Some of the most elite phone hackers in the world are in an industry many ppl have never heard called, reverse logistics. Similarly, top phone repair techs, can exploit hardware & software vuln., effortlessly. Recruited from around the world by Big Tech silenced by NDAs #infosec
Most phone exploits that float around #infosec and the media are 5-7 years behind what these hackers already have. They are holed up behind special access card rooms in Big Tech and Small Tech R&D facilities, separated from all other engineers.
Almost in all cases around the world I have seen and been, the hackers are on 24/7 video and audio recording surveillance. I was one of them.
I can tell you that most of these hackers do not have a college degree and are making more money than you can understand, but speaking about what they specifically do…will get you banned from this elite circle of reverse logistics providers.
You can laugh about an iOS web based RCE that you say is not an RCE…but I sold this tech for $500,000 in 2020…and it is circulating around the world. Small minds stay small…these exploits I’m showing you need to be taken seriously. Also, these hackers never have to root AOS
If you think the jailbreak community is tough to break into…you better bring a tank to hang with these hackers, for 1 hacker an apprenticeship took 3 years just to get an access card to temporarily be in the R&D room.
This everyone is the secret world of phone hackers, that no one has ever talked about or written about before. The hardware hacking tech will blow your mind, and their mission is ALWAYS automate…1 phone hacking PoC is not acceptable, you must show a full series range & OS ver
There is no “sharing” knowledge in this industry, ever, that will get you permanently banned…
There is a conference every year called Mobile World Congress lead by @CTIA held in the USA, Europe, and Asia where you can buy Spyware tools under the cover of “phone repair” tech, the biggest corporations from around the world are present imagine mobile DEFCON for executives.
Now here’s the proof…In this industry bypassing Authentication is the GOAL, lots of R&D money is spent to do this. @PhoneCheckcom is one company like many others that Advertise bypassing security as a “feature,” they lease out exploits around the world support.phonecheck.com
Here’s the other part…these exploits are not only being rented out, big tech teaches their employees, trains them how to use it, and 85% of the time (based on my traveling around the world, and consulting, to see what may be going on with the systems), the source is exposed.
The software is installed on all “client” machines this could be a range of 1-2000+ in a single location, that can easily be accessed. It comes in the form of an exe, dmg, or iso. The ISO is the most secure, of all I have tested, but regardless exploits are being used in the wild
@FutureDial is another example of a company leasing exploits...although this document is from 2014, it explains how to enable USB Debugging from the dialer screen...The issue? You will never know that USB debugging is enabled on the phone with this method.
support.futuredial.com
support.futuredial.com
White Paper: Analysis of AT Commands Within
the Android Ecosystem (2018), an expert says the following…Some protocols such as DIAG offer full system control as a “feature.” In the above image DM, Stands for Diagnostic Mode…usenix.org see bottom of the image
the Android Ecosystem (2018), an expert says the following…Some protocols such as DIAG offer full system control as a “feature.” In the above image DM, Stands for Diagnostic Mode…usenix.org see bottom of the image
The white paper references above was written in 2018, the document from @FutureDial was published 2014, so this closely aligns with my professional experience that #infosec is ~5-7 years behind.
I released a Zero-Day that is being used in the wild right now, I created this at the request of @Verizon , I sold this and other 0-day tech for $1.5M, this is the reality of this industry, and the danger in the technology that is being sold as "features"
github.com
github.com
Data Clearing on another level: INSTANT clear, bypassing all locks mdm's, & accounts. Data needs to be compliant with what @gdprAI will agree with right? But here is the deal, how you get to that "data clearing solution" is by exec 0-day vulnerabilities
futuredial.com
futuredial.com
I spoke about one of those special access rooms monitored 24/7....Just myself and 1 other person were allowed in here. I made it as comfortable and nice as possible since leaving and socializing was not allowed. Notice the IMSI catcher
13 seconds in, A/V camera, top right...this is 100% true in all scenarios for this type of work.
If you thought...wow there's a passcode lock on my iPhone and no one can extract data...think again...welcome to checkerboard mode...When I initially exploited this checkra1n, or any other similar jailbreaks didn't exist, checkerboard was a goldmine!!!
When I was creating these solutions, it was so embedded into my brain that this was all OK, I was brainwashed into thinking that everything that I was doing, & everything that I was creating was a "feature," There were moments of clarity, but at the time the damage was done.
I wrote this document called BriX that defined all the specifics that I would be selling for $1.5M USD...I even wrote...This is not malware, this is not spyware, this is not ransomeware....normally, NO ONE HAS TO WRITE THAT IN ANY DOCUMENT...I realize now I was trying to justify
International meetings about creating hardware to access wearables, exploiting variable resistances, and creating PoC's on the fly was regular...
Loading suggestions...