The job of a given company’s IT department is to defend the entire perimeter, whereas the hacker needs to find just one chink in that armor. Saket Modi, co-founder and CEO of India’s most prominent cybersecurity firm Lucideus Tech, proved just how easy a hacker’s job is at the Forbes 30 under 30 Asia summit in Boston this month.
During his presentation, Modi was able to infiltrate an audience member’s phone in under 30 seconds and displayed the device’s private contents to the audience. The nature of the demonstration was alarming given the recent spate of cyberattacks on large corporations that have massive caches of information, containing both personal and corporate secrets.
The most unnerving part of Modi’s presentation was that no hacking was required. The cybersecurity executive merely took advantage of preexisting security permissions granted by the audience member to apps and websites like Facebook and Gmail. Piggybacking these permissions, Modi ran a script that in 25 seconds gave him access to all the content on the smartphone.
Everything from phone calls and text messages to photos and videos, even current location and GPS history, were available for the expert to display to the audience. Modi’s presentation demonstrates that even security measures involving mobile verification, such as the ones taken after Yahoo’s major recent hack, are not sufficient since the text message would be privy to somebody who had run the script.
Don’t believe it? Watch Modi’s live demo, filmed by an audience member, for yourself below.
This article was featured in the InsideHook newsletter. Sign up now.
