Mr. Robot eps2.2init1.asec.mkv – the security review

robot_s2ep4_elliotflashback

This episode starts with the origin stories of Mr. Robot and the big hack against Evil Corp, and it was a pretty psychological episode overall.

As is the hallmark of this series, it was hard to know when and where we were, and if what we were seeing was actually reality. I do my best to keep accurate notes while the show airs, but if I get a detail wrong – the show is confusing enough! – please let me know in the comments.

In the meantime, there were a few winks to security concepts here that are worth mentioning, if only to acknowledge them. As always, this post is spoiler-riffic, so proceed with caution.

WARNING: SPOILERS AHEAD – SCROLL DOWN TO READ ON

“I’m going to hack the FBI”

The last few seconds of this episode, Elliot says these foreboding words, and we see on his screen a news headline: “FBI gives up Blackberry for Android.”

The US Federal government indeed started to back away from using Blackberry over the past few years, so using Android as a theoretical attack vector against the FBI is at least plausible.

No doubt Elliot would use a vulnerability in Android to make his hack happen. Keep in mind that phone operating systems aren’t something corporations or individuals can update – they’re at the mercy of the carrier to roll out updates, and many carriers are notoriously slow to send patches out to their customers.

And yes, the Android ecosystem has had some significant vulnerabilities, so Elliot theoretically has a number of opportunities to find something he could exploit.

But it wouldn’t be surprising if the government has its own way of rolling out security updates to federal employees, circumventing the carriers completely. (I would imagine it’s a requirement!) So that could be a bit of a roadblock for our anti-hero.

Nonetheless, the title of this episode, eps2.2init1.asec, is probably a hint at how Elliot might go about with a hack: An .asec file is an encrypted Android package. A vulnerability that allows privilege escalation attacks via Android OSes that support .asec was disclosed in 2014, so perhaps we’ll see Elliot exploit a similar vulnerability in an upcoming episode.

Elliot and the red team

We knew back in season one that Elliot worked as an information security professional as his day job for some time. In this episode we heard him define his work in an interesting way – his job was to “keep hacking until it’s hacker-proof.”

This was a nice, succinct way to explain penetration testing, which might sound a bit naughty, but it’s a grouping of security practices where a “good guy” attacks an organization in the same ways a criminal might to uncover the organization’s defensive weak spots.

Colloquially, offensive security professionals (including penetration testers) are called the red team, whereas their counterparts that focus on the defensive side of security are the blue team. It’s not a surprise that Elliot used his hacking prowess for legitimate employment; in fact, I’m sure it made him very good at his job!

Attacker attribution is a tricky business

Mid-episode, Darlene tries to determine who’s responsible for recent attacks – one of the theories is that the Chinese hacker group DarkArmy might be responsible. But the idea is quickly shot down, as the attacks had no clear financial benefit for this money-motivated group.

True to life, trying to find out who’s behind a major cyberattack is never as straightforward as it seems – attacker attribution is notoriously difficult. Sometimes when the motivation is clear, like making a bundle of cash quickly, it can be a bit more straightforward, but attackers work hard to cover their tracks and even attempt to make another party look guilty.

Other references of note

  • At the beginning of the episode, Darlene mentions she hacked the proxy for Postmates in order to basically get free food for life. The Verge dives into this in some detail about how it would work if you’re curious [auto-play video warning].
  • It was quite nostalgic to see Elliot SSHing in to an IRC channel. IRC is a chat and file-sharing system that was especially popular in the 90s, but it hasn’t gone away by a long shot – it’s still quite popular with programmers, hackers, geeks and the like as a versatile and powerful alternative to mainstream social networks.

What did you think of this episode? Are you following along or are all the jumps getting a bit confusing? (Do you think “Operation Berenstain” is a reference to the Berenstein/Berenstain “parallel universe” theory?)


Image courtesy of USA Network.