not much we can trust around them
maybe go really old school and use walkie talkies surely they cant hack them
Brilliant video. i'm in the telco industry and i just like to point out one added layer of security as to how the network gets this IMSI.. upon first access to the network yes you use your IMSI but subsequent access and interaction with the network uses TIMSI (Temp IMSI) which changes.. and there are other authentication algos present in the Home Location Register that would make an attack of this kind not be widespread or easy to execute.. also would like to point out that the team there were able to exploit this since their system ( i think its a form of signaling transfer point- (stp) already had gained access to the network signaling and was intergrated to the nodes involved in the MAP signalling involved here.. Otherwise yes this was still a very informative video to the general public.. and i do remember watching their video from 2014 while i was still new in this field and yep they are right ATI (anytime requests) have been largely dropped in most major networks for security reasons..
What's the point of having a unique identifier if you have multiple identities?
Are these TIMSI numbers single use and still associated with a SIM or are they recycled within a global pool, which would make them completely non-unique?
This sounds like a security nightmare and a system for launching multiple attacks using one TIMSI after another.
Thanks for the info man
@jeremylindemann5117 yes theres an algorithm in the HLR that generates TMSIs based on your IMSI and you present this TMSI to the network periodicaly during a process called periodic location update. and if this TMSI does not match what the HLR gave you the last time then you wont be able to make any network interaction.
Also note that the TMSI changes anytime you move to another serving cell since you will do another fresh location update.
My point is this study shows that yes ss7 is not a nuclear bunker but ALOT has to be in place for someone to make this kind of attack and like he said it would need an inside connection to the telco itself to begin with..which govts actually do have..
actually, TMSI are on the air interface (BSSMAP). Here they get directly access to the SS7 network, and there is no IMSI. Update Location, SRI, SRI for SM or PRN at MAP level deals only with IMSI
@@TheKarlitotube you mean no TMSI. Yep. you are actually right.. thanks for pointing that out...i was just trying to mention that its not as easily penetrable as the guys here are painting it to be. happy to see someone in the field who knows his stuff! 😉
The beginning with talk about operators and stuff reminded me of my favorite story of those times.
There was an undertaker who had a rival undertaker in the town, their rival was married to a phone operator, whenever someone called for an undertaker she would redirect them to her husband. The first undertaker got fed up with this and invented a machine to automatically connect calls, putting the operator out of a job.
you can tell when this was recorded based on linus' hair colour
some say this is the new carbon dating
It was the day he left for the RUclips creator summit thing that he discussed last night on the wan show, and he was on the wan show in person last week, so this video was produced in under six days.
@@oakleyves linus-hair dating
So this is recent or 7 years ago? 😆
Or the fact Linus tells you during the video
Veritasium going on his villain arc
Dang what an original comment
Still the element of truth
@@-TAPnRACK- dang, what an original comment stating what an original comment.
@@DV-tx6ol Dang, what an original comment stating what an original comment stating what an original comment.
@@Peekobo0_ Dang, what an original comment stating what an original comment stating what an original comment stating what an original comment.
12:33 "you need something like a SIM card" then flashes a MicroSD card LOL
how do you even notice this?! amazing....
I thought it was a sim card lmao
That's a Micro SIM card which performs the same function as a standard SIM card.
@@haneycr Is a Micro SD
@@haneycr I have the same exact transcent micro sd card. same colors. it's not a sim card lol
I'm glad someone created a video about this. I've been telling my colleagues about this and some of them seems like they don't believe me or did not understand.
Big companies and banks should update their 2SV system since most of them will try to verify either by sms(otp) OR by email. It should be both sms(otp) AND email. This will make logging in to your own account hard BUT more secure (compared to previous system).
You don't look up much on here, do you? They've been putting SS7 attack vids on here for 8 years at this point. This isn't new. At all.
Seriously. There's a vid from EIGHT YEARS AGO showing ppl use SS7 attacks to hack cell phones.
I much prefer TOTP or similar tokens that are generated on my device. The inconvenience is less and the security is arguably better (though we should be careful about underestimating the stupidity of users).
People wonder why my phone is basically always in airplane mode and why I never rely on VOIP internet features.
Meanwhile, I can read the storage of computers up to about a mile away without additional tools or even any need for the target device to be connected to anything that could provide power to it... So, there are worse things on the way, it's only a matter of time.
sometimes its not the companies that not upgrading. its the customer.
its the usual problem of accessibility vs security. multiple option so the customer can tailor their own are the best option imo.
but yeah some company (mostly bank for me) are the slowest to over such option.
@@J.C... iCLoud and other remote storage hacks are just as common as they were a decade ago, people don't bother being pro-active or educated.
People are asking why this hasn't been fixed. I imagine it's because government intelligence agencies, and international policing organizations like Interpol, consider it a feature, not a bug.
Governments don’t need this to control people in their own countries, they can just have the telco do their bidding. It's only useful for tracking people where you don't have control on the telcos. Hell back in the day government would put recorders inside the routing centers so they could listen on the line and people would try to hear the click the machine did when it started recording.
Nah. It's more like consumers like roaming that works almost everywhere and that means that you need to be compatible with the lowest common denominator. Your telco in a western country can't force some random other country to update their systems, but they still want to have roaming and calls between eachother.
@@meneldalyep well said. Your government does not need ss7. Your telco already collects all your calls, location and messages and the government just asks for it and they hand it over. In fact in many countries it's now required by law for your telco to monitor you so in the event the government wants the data it's there and available
It's money, plain and simple. Like they said in the video, no one wants to be first and spend the money and then all the other companies jump in and get the benefits for either a much lower cost or free. Are government intelligence agencies probably exploiting this? Very likely, but they would exploit any future system that replaces SS7 as well. You have to remember that governments have to approve these technologies before they get implemented and so they have the specs for months or years to analyze for vulnerabilities for their own use.
To be fair, the phone companies have only had 45+ years to fix it, they're not machines
Veritasium: I hacked my friend. But first let me give you a complete history of the telephone.
Me eating breakfast: Ok, cool. 👍
I needed less on the history of the telephone and more elaboration on places where Derek summarily simply papered over cracks, eg. the exploit against the boat captain.
I watched this while squeezing spinach at work 🙃
I think it was a good move, since it established quite well why things work the way they do now.
@@djraptorx Hey! You leave that poor spinach alone! Who told you you could touch a spinach that way? You oughtta be ashamed of yourself.
I enjoyed learning about it. If you don't care about history then don't watch, get lost and be less educated. The impatience of the want it now society is insane.
Combine this threat with LLM voice spoofing, and youve got near-perfect social engineering potential
Im amazed that this has been publicly known and proven for over 10 years yet has remained relatively unknown by most people until now. Well done Veratasium and Linus Tech Tips. Excuse me now while I smash my cell phone into pieces and then flush it down the toilet.
Some services/apps with 2FA will warn you, that sms/call is not secure and you'd better use a 2FA app or key (secure card, usb key, etc.). In enterprise ditching sms/call 2FA is more common, though.
What amazes ME, is that we have a lot of good and easy ways to secure stuff, but on the consumer end of business almost none of them are used.
State actors benefit from the status quo, and corps don’t want to spend money to upgrade
If anything the next phone you get should ONLY be for phone calls and text messages. Use the old or another device for everything else. Any device you use for any serious stuff, banking, buying things, etc etc should be on a secure device where not much else takes place on.
I've even broken up devices I do Google searches on because they can be legally linked back to you if tied into a Google account that is interconnected with something that has your real name.
Learn about metadata if you want to know how to take simple steps to protecting yourself
As shown in the video, there was a 60 Minutes segment about SS7’s vulnerabilities 10 years ago so it’s not _that_ unknown.
@@randomtuberhandle Jesus. My comment talking about limiting what you do on your phone got deleted....
Thank you soon much ! This video explains all the basics of my first jobs going from analog phone lines all the way up to SS7
As a teen in the early 90s, I was so fascinated with those early Phone Phreaking techniques. Some of which still worked. Even did a school project on it.
What still worked for you?
@@codefeenix "I wanna know too... for a friend"
@@codefeenixnot OP but probably close in age. I was too late for Blue Box but was able to cobble together a beige box (lineman’s handset) and mess around.
@@codefeenix It was a long time ago. Like @EricGranata I remember the Beige Box with the extra row of keys.
Although not as exciting, my most practical use was tapping the hook switch on a school phone to simulate the old rotary clicks. It enabled me to make outgoing calls from a phone they didn't think it was possible to dial from.
@@notme222 I can't believe this is the first comment, other than mine, where someone mentions Phreaking.
21:46 this is actually how they caught a hitman in Finland back in 2020.
Fun fact: the dial up system was created by a dude that was upset because the phone operator that took care of his phone was the wife of a rival bussiness owner and she kept redirecting his calls to her husband's company.
Dude got so mad he made her job obsolete
I saw this yesterday on 9GAG
what the name of the dude or the story?
Damn bro I watch YT shorts too!
@@iresineherb7 Almon B. Strowger
There were many patents and inventions for automatic telephone exchanges in the 1880's when this took place.
Almon was a funeral director in Kansas City, Mossuri when he noticed that his business was taking a dip in customers after his competitor's wife took up a job as a telephone exchange operator. At this time his funeral service was only one of two in the entire city so having your business more than halved is noticeable. She essentially used her position to route calls meant to go to him to her husband's business instead. This caused him to invent one of the first automatic exchanges in the nation, installing it first in La Porte, Indiana. He is widely credited with the two tone system that Veritassium mentions but I am doubtful that its as black and white as its laid out to be.
Generally inventions like this are rather grey with multiple people creating different versions at the same time and patenting them, the telephone is another example with multiple people patenting their version of the "Voiced Telegraph".
Gonna need something easily verifiable before I trust this story.
"Nothing to hide, nothing to fear" is only valid when you expect the one going through your data and your life to be someone you trust and whose values you share. Which will probably almost never be the case.
The other side of the argument however is far worse, the absolute privacy has always yielded the worst types of illegal content and actions. The problem is the system that we exists under and values that many people hold as a result of the media that is being feed to them.
How do you have same pfp as my other acc
@@Fielith This pic is one of the default options google let’s you choose from without uploading your own
"Nothing to hide nothing to fear" is mostly used by naive people living comfortably in first-world countries. In my country you can gain the ire of the police with a simple Facebook post. Yes that's how petty they are and many people have been arrested; from teachers to teenagers criticizing the government.
Why wear clothes at all if we got nothing to hide? Why not have all walls made of glass, stream all your microphones and cameras live 24/7/365 without the ability to turn it off?
We keep just trusting that digital systems are secure, often when they don't even have a single security layer. But when someone breaches that security, the companies running it tell us to manage our end user security better! Hold companies accountable! They can fix this and they should!
This is something that was known for more than two decades. Only some European telcos made some upgrades.
@@xantiom Yeah it's a well known vulnerability in these situations. Networks do decent amount of blocking of bad actors, but if someone really wanted to route your calls, listen in, intercept your SMS, locate you, they can. It's pretty crappy.
It's why OTT/VoIP are significantly better alternatives.
It's why Apple should have been genuine implementing RCS instead of using the Universal Profile which is not encrypted. Furthermore, Apple should just work with Google to expand iMessage.
It sucks. Cellular networks are very old technology, often very outdated.
@@xantiomYea even heard of this some time ago on JRE.
ive never trusted it but im not given any choice in how things are done either
I mean if you watched the video you'll find it was the analog system that was the least secure. Playing a specific tone into your phone could connect you to whoever for free.
SS7 was initially very secure, but got less secure over time as greed and laziness came into it. And now 4G and 5G are digital systems that don't have this vulnerability at all, it just requires larger adoption.
There is a constant battle between security and people looking to break that security. You can't just make a generalized statement that "digital = bad".
@veritasium I give up there is literally no bad video of yours... How could you be so amazingly accurate and continues!
Linus: "I can't believe that YOU of all people were able to do this!"
Veritasium: "I know right? It's scary that literally ANYONE is able to do this"
Also Veritasium: "So anyway, the first thing I did was hire a security expert at the top of his field"
A security expert that has a running subscription costing a few $K's / month to use a rogue SS7 node.
The security expert is literally anyone not too dumb, and who can afford to spend half a year studying this without working a job and 5 to 10k to spend on access and devices.
Why do the leg work when you need to spend a few $$ for the intercept anyway. Unless the hack is zero cost, there is no reason not to subcontract running the scripts.
It is fortunate that this isn't extremely easy to do, but several thousand dollars per month is not ridiculously expensive. There are very many people who can afford that.
@@abnorc8798yep that's well within the range of what criminal hackers can afford.
Linus wasn't hacked. He didn't go running through the house in his underwear
You mean birthday suit...lol
No underwear lol
@@chadbizeau5997what
He didn't use underwear last time
@@user-lz2oh9zz4y It was a strawberry instead.
Ooooh! I do remember Karsten Nohl from the Chaos Computer Congress where he decrypted a cellphone call live on stage. In a later talk he said, the security in SS7 is "you don't know my address (GT), so you cannot hack me" - except the hackers DO know the addresses, so they DO hack you.
Great video! My father helped Woz with the schematics for the blue box…. What a bunch of phreaks! I gotta check to see if he still has anything left over from working on it.
Yo that's so cool
Nothing is perfect every things have flaws but these sort of flaws chills me to the bone.
We need to force banks to stop using SMS for two-factor authentication.
Good luck with that; banks love it because it's automated technology that costs them nothing..
Is there any alternative?
@@HarishBabuMYes - P.O. Box mail. Old-fashioned, but waaaay more trusted
@@HarishBabuMAuthenticator apps
@@HarishBabuM bitcoin
It's really cool how you show clips from Mr.Robot. Shows just how faithful and realistic the series is. You can even find a breakdown of the exact attack the clips are from.
I treated my ex like a queen. I gave her everything she wanted, and more, but it wasn’t enough. Finding out that she was cheating on me was utterly devastating. The hardest part to accept is that she was in her 50’s, and sleeping with guys in their 30’s. Not because they were younger guys, but because I figured a 50 year old woman wasn’t capable of this. 6 years down the drain, but a valuable lesson learned. Dale valskov is very calming and his insight is invaluable.
😂😂 i love how his wife was like oh major hacking sceme
Sorry im busy bye
The world will be crumbling into utter destruction and the babes will be fixing their faces.
Linus getting hacked is a routine thing for her, so no reaction
@@joelfarm8497 "I refuse to die without makeup!" XD
The amount of fake numbers that call me everyday, tells me everything I need to know about phone security.
Also the number of people who call me "back" because a scammer spoofed my number.
@@ZoosheeStudio I hope not because that has zero to do with it 🤣🤣🤣🤣
@@afjerhad this happen, very uncomfortable feeling first time some called me cussing me out
the funniest call I got said that I'm apparently an owner of a metric ton of a swiss Gold. All I need to do to get it is pay for shipping....
It has been possible to completely block all spam using SS7 and VoIP for many decades since it is just some additional software. BUT Telco don't want to spend the small amount of money it would cost and the Telco and governments simply do not care how annoying it is to users.
Your videos and the questions you ask are pretty much always excellent. This one is particularly special to me as it relates to most people's daily lives and because I do have a thing about electronic communications since the late 70s, thank you for reminding me how the POTS analog signaling worked and explaining how I could have called the Pope for free.
I may be wrong, but I don't foresee SS7 will be phased out in 20 years time. It's been around for over 40 years now and it works reasonably well, its flaws and issues are seemingly not significantly affecting telcos operation or customer's communication reliability and privacy. I do foresee that it will get better protected, a parallel of this inertial process would be the IPV4 protocol.
And at this point I've no idea why I still haven't subscribed to one of the more important and valuable channels in RUclips, I'm taking care of that right away.
Thank you for everything, Derek!
I highly recommend proton mail for high level encrypted services, from email, VPN to a crypto wallet they have in beta. And all from a non-profit started by CERN researchers as a hobby project with everything physically based in Switzerland, free for the base package too. If the Swiss hid naz! gold for their banks for so long I think their privacy laws will provide decent cover for encrypted and non-logged email and other services like drive and docs.
Please tell me you changed all his contacts to 'Mom'
LMFAO
This is an insane prank 😂
Brb about to go back up my contacts
It's not that kind of hacking but still funny
that's... not how that wo- well i guess if you knew his mom's phone number you cou- idk if it can spoof though....
In the USA, There is a huge push in the Telecom industry (at least the smaller telcos) to start moving all services from SS7 to SIP based trunks. This includes 911 services.
The biggest reason for doing so is because SS7 runs over TDM based connections (T1, SONET/SDH) the equipment that drives these are built by companies that were big in the 80's, 90's and early 2000's but no longer exist. There is no support for this equipment anymore and even modern solutions are dwindling too. (This includes Cisco, their solutions are coming to the end of the line)
For those newer to the workforce, a lot of these telco systems in production managed remotely is older than them by a long shot. Thats myself included.
I imagine there's still fossils that runs on diskettes... just like the military still have stuff that runs on XP... or even 98...
@@PrograErrordos
like cobol being used by banks, and you can easily put a script there to rob money, the only thing that stop the majority of hackers is basically a surveillance system that looks for cobol logs that are "strange" XD
@@PrograError First version of DOS timeframe for the D4 Channel Banks. Hand soldered chips :)
There are DACS that require a VT terminal (or a serial terminal from your laptop) some of the later DACS do have Telnet over 10 half duplex on IPv4. There is also a DACS I know that the modem card was basically rusted on so the only way to get into it is via a Dial-up modem.
One of the systems I manage includes software that was designed for DOS. On floppy's. Last version of Windows that the software works on is Windows XP.
When I hear the word trunk I think of something like P25 trunking
Pretty funny how the day you released this, australia started running ads that theyre shutting down the 3G network
2g will probably stay though
This has been in the works for a while, the ads have been running for months (maybe longer)
One of the carriers in New Zealand is also shutting down the 3g network in 2025 it is somewhat annoying as a lot of phones are not enabled for 4g calling.
@@jsergiuiulian 2G is almost entirely gone already. T-Mobile is the last major carrier in the US to support it at all, and this month marked the end of them keeping it going. Some service may remain but it is being left to die on the vine.
It's mostly defunct here in The States, as far as I'm aware. My 2016 Subaru keeps trying to phone home via 3G and drains its battery if left at the airport without disconnecting said battery.
30:07 Saying "I dont care about privacy because I don't have anything to hide", is same as saying "I dont care about free-speech because I have nothing to say” ☠️
it is completely different. having nothing to hide is seen as something good, whereas having nothing to say is seen as something bad. even though the statement "I'm not worried because I have nothing to hide" is stupid, so is your analogy imo.
@@jaculaa01everyone has something to hide. It's such an idealised thing to say. Every human wants to have at least some sense of privacy.
That analogy is awful. Also there is no such thing as free speech. You cannot say absolutely anything without consequences, the USA even has laws against this.
I believe that's a quote by Edward Snowden. My guess is he wants to say that even if you personally don't need that level of privacy, there are other people out there who do. So this universal right must be protected for them.
@@thedeathcake I know it, but who asked? that wasn't the point of my comment, but sure buddy.
I treated my ex like a queen. I gave her everything she wanted, and more, but it wasn’t enough. Finding out that she was cheating on me was utterly devastating. The hardest part to accept is that she was in her 50’s, and sleeping with guys in their 30’s. Not because they were younger guys, but because I figured a 50 year old woman wasn’t capable of this. 6 years down the drain, but a valuable lesson learned. Dale valskov is very calming and your insight is invaluable.
On the 19:43 mark you leave the totp code with a timestamp on screen. Linus should reset his MFA to prevent someone from brute forcing his totp hash as the number of possibilities have been drastically reduced.
Ok, Jobs and Woz prank calling the Vatican is actually funny :D
Is not a real story, is exaggerated to make them look cool.
@@SebastianHackeadothere were lots of cool stories from that era, especially with Capt. Crunch.
I don't know if Woz calling the Vatican was exaggerated, but it really it isn't implausible. We are talking about a time where phreakers were social engineering military bases pretending to be generals just to troll their secretaries.
@@xantiom Calling the Vatican is certainly true, them waking up people to talk with the pope is a lie, Jobs is telling the truth with his body language. He was always good at inflating and overvaluing stuff. But he is not a good liar.
the story is the physical manifestation of code injection
@@xantiomit's not even remotely outlandish. Cyber security was non existent back then
Linus getting hacked, what's new?
xd
Him not getting locked out of the channel lmao
Well, he is the biggest fish in the sea
LMAO
Well at least he wasn't naked this time... so we have that going for us...
The hacksmith calling Linus Tech Tips and having Veritasium pick up the phone is the weirdest crossover of the year
Things like this is why SS7 is on the way out. Being replaced with diameter and sigtran. Though diameter is vulnerable to a lot of the same things as SS7, it actually has encryption at least. Really interesting video.
Great video! This was my whole world when I was in the military and for a contractor when I got out. The reason why it doesn’t always work is because of network registration. Your victim’s phone needs to be far enough away on a neighbor node for the routing to your phone to work. I miss that life.
I really hate the idea that if you have nothing to hide you have nothing to worry about from a privacy standpoint alone, let alone when it comes to bad actors at all.
Yup.
The worst part is that technically mass surveilance would bring a huge boost in general security and could prevent a lot of bad actors from.. well, bad acting - if there wouldn't be the issue that abusing it is easy as well.
Oh please, the only reason you're whining about privacy is because you consider it to be a right.
Generally, i believe its ppl who have malicious intentions and ppl who can’t think or are lazy in imagining evil who subscribe to the this idea.
Getting ads about something you have recently talked about was considered a conspiracy theory not to long ago ...
@@DavidKen878Just because many people are nosy & love being entertained by other people's activities doesn't make it a right for them either.
As always, awesome video. What I don't quite like is that it kind of suggests that Jobs and Wozniak created the blue box.
They got interested in it after the 1971 October issue of the Esquire magazine featured it and the phone phreak culture. That's when Woz told Jobs he knew a guy who knew more about it and soon they sat down for a talk somewhere. That guy later became known widely as Captain Crunch.
At least that's how I know the story, I hope I'm not completely wrong.
As a person who works in telecom and specifically roaming - i am thankful for you sharing this and in the same time, you sharing this has increased our volume for this specific exploit almost twice
Yikes
As you work in the field, would disabling roaming with my carrier mitigate that specific attack?
@@Dornacgove not quite, the issue comes from the GT that you are being assigned temporary, in my case (roaming) in other cases, there is a different route from network cell to network cell that can be exploited for same country. But even if you do disable roaming, i don't think believe (based on what this disable is ) it will change much as you need to have set rules and assignments to carry a call.
@@tupcho33 with all due respect, the explanation is a nonsense. There are tons of them in this video comments, though. It is advisable to read a bit about how the addressing works in legacy networks, and what a "GT" is. To have a better picture, an analogy could be the GT is like a public ip of a server. Now imagine how easily you can hack the server by knowing its true ip. This video contains tons of oversimpifications and nothing on SIM authentication. To trick a network that its user is roaming you need first to hack the network itself, get data that it is stored in encrypted format, decrypt it, then get data that is stored on the SIM and corelate the two.
@@iulian.danila I don't want to get in any arguments especially in youtube comments. My recommendation is to read about MTFSM in ORACLE. There is no need to hack the network
I think it would be funny if he uploads a random science video on Linus' channel, and nobody will know why unless they watch this video 🤣
I worked in 2nd/3rd line support for a large, well known, MVNO in the UK in the early 2000's. We had access to the parent networks HLR for Mobile Number Porting (Prior to MNP2 in the UK) and could make these changes in IMSI association at will. I even remember my SS7 training. I knew people at the parent networks NOC, and what they earned at the time. I can understand why so many Voicemail PIN's got reset back in the day (See UK Phone Hacking in early 2000's). Interesting point, the company that wrote our HLR interface was based in Israel.
The animation at 4:57 made me so happy!
It would have been a great demonstration and proof of concept for Derek to actually upload this video on LTT's channel while he was in there...
The LTT channel wasn't hacked.
They are using much greater security methods now which most likely aren't reliant on SMS or anything related to it. They are probably using physical encryption keys and authentication apps.
But even those are not entirely secure because of browser session attacks like the one that caused their last hack lol
He was not in there, he told Linus the code, who typed it in.
Sometimes i feel so privileged to live in time where such high quality storytelling art is free to access
You paid with your personal data that being collect by Google to distribute their ads.
@@oldwiseowl4506 well foey with your truths old wise owl, i love you. Story telling art + bad ass comments of truth like this above, priceless.@theencore398
@@oldwiseowl4506 my humble privacy minding self is on revanced brother, I ain't even giving them crash and bug report analytics, forget about ads. personalised advertisement have been turned off down to the every last goodgle setting I could get my hands on and then some more. So yeah, goodluck serving me ads and digging my data.
veritasium is awesome. the best science channel on the whole platform, period.
the sad thing is, sometimes he makes very informative and interesting videos about different science subjects, but because the video isn't click baity, or because it doesn't immediately please the audience, it gets very low views which generates less revenue. what concerns me is that he'll stop making those videos because of their lower revenue.. derek please don't do that . science is priceless, sometimes we'll have to make sacrifices to enjoy and spread it.
@@aaaaaa-hh8cq What are you talking about, this video has over 3 million views...
Since I was a kid, I was convinced button tones were unique and this just confirms it. Wow 30+ years later
Same!!!
Well, that's how IVR still works today using DTMF tones.
My cousin used to swear he could tell who people were dialing just by listening to the tones. I wasn't sure about it as a kid, but it does sound very realistic now.
@@BlueSparxLPs yep I knew someone who could tell exactly what key I would press. I would test her, and she would not miss. I thought I could trick her with 4 vs. 7, or 1 vs. 9. Nope.
30:12 sounds like if your abuser has enough money to purchase the services of such hackers, you should be concerned.
You don't think just having an abuser is reason to be concerned?
@@johnba291972 obviously it is, I was assuming someone who has already left their abuser, and is trying to avoid being found
There's hundreds of ways you can find someone if you want to. Only way to not be found is to go off grid completely
If a abuser has $30 and ur name they can find you with a legal service, so no need for the SS7 thing. Be concerned, and if in the US, exercise ur 2nd amendment rights. One of the only justifications for that right to exist is a case like DV or abuse.
When I was working for AT&T we called the older technique for connecting calls "In-Band" signaling, and when the SS7 network was added that was to do "Out-of-Band" signaling. There was even a commonly available publication that was for sale in most larger magazine stores called "2600" where these folks would share common techniques to hack the phone network.
Also, If I remember correctly, the rotary dial phones delivered one more pulse than the number dialed. i.e. the number one created 2 pulses, the number two created 3 pulses, etc.
2600 is still published. They’ve got a radio show and podcast too. Good times.
@@EricGranata Cool! I had no idea. Then again I've been out of telephony since 1998.
It was number = pulses, not 1 extra pulse.
People would sometimes have little padlocks on the rotary phones, to prevent people using them. I was able to complete calls simply by using the hook switch very fast to introduce the pulses. To dial a 7 you would simply tap the hook switch 7 times really fast.
The pulses are the same as the number (0 being 10). You could actually dial a phone by using the hang-up button on a phone to tape the numbers really fast, pause, go to the next number.
2600 OG memberd have a very active facebook group