Cybersecurity Expert Only Needs Seconds to ‘Hack’ Audience Member’s Phone

October 29, 2016 5:00 am
Apple released am update of its current firmware for iOS devices after Egyptian journalist Ahmed Mansoor had been targeted on his phone with spyware made by an Israeli company that specializes in the intelligence gathering through personal, electronic devices. (Jaap Arriens/NurPhoto via Getty Images)
Apple released am update of its current firmware for iOS devices after Egyptian journalist Ahmed Mansoor had been targeted on his phone with spyware made by an Israeli company that specializes in the intelligence gathering through personal, electronic devices. (Jaap Arriens/NurPhoto via Getty Images)
Apple released am update of its current firmware for iOS devices after Egyptian journalist Ahmed Mansoor had been targeted on his phone with spyware made by an Israeli company that specializes in the intelligence gathering through personal, electronic devices. (Jaap Arriens/NurPhoto via Getty Images)
Apple released am update of its current firmware for iOS devices after Egyptian journalist Ahmed Mansoor had been targeted on his phone with spyware made by an Israeli company that specializes in the intelligence gathering through personal electronic devices. (Jaap Arriens/NurPhoto via Getty Images)

 

The job of a given company’s IT department is to defend the entire perimeter, whereas the hacker needs to find just one chink in that armor. Saket Modi, co-founder and CEO of India’s most prominent cybersecurity firm Lucideus Tech, proved just how easy a hacker’s job is at the Forbes 30 under 30 Asia summit in Boston this month.

During his presentation, Modi was able to infiltrate an audience member’s phone in under 30 seconds and displayed the device’s private contents to the audience. The nature of the demonstration was alarming given the recent spate of cyberattacks on large corporations that have massive caches of information, containing both personal and corporate secrets.

Saket Modi, Co Founder and CEO Of Lucideus Technolgy, speaking at Mint Cash to Digital Summit on November 6, 2015 in New Delhi, India. (Photo by Ramesh Pathania/Mint via Getty Images)
Saket Modi, Co Founder and CEO Of Lucideus Technolgy, speaking at Mint Cash to Digital Summit on November 6, 2015 in New Delhi, India. (Ramesh Pathania/Mint via Getty Images)
Hindustan Times via Getty Images

 

The most unnerving part of Modi’s presentation was that no hacking was required. The cybersecurity executive merely took advantage of preexisting security permissions granted by the audience member to apps and websites like Facebook and Gmail. Piggybacking these permissions, Modi ran a script that in 25 seconds gave him access to all the content on the smartphone.

Everything from phone calls and text messages to photos and videos, even current location and GPS history, were available for the expert to display to the audience. Modi’s presentation demonstrates that even security measures involving mobile verification, such as the ones taken after Yahoo’s major recent hack, are not sufficient since the text message would be privy to somebody who had run the script.

Don’t believe it? Watch Modi’s live demo, filmed by an audience member, for yourself below.

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.