Sophos Cloud Optix
We’re about halfway through season 2 of Mr. Robot now. Depending on how much you’ve been enjoying things so far, you’re either thinking “Already halfway?” or “Only halfway?”
I’m firmly in the “Already” camp, and based on how things have progressed so far I’m intensely curious about how certain plot lines are going to turn out. (Though I’m sure Sam Esmail and team have it all planned out in agonizing detail.)
But not unlike downloading internet content on a mid-90s modem, we’re going to have to wait patiently for things to resolve so we can see the big picture.
In the meantime, let’s talk about this week’s episode and its security concepts.
WARNING: SPOILERS AHEAD – SCROLL DOWN TO READ ON
A hacker cat-and-mouse game
In tonight’s episode we got to see how fsociety’s Mobley and Trenton met for the first time – in a coffee house, playing a cat-and-mouse game, though the mouse might not have realized he was one.
Trenton used a bit of social engineering on Mobley – he didn’t suspect she might also be a fellow blackhat – to innocuously ask what kind of phone Mobley used, and he was only too happy to divulge. Trenton even got Mobley to visit a specific website, one that she presumably owned and could monitor all incoming traffic.
Target’s operating system: Check.
Target’s IP address: Check.
That’s pretty much all the information she needed.
All while they were chatting, we see Trenton’s laptop running in promiscuous mode, sniffing the local cafe’s Wi-Fi traffic with a listener script.
With Mobley visiting the website she owns from his phone, she’s able to quickly obtain his IP address and filter the traffic accordingly. And given that Mobley already told Trenton that he’s a big Android fan, Trenton relied on her knowledge of active Android vulnerabilities and makes an educated guess that his phone was, at the time, vulnerable to the Stagefright vulnerability.
It seems she was right, as she was pretty close to her end goal, rooting Mobley’s phone, when Darlene conveniently interrupted the attack in progress. Lucky for Mobley, his phone was safe for the moment. But hopefully this experience helped him realize that he fell for social engineering tactics a little too easily.
“We’re burnt.”
We don’t see it for more than a few seconds, but the messaging app Mobley and Trenton use to quickly relay updates is Wickr, a secure messaging app that takes user privacy quite seriously. The app uses end-to-end encryption and has a number of features for even the most paranoid of users, including self-destructing messages, which we saw both Mobley and Trenton use.
Wickr has a stronger track record than many apps of guarding user privacy and disclosing any kinds of federal requests for information access. So Wickr is a smart choice, but it’s not 100% without risk. (Is there anything that is?)
Still, it’s certainly much more private than plain old text messaging, at least.
The walls had ears
A key plot point in this episode was fsociety eavesdropping on a confidential FBI conference call. (Presumably they were able to grab the conference call dial-in information from their earlier Femtocell/in-office hack.) While listening in to a conference call itself isn’t a high tech hack, it can have major security implications.
After all, most conference calling systems are open and easy to access by necessity, so they can be a weak link. All you usually need to gain access is a phone number and call PIN. And most of the time, there’s no way for the legitimate call attendees to know that someone is listening in on a muted line.
If this sounds a bit too easy or far-fetched, sadly it’s not. In fact, just a few years ago it actually happened to the FBI and Scotland Yard. Hackers obtained the call dial-in information, listened in on a call between the two agencies, and recorded the entire call.
Minor notes
- It was amusing to see fsociety, which is so on-the-ball with its technical prowess, so utterly fail at basic physical security when Susan Jacobs waltzes back in to her fsociety-occupied home, right in the middle of the group’s shadowy operations. It seems they were so caught up with what they were doing that they forgot to monitor where she was. (I realize it was crucial for the plot but it still struck me as a bit funny somehow.)
- “Or, what about this?” Trenton walking out of Susan’s office with Susan’s post-it note of her username and password was a brilliant counterpoint to the rest of fsociety trying to come up with technical solutions to obtaining her credentials. The easiest path was the correct one in this case. Sadly, Trenton knew that most people don’t follow good password hygiene and often keep credentials in plain sight, i.e. on the ubiquitous under-the-keyboard post-it note.
While we didn’t see Elliot this week, fsociety certainly kept us on our toes (and/or tied up near a swimming pool).
Did you see this week’s episode? What did you think?
Image courtesy of USA Network.
I unsubscribed from the Naked Security feed because of these silly TV show reviews. I have nothing against the show, it’s pretty good. I’m against taking it seriously in an infosec context. I subscribe to these infosec feeds to work reasons. This seems silly to me.
All work and no play makes Jack a dull boy
Security tip of the day: if someone is holding a gun to your head and forcing you to read stuff you don’t want to read, report it to the appropriate authorities.
Can’t you just skip the Mr. Robot reviews if you don’t like them? The news feed doesn’t click the links for you 🙂
We’re doing these reviews because [a] all work and no play makes Jack a dull boy and [b] we’ve been asked by many people, “Compared to stuff like CSI and other cop shows, how realistic are the IT scenes in this show?”
I don’t think that’s silly at all. (And it’s not terribly polite to the author to say the article’s silly twice, either.)
We sometimes write satirical articles, and one April Fool’s Day I did a series of poems in the style of Robert Service, the great Canadian versifier. Probably a good job you’ve unsubscribed because if you came across one of these you might have a heap overflow:
https://nakedsecurity.sophos.com/2014/04/01/bitcoin-snapchat-and-xp-as-youve-never-heard-them-before-special-coverage-for-april-the-first/
Yes, you do write (very well!) material like that, and most of us enjoy it and appreciate it.
Our television is a relic – it has a CRT, and needs a converter box for broadcast TV. That’s okay, we don’t watch broadcast TV. Nor do we watch anything on cable, as we don’t subscribe to cable service. No other broadband media services either. We only use it to watch stuff like old John Wayne movies, JAckie Chan action flicks, and old network TV shows like The Rockford Files and Bob Newhart on DVD. So I have never seen Mr. Robot and likely never will. But I find Maria’s writeups on the show to be interesting to me anyway, so I do read them, and I hope she will keep writing them regardless of party-poopers like the guy who thinks they are silly.
“A person needs a little madness, or else they never dare cut the rope and be free.” – Nikos Kazantzakis
Great Analysis ,thanks
Chris Hager , stop hating and stop spreading your level of hate , if you don’t like something on a communal website, you rather keep it to yourself, let others enjoy the reading.
Thank you for your very cool review of mr. Robot. I really enjoy these as I enjoy the show. And reading the insights into how the show operates and how security operates on the show I find fascinating and fun!
Excellent review of one of the best shows since breaking bad.
“It was amusing to see fsociety, which is so on-the-ball with its technical prowess, so utterly fail at basic physical security when Susan Jacobs waltzes back in to her fsociety-occupied home, right in the middle of the group’s shadowy operations.”
Yes, but remember that Darlene wanted her to return so that she could exact revenge for her role in the death of her father. Darlene even tells Susan that she wanted this to happen.
Ah, that’s a good point. I wouldn’t think they’d get quite so caught off-guard by her return, but it seems it was all Part of The Plan, as it were.
Interesting they used Wickr as opposed to Signal with all the Snowden references these days.
Could this be a sign of backdoor? Like – hey use this super cool messenger app. Even Mr Robot uses it, so it must be really secure. – And bam! NSA knows everything you send through it.