Sophos Cloud Optix
Last week’s episode may have left us with a cliffhanger, but this week’s episode tied up a big loose end from last season… though not in the way I imagine any of us wanted.
Darn you, Sam Esmail!
WARNING: SPOILERS AHEAD – SCROLL DOWN TO READ ON
Dark Army hacks planes to go down, not sideways
At the end of the episode, we see the Dark Army agents (very sadly) use Mobley and Trenton as pawns in their greater scheme for their next attack – creating malware that targets major air traffic control systems in huge US metro areas to simultaneously crash airplanes.
The idea of hacking planes isn’t new, though it has been relegated to the realm of the theoretical or extremely unfeasible until the last few years.
Two years ago, researcher Chris Roberts claimed to have successfully hacked a plane on which he was a passenger by messing with the in-flight Wi-Fi.
Roberts tweeted that he was able to play with the oxygen mask deployment protocols, and according to the FBI, even said – to much disbelief – that he was able to make the plane briefly fly sideways by messing with the engines.
Around that same time in 2015, the US Government Accountability Office (GAO) released extensive reports about airplane and air traffic security, leading to rather wild headlines such as “hackers could bring down [planes] using passenger Wi-Fi”, a claim that we felt rather mis-represented the points that the GAO was trying to make.
With this backgound, it’s not a surprise to see plane hacking come up in the Mr. Robot story now as a real attack vector used by the Dark Army.
I should add that this week’s episode is particularly topical, because just a week ago the Department of Homeland Security claimed that it had remotely hacked a plane in a controlled experiment. (They didn’t share how it was done, or even what was hacked – I imagine they don’t want anyone else to give it a shot.)
Other notes
- It was a nice touch to nice to see Trenton messing with the bike lock around her wrists. Lockpicking – ahem, I mean locksport – is a cool part of hacker culture, practised as a surprisingly relaxing hobby by many security researchers. I’ve attended many hacker conventions, from the big ones like DEF CON to small local BSides chapters, that have a lockpick village or a lockpick table where you can try out lockpicking for the first time, brush up on skills, or help teach others. Granted, cheap bike cable locks are no more than half a step up in complexity from a child’s diary lock, and we didn’t see Trenton do anything more sophisticated than messing with the numbers until she felt the lock tumblers set in place, but it was still nice to see.
- I chuckled when Elliot’s therapist, Krista, got yelled at about potentially violating HIPAA regulations. We hear about HIPAA a lot in the professional information security world, as keeping patient data safe is a legal and ethical concern for so many organizations. It’s easy to forget that organizations outside the world of computer security have to comply with HIPAA regulations as well, so it was interesting to hear about it in a non-security context.
As always, I’d love to hear your thoughts on this week’s episode.
Are you alarmed about Angela’s suddenly very fragile state of mind?
I’m hoping Dom is the one person who manages to unravel Whiterose’s whole plan, but it’s not looking likely at all.
How about you – does Mr. Robot (the show, not the character) have you rooting for the Feds, or are you Team Hacker no matter what?
> Granted, cheap bike cable locks are no more than half a step up in complexity from a child’s diary lock, and we didn’t see Trenton do anything more sophisticated than messing with the numbers until she felt the lock tumblers set in place, but it was still nice to see.
It could have been one of those locks that uses a cylindrical key. You open them by biting the rubber plug out of the back end, then forcing the plastic tube into the lock. When it bottoms out, twist it firmly and the lock opens, just as if you’ve used a key. The plastic has conformed to the shape of the key. It’s the classic way of opening a desktop computer when you’ve misplaced the key. I’ve advised it as recently as a year or two ago.
> It’s easy to that organizations outside thw world of computer security have to comply with HIPAA regulations as well, so it was interesting to hear about it in a non-security context.
There are (at least) TWO things wrong with the sentence above.
I found two things wrong myself and fixed them (forgot “forget” and wrote “thw” for the)… hope that’s it. Thanks.
I think Lawrence was referring to the assumption that HIPPA is only an information security issue. As I work in a hospital, any patient information given to someone not in the line of care without the patient’s consent is a HIPPA violation. Krista violating Dr. / patient confidentiality is a blatant HIPPA Violation unless Elliot said he was going to hurt someone or himself.
I was a bit more literal… I assumed Lawrence was referring to the two typos in an amusing way 🙂
Anyway, I hope there were only two. I didn’t see any more.
Can’t believe no mention of the brilliant Knight Rider intro to this episode! 😀
Maybe just because I loved it so much as a kid…