BY ABIGAIL TRACY
The following contains spoilers of the sixth episode of the first season of USA Network’s Mr. Robot, which airs at 10pm EST on Wednesdays.
Mr. Robot continues to impress. Now six episodes into its debut season, both critics and viewers have continued to praise the USA Network rookie hacker drama for its accurate portrayal of cyber crime and security. Wednesday night’s episode, “Brave Traveler” (eps.1.5_br4ve-trave1er.asf) was no different. In fact, it was arguably the greatest representation of the painstaking efforts the show’s director, Sam Esmail, and his legion of cyber crime consultants go through to create an authentic hacker television series. I spoke with Mr. Robot’s technical consultant and cyber crime security expert, Michael Bazzell to explain the many hacks we see on screen in “Brave Traveler.”
USB Drives And Script Kiddies
The sixth episode of Mr. Robot’s first season focuses on Elliot’s attempt to hack Vera out of jail in order to save Shayla. A scene early on in the episode shows Darlene dropping USB flash dives in the prison’s parking lot, with the hopes of someone picking one up and plugging it into a prison computer so Elliot can gain access to the prison’s network.
“This is a common tactic in both penetration testing and real-world attacks,” said Bazzell. “These small portable drives are capable of holding several gigabytes of data. A fraction of that is all that is needed to infect a computer.”
He added that this works because when people see a discarded USB drive, they apply value to it and in many cases—either in an attempt to find the drive’s owner or for their own personal use—will plug it into a computer. The prison guard does exactly this.
“Another huge concern is the possibility that these drives are not actual storage devices but are small devices that appear to be standard flash drives instead possess a chip inside that acts as a USB keyboard,” said Bazzell.
Commonly referred to as a “rubber ducky,” this type of device can bypass security protocols because a computer will register it as a USB keyboard when it is plugged in. Once connected, the device reads from a pre-programmed script. This script contains commands that could include instructions to do a variety of nefarious things such as copy passwords, save documents, upload files or delete data.
“Plugging these unknown devices into any computer is foolish,” said Bazzell. “If a proper exploit is installed, it could compromise the computer that is connected which could make the entire network open to hacking attempts.”
In Mr. Robot, however, the prison’s antivirus software detects and stops the attack. The exploit fails because Darlene didn’t have enough time to create an exploit from scratch and instead downloaded a known attack. This is why Elliot calls Darlene a “Script Kiddie,” which is a reference to people who don’t know how to write exploits and just download them.
Bazzell stressed that this scene illustrates two major lessons. The first is that all systems should be updated regularly so they can detect known attacks like the one Darlene used. The second is that no one should even plug an unknown USB drive into a computer.
Wi-Fi Sniffing And Bluetooth Keyboards
Later in the episode, Elliot uses his smartphone to identify the wireless network security used at the prison and discovers that WPA2 encryption is enabled, which means that the network is incredibly secure. According to Bazzell, while a system with WPA2 encryption enabled is not completely hack-proof, it would take months to break into that type of system—if at all possible.
But while facing defeat, Elliot spots a new Bluetooth connection in the network when a patrol car drives up that is using a Bluetooth connected keyboard. Every Bluetooth device has a MAC address, which is a unique hardware identification number.
Elliot uses a variety of Linux application to learn the MAC address of the Bluetooth keyboard and he “spoofs” this ID to his own Bluetooth keyboard dongle. This allows him to transmit from his Bluetooth device to the laptop in the squad car and the laptop believes that the keystrokes are coming from the authorized keyboard that it had previously been paired with.
“The greater vulnerability in this scene is the patrol laptop,” said Bazzell. “In this scene, the laptop in the vehicle is not a stand-alone device used only for word processing. It is networked via static, always on, cellular data connection. This is almost always the case.”
This means that by gaining access to the laptop in the car with his Bluetooth keyboard, Elliot also gains access to the prison’s network. Once in control of the computer, Elliot opens a command prompt, connects to his FTP server that contains the exploit, and downloads the exploit to the patrol laptop, which starts an attack against the network that laptop is connected to.
The exploit that Elliot launches through the patrol car’s laptop infects the entire prison network and allows him to control the electronic locks on all the prison cell doors.
“Modern jails and prisons rely on electronic locks controlled within a computer network. These control boards are often connected to the same switches that connect to standard computers,” said Bazzell.
Many government buildings, especially older structures, have a single network room where all the network wiring meets.
“This allows for many various attacks,” stressed Bazzell. “If the computer system is using the same switches and IP address assignment as the electronic locks, there is an opportunity for disaster.”