The many (surprisingly realistic) hacks of 'Mr. Robot'

  USA Network

USA Network

BY VIOLET BLUE

Most infosec pros agree that few Hollywood films or TV shows have gotten hacking as "right" as USA's Mr. Robot. The show's creator, Sam Esmail, told Engadget, "The hacker side of it actually was a combination of my frustration with the way hacker culture and tech culture was represented in Hollywood. I thought it was a very inaccurate, forced and cartoonish way of representing that kind of a culture."

Getting hacks and hacking right on Mr. Robot means the tools and techniques pull from work done by security researchers in real life. In fact, it's not uncommon to see hackers tweet that they spotted a colleagues' research on episodes of the show. This is all in large part because it's a TV show about hacking that chooses accuracy over drama. Mr. Robot's technical consult, Michael Bazzell, told Forbes, "We don't need to fake it. ... We want that code to be accurate so that even the most sophisticated hacker or technical person out there will not roll their eyes at a scene."

So while we all wait patiently for Mr. Robot's season one finale, let's take a look back at Mr. Robot's notable hacks and the researchers who made them possible.

  USA Network

USA Network

Episode 1: "hellofriend.mov" (June 24th, 2015)

We meet a security engineer at cybersecurity firm Allsafe named Elliot Alderson (Rami Malek) -- an extremely talented hacker and pseudo-vigilante. He meets Mr. Robot (Christian Slater), the leader of hacktivist group fsociety, after Allsafe's biggest customer is DDoS'd and has a rootkit installed on its servers.

Notable hacks

Deanonymizing Tor traffic: There has been lots of research in this area, but from the way Elliot describes his pwning of the pedophile coffee shop chain owner, he’s probably employing the Sybil attack, a reputation-based attack on the Tor network.

Brute forcing passwords: Elliot uses a password-cracking tool for the first of many times on the show, which is not a novel technique. The one we see on the show doesn't exist, but is based on THC-Hydra -- a network-based brute-force utility by Van Hauser. A fan made elpscrk.py in tribute; it replicates the graphics we see on the show, but it doesn't actually work.

  USA Network

USA Network

Episode 2: "ones-and-zer0es.mpeg" (July 1st, 2015)

Elliot is torn by a job offer from Evil Corp, and tentatively joins fsociety, after Darlene (Carly Chaikin) pays Elliott a surprise visit at home.

Notable hacks 

Fake rapper from Dark Army uses a CD to own the webcam on Angela's (Portia Doubleday) home PC: That would be an autorun script, though this has been presented as a trade tool for penetration testers (pentesters). A great example of this kind of deployment would be Dan Kaminsky's work exposing the Sony Rootkit in 2005.

  USA Network

USA Network

Episode 3: "d3bug.mkv" (July 8th, 2015)

Elliot is pulled back into fsociety after trying to have a "normal life." Phishing is used in this episode, which is not a novel hack, but the curious can look up AOHell as one of the earliest instances of this type of attack.

Notable hacks 

An Android rootkit: Tyrell Wellick (Martin Wallström) uses an SD card with an application to gain root on Anwar's (Mitchell Winter) phone. It was called RooterFrame in the show, but the actual Android APK is Framaroot.

  USA Network

USA Network

Episode 4: "da3m0ns.mp4" (July 15th, 2015)

With fsociety, Elliott plans to destroy the backup tapes at Steel Mountain ("the most secure data facility in America"). We see another use of the “Sony rootkit” style attack of malware on a CD (first seen in episode 2) when Angela infects the Allsafe system.

Notable hacks 

Elliot is planning to use a Raspberry Pi to manipulate Steel Mountain’s climate control system. Using a Raspberry Pi in this manner is a fun idea -- so fun that you can make your own version of Elliot’s gateway-impersonating MiTM (man in the middle) attack with this fan’s tutorial.

  USA Network

USA Network

Episode 5: "3xpl0its.wmv" (July 22nd, 2015)

Elliott infiltrates Steel Mountain in person, and we see lots of penetration-testing tools and skills put into play, making this a physical security-focused episode. Even Elliot’s lockpicking is accurately executed.

Notable hacks

Proximity card cloning: In a cafe, Mr. Robot clones a Steel Mountain employee badge using a device in his backpack. This may have been something from Bishop Fox, whose Francis Brown presented research on badge cloning at Def Con 21 (“Live Free or RFID Hard,” 2013). Still, there are a number of devices that do this, and a Proxmark 3 would be Mr. Robot’s most likely tool choice here. 

Spoofed text messages: Steel Mountain employee Trudy (Lorrie Odom) is sent a scary text about her husband, freeing up Elliott to roam the building unmonitored. The SET (Social-Engineer Toolkit) by TrustedSec has an SMS module for spoofing text message sources.

Elliot connects a Raspberry Pi to Steel Mountain’s HVAC system: This is likely a nod to Target’s epic 2014 hack, in which the entry point was believed to be an exploit in the company’s network-connected heating and cooling systems. Early research on this form of increasingly common industrial control system (ICS) attack comes from Billy Rios and Terry McCorkle and their 2012 work on HVAC vulnerabilities.

  USA Network

USA Network

Episode 6: "br4ve-trave1er.asf" (July 29th, 2015)

In order to save Shayla (Frankie Shaw), Elliott hacks violent drug dealer Fernando Vera (Elliot Villar) out of jail. The foremost research on prison break hacking -- this exact kind of hack -- was presented in "SCADA and PLC Vulnerabilities in Correctional Facilities" (2011) by researchers Tiffany Rad, Teague Newman and John Strauchs.

Notable hacks

Darlene drops USB drives in the prison’s parking lot, a pentester technique for tricking passers-by into inserting a malicious USB stick into a networked device in order to inject a customized payload to compromise and gain access to whatever the attacker wants. This would be the USB Rubber Ducky, a keystroke-injection attack tool from Darren Kitchen (of Hak5).

Bluetooth spoofing via a patrol car keyboard: This isn’t a new attack vector, and the leading research on Bluetooth device access came from The Schmoo Group’s Bruce Potter.

  USA Network

USA Network

Episode 7: "v1ew-s0urce.flv" (August 5th, 2015)

In this episode, which was all about the feels and didn't have any notable hacks, Darlene and Mr. Robot conspire to bring fsociety back together; she hacks Cisco's computer and plans an IRL meeting with Whiterose (BD Wong), leader of the Dark Army.

  USA Network

USA Network

Episode 8: "wh1ter0se.m4v" (August 12th, 2015)

Elliot meets Whiterose, who says the Dark Army initially backed out because Evil Corp's hacked server is a honeypot. Elliot tries to get rid of the honeypot by creating an Allsafe service ticket to remove the server. But, the attack requires Gideon Goddard (Michel Gill) to send the ticket, and he uses two-factor authentication (a temporary, secondary code sent to his phone). Elliot has Darlene overload his phone with MMS files to drain the battery, forcing him to charge it -- which is when Elliot takes physical possession of the device to snag Goddard’s token log in and create the ticket.

  USA Network

USA Network

Episode 9: "m1rr0r1ng.qt" (August 19th, 2015)

To avoid a veritable data dump of spoilers, we'll just say that this episode isn't about hacks, but focuses on Elliott's past, and his current relationship with Mr. Robot, as well as dramatic plot twists for each of the characters.

  USA Network

USA Network

Episode 10: "zer0-daY.avi" (September 2nd, 2015)

We can't wait for this season finale -- and we're told to watch this one until after the credits, Marvel-style.

http://www.engadget.com/2015/08/29/the-many-surprisingly-realistic-hacks-of-mr-robot/