Skip to content
Naked Security Naked Security

Mr. Robot season 3 episode eps3.0_Power-Saver-Mode.H – the security review

We take a look at the security concepts in the Mr Robot season 3 premiere.

For those of you who have been reading Naked Security for at least a year, you may remember that last year I wrote security-centric posts on Mr. Robot season 2 episodes, as they aired.

The show has earned a lot of accolades from the infosec community for its commitment to accurately portraying key security and hacking concepts, tools and cultural notes. To its credit, Mr. Robot has key staff with real information-security experience and hasn’t been shy in tapping security professionals for guidance and even a few cameos. So even if the show isn’t of interest to you plot-wise, and though it’s not always 100% on the mark, Mr. Robot easily wins the prize for most realistic portrayals of hacking on a TV show. (Granted, that’s not necessarily a high mark to clear.)

Since season 3 started airing on 11 October 2017, we thought it’d be worth following along this season as well to see what security tools and concepts pop up as well. (These aren’t plot reviews — there are plenty of blogs that already do those a lot better than I would.) The security recaps were fun to do last year, so why not again?

Inevitably I may have missed something or misinterpreted something I thought I saw—we tend to have great, edifying discussions in the comments of these posts, so let us know if there’s something else in each episode you thought was worth a call-out.

Here we go for round three of Mr. Robot.


Before we dive in too deep, it’s worth revisiting the season 2 eps2.3logic-b0mb.hc and eps2.4m4ster-s1ave.aes posts that look at the Femtocell hack, as it came up again in this episode briefly.

We saw the new season open with a new character trying to get a … milkshake? When we first meet him, we don’t know who this guy is, but we see him actively trying to work his way around the rules, find the flaws, figure out a way to get what he wants. Let’s hold that thought and come back to it in a few moments.

“When we lose our principles, we invite chaos.”

We touched on this a little bit towards the end of season two, but this episode drives it home: The electrical grid is a high-profile target for attack and, if vulnerabilities are discovered and exploited, the public (or at least the Mr. Robot public) could get a tough lesson on how fragile key infrastructure really can be. We see that power has been out for nearly a week and it’s taking a toll on people in the streets, while ECorp higher-ups chuckle that they’re so very grateful for backup generators.

Having key infrastructure fail due to adverse weather (like a massive hurricane) is extremely dangerous and dire, of course. Having that infrastructure fail due to poor security would likely have a similar effect, except unlike disastrous weather, that kind of failure could and should theoretically have been completely preventable. Anger and chaos that we see on the streets in Mr. Robot almost seem like a given. It’s no real wonder that governments are catching up to the criticality of this issue — just this year, a U.S. executive order required critical infrastructure systems to become compliant with major cybersecurity regulations (from NIST) for the first time.

Did someone say “Hack the planet”?

When we see Elliot and Darlene putting on their hoodies, we know it’s time for some Serious Hacker Business. (I can just imagine all the eyes rolling right now…)

And when they find them walking the streets to some clandestine location, only to discover them coming across a hackerspace that not only has power but extremely fast internet, I really thought it was only a matter of time until we saw someone introducing themselves as Zero Cool.

But no, this hackerspace—complete with DEF CON logo flag hanging in the background—is throwing a raucous party, with lots of screaming and partying, loud EDM music and jostling crowds. And then someone mentions they’re having a CTF tournament, which is “like the Hacker Olympics,” hence the extremely high energy.

Capture the Flag tournaments are a staple of many security classes, gatherings and conferences, as they’re valuable teaching experiences and challenging competitions for proving your security mettle, regardless of your professional experience. The formats can vary depending on how the CTF tournament is run, but for the most ‘traditional’ style CTF, there’s a flag (e.g. a file or a string of text) to be captured on each team’s network, and the other teams work to defend their own flags as well as capture other team flags. While sometimes CTF competitors work individually, most tend to be team-based efforts. The hackers in the Mr. Robot space mention that if they don’t make it in the top three they’re not “going to Vegas,” a sure reference to the famous CTF that happens at DEF CON every year.

As for the party environment at the CTF on the show, well, the ones I’ve been to certainly had their share of EDM blasting, and the DEF CON CTF does have a lot of interesting lighting to add to the ambience, but for the most part people are heads-down, not talking (or talking very little) and intently concentrating. They’re not nearly as energetic as what Mr. Robot portrayed, but I imagine showing a lot of people sitting silently around a table in a hotel conference room doesn’t make for interesting television!

That’s not what we mean by hacking a car

So the milkshake guy we met at the opening of this episode is Irving, or as we hear during one scene, “Detective Abernathy.” We hear Irving use some of his own car expertise mixed in with some good old-fashioned social engineering to call OnStar (a paid service that allows remote access and control of a car). With just a bit of basic information about the car that’s tailing him, and a little bit of hustle, he convinces OnStar to disable the vehicle that’s following right behind him.

OnStar is often marketed in the States as a service to help people with emergencies in their car, but it has also proven popular with foiling car thieves, as it has been used by police to disable cars in the vein shown on the show. There were indeed fears of this capability being misused when OnStar announced it, so sure, with a bit of car knowledge and some social engineering, this plot beat seems plausible enough.

Other notes:

  • It was nigh-impossible to hear what Elliot was trying to do in disabling the Stage 2 backdoor over the din at the hackerspace, I caught something about changing the name server configs and that was about it. On screen, I saw shred, lots and lots of shred, the command to securely delete files in Linux. I’m not sure what happened there — commenters, fill me in! — but I’m starting to suspect Mr. Robot isn’t really a TV show, but is instead a covert plan to teach the world bits and bobs of Linux.
  • Though it was for just a split second, we do see Tyrell and Mr. Robot himself using Shodan, a favorite tool of many hackers and security pros, basically like a Google for the Internet of Things, revealing a whole lot of nifty data, including where that device is located geographically and what kind of system it’s running (and if that system is potentially out of date and vulnerable). Could prove interesting.

Did everyone see that E-coin commercial? Did anyone sign up for the service? In any case, we’re off to an interesting start in season 3. Let’s see where Mr. Robot takes us.


My understanding of the name servers in the role of shutting down the femtocell was that they were running a special DNS server that pointed those names to the femotocell’s IP address, so he made them point back to where they were originally supposed to. I think the “shred” command was to get rid of the files creating the backdoor, either so it wouldn’t be found by ECorp, or so Dark Army couldn’t reactivate it.


You can actually drop org:”Evil Corp.” in Shodan & get results of servers that “E Corp.” (USA netwoks) has running. Didn’t search around to see if there were any easter eggs on the sites.


Fascinating! If you investigate further, let us know if you find anything. I wouldn’t be surprised if they have something waiting to be discovered.


Actually when searching for Shodan in Google on a smartphone, the description says “The search engine for Power Plants” and it’s not there when searching in the desktop version. Well done Shodan


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!