The Mr. Robot Hack Report: Stagefright and Real-Life Ransomware
Mr. Robot is a show built on hacks. The mother of all hacks serves as the big cliffhanger at the end of the show's first season, and nearly every plot development leading up to it was nudged along by some kind of exploit. It’s rare to get through an episode without at least one digital intrusion, often drawn from real life. Each week, we'll be running throughMr. Robot's C Y B E R activities — who got hacked, why, and how much magic would be required to make them actually work.
* * * S P O I L E R S F O L L O W * * *
After last week’s slow build to the whole Mom’s House reveal, this week’s episode rewound a bit to focus on the troubles of fsociety, just as things start to fall apart for the crew. They lose their hideout, lose their cremation hookup, and start cracking up as the FBI and Dark Army simultaneously close in. Does this spell doom for the long-simmering Darlton ship? Time will tell!
Actual malware made by actual criminals?
Weirdly, the most interesting hack of the week didn’t happen on the show at all. After the ransomware attack earlier this season, someone has coded together an fsociety themed ransomware, as first reported by Motherboard. The program was uploaded to the malware database VirusTotal last week, working off code from the open-source EDA2 code. The current version of the software is harmless, only encrypting a test folder and changing the background to the now-infamous fsociety mask, but the code could easily be altered to something more harmful.
The nerfed nature of the program has led some to speculate it might be viral marketing for the show, which is possible? The show folks are vehemently declining to comment, so I genuinely have no idea! If it is marketing, it would be a pretty risky and circuitous one, but it's anyone's guess.
SEE THE MAN WITH THE STAGEFRIGHT
The episode starts with some light gamesmanship between Trenton and Mobley, who meet for the first time while waiting for Darlene at Joe’s Coffee. (Incidentally, that’s the same coffee shop owned by the guy that Elliott busts for child porn in the pilot, although this seems to be a different branch.) Naturally, the two kick things off by engaging in some light Android/iPhone trolling, with Mobley repping his Nexus. At first, it seems like they’ll peacefully settle their dispute with a speed test, but Trenton sends him to her preferred benchmarking site, which then hits Mobley with a "Stagefright" exploit and roots his phone.
A pretty good way to own an Android phone
If Stagefright sounds familiar, it should. It’s one of the worse Android bugs, allowing attackers to break through security through Android’s media preview system. When it arrived on the scene last summer, it threw the Android security world into full-on crisis mode, eventually prompting major changes in the way Google works with manufacturers and carriers to deploy patches. It also stuck around for a while, with new variants on the attack popping up in Google security reports for months.
All of which is to say, it’s a pretty good way to own an Android phone — and since Apple’s approach to patches is mostly "you’ll take the patch and like it," there’s no real equivalent on the iOS side. Stagefright is scariest as a texting bug, since your phone automatically accepts texts, but there were plenty of variants that could be embedded on a site and a dummy speed testing site is a classic way to deliver them.
Of course, even legitimate speed-test sites get compromised sometimes — but this method plays into Mr. Robot’s long-standing theme of human exploits. Every character has a vulnerability, and in Mobley’s case, that vulnerability is Android fandom. A custom benchmarking site is the perfect exploit.
OWNING SUSAN JACOBS
It’s another classic hacker challenge: you’re in someone’s house with physical access to all their devices. How much can you find out about them? In this case, the target is Susan Jacobs, who came back from Greenwich early to find a techno-anarchist cell operating out of her ostensibly malfunctioning smart home.
Going full psychopath
The crew ties her up and starts to pull everything they can find off her phone and laptop. We see Mobley using NT Password to reset her disk encryption, while Cisco uses another forensics tool to go through the contents of her Android phone. He also resets her Hotmail password, which generates a verification email on her now-unlocked computer — the kind of daisy-chained security breach you often see in multi-account compromises in the real world.
Of course, the bigger breakthrough is Trenton finding the password written down on a post-it on the fridge, letting the crew uncover Jacobs presumably torrid affair with a judge. Then Darlene goes one better by going full psychopath and just tasing her into the pool, cutting off the whole plotline just in time. Shame such a good hack had to go to waste!
Of course, we still haven’t gotten into the aftermath of the FBI hack or the endless trials of Cisco — to say nothing of the still-swirling questions around Elliot’s prison sentence and Tyrell’s possible death. We get into all that and more on the digital aftershow, embedded above. And as always, let me know if there’s anything I left out or any other hackery questions you need answered.
Like Cisco, I’m here to follow orders.