Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Award-winning computer security news

Mr. Robot eps3.3_metadata.par2 – the security review

02 Nov 2017 1

Post navigation

Previous: US government wants “keys under doormat” approach to encryption
Next: How to wear your password on your sleeve, literally
by Maria Varmazis

This is going to be a brief review, folks, as Mr. Robot is diving in the deep end with the psychological intrigue and going much easier on the technological angle, at least for now.

But first, a warning…

WARNING:SPOILERS AHEAD – SCROLL DOWN TO READ ON

 

“With Sophos we’ve had zero ransomware infections”
Start an online demo of Sophos Intercept X in less than a minute.
Start an online demo

The thing about metadata…

A throwaway line from Elliot’s metadata monologue caught my attention. He mentioned that metadata from photos posted on Facebook and Instagram can reveal a lot more about the photo taker than they realize. He utters this line just after he picks through the trash outside Darlene’s FBI-furnished apartment – likely looking for clues about who else might be living there, as we’re unsure if he even realizes this is also the FBI hideout. However, he soon discovers that Darlene and the FBI didn’t cover their tracks well enough from their hacks against him. He was easily able to figure out where they were and – putting the pieces together – what they were trying to do to him thanks to metadata he found.

Elliot’s comment about social media and metadata won’t surprise anyone who’s concerned about their privacy online. Indeed, he’s right that many, if not most, social media users don’t realize exactly how much information about themselves they’re freely and publicly offering, and how much that information can assist someone with a little bit of social engineering experience and some malicious intent. What’s more, plain old camera EXIF metadata can also give away a great deal more than photo snappers might realize (and even cybersecurity experts can forget this now and again.)

We often remind Naked Security readers to lock down social media accounts to maximum privacy levels, disable location-based posting, and remember that what you post online is out there forever. Since this likely isn’t news to anyone reading this review, use Elliot’s line about social media metadata as a reminder to check the privacy settings on your own social media accounts or those of any friends or family who might not be as tech-savvy. (Or any friends you have who might work for the FBI in Mr. Robot, as apparently they could also use a reminder.)

Other notes

  • Dom revealed that, as suspected, the FBI did actually get phished by Elliot’s email in last week’s episode. Color me gobsmacked, I apparently gave them too much credit last week, thinking SURELY the FBI wouldn’t make such a basic mistake? But yes, really, they did. The FBI agent didn’t even check the link in the email in a VM?
  • We see a little not-so-subtle social engineering going on in the bar as Darlene gets some information out of Dom over drinks. It seemed that Dom was being a bit too easily socially engineered, but in the end she’s as human as anyone else. Still, you’d think an FBI agent might be a bit more on guard… so perhaps Darlene wasn’t as successful as she thought.

Still, overall not a great look for the FBI in Mr. Robot. They got phished and socially engineered in one episode. I think they might be overdue for some security basics training, don’t you?


  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Home

Sophos Home
for Windows and Mac

Hitman Pro

Hitman Pro
 

Sophos Mobile Security for Android

Sophos Mobile Security
for Android

Virus Removal Tool

Virus Removal Tool

Antivirus for Linux

Antivirus
for Linux

Post navigation

Previous: US government wants “keys under doormat” approach to encryption
Next: How to wear your password on your sleeve, literally

One comment on “Mr. Robot eps3.3_metadata.par2 – the security review”

  1. Ryan says:
    November 24, 2017 at 6:20 pm

    EXIF data is removed from Facebook uploaded images anyway by default.

    Reply

Leave a Reply Cancel reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. ( Log Out /  Change )

Google photo

You are commenting using your Google account. ( Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. ( Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. ( Log Out /  Change )

Cancel

Connecting to %s

Recommended reads

Oct19
by Maria Varmazis
7

Mr. Robot eps3.1undo.gz – the security review

Aug25
by Maria Varmazis
14

Mr. Robot eps2.6succ3ss0r.p12 – the security review

Jul01
by John Zorabedian
15

TV’s newest hacker drama “Mr. Robot” is technically sound, morally ambiguous

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • SafeGuard Encryption
  • XG Firewall
  • Sophos Wireless
  • Sophos Email
  • Cloud Optix
  • Sophos Mobile
  • Phish Threat
  • UTM
  • Secure Web Gateway
© 1997 - 2019 Sophos Ltd. All rights reserved. Powered by WordPress.com VIP