Skip to content
Naked Security Naked Security

Mr. Robot: Season 2 starts – just how realistic is it?

The Mr. Robot Season 2 premiere certainly has a techie name: "eps2.0_unm4sk-pt1.tc". We look at how the rest of the episode stacks up.

The much-anticipated second season premiere of the psychological thriller Mr. Robot aired in the US last night.

The TV show’s main character, Elliot, is a hacktivist – a hacker who tries to use his technical prowess to bring about real-world changes.

Naturally, the show has a lot of cybersecurity concepts in it, and it has won over many fans in the industry for its attention to detail.

While it doesn’t get everything right, it certainly makes much more of an effort than any other show in recent memory, with many real-world concepts, tools, and events in cybersecurity taking center stage.

There are plenty of sites that will review the episode from a plot and characterization point of view, so we’ll leave that to the experts.

Instead, let’s get down to the nitty-gritty of the security concepts in last night’s season 2 premiere, an episode with the geeky name of eps2.0_unm4sk-pt1.tc.

WARNING: SPOILERS AHEAD – SCROLL DOWN TO READ ON

Ransomware takes center stage

About halfway through the episode, we see Elliot’s sister, Darlene, deploying Cryptowall.exe via the Social-Engineer Toolkit (a real hacker tool written by noted cybersecurity expert and DerbyCon founder Dave Kennedy).

In the next scene we see E-Corp and all its network computers held hostage by ransomware.

The message on the screen shows that all of the company’s computers are locked out unless a $5.9 million ransom is paid in the next 24 hours.

The higher-ups then have to make the decision: pay up to get access to their files or try to decrypt the files themselves.

As readers of Naked Security know, CryptoWall is a genuine threat.

We’re not so sure about the ransom, though.

Cryptowall and other real-world ransomware typically asks for around $300-$600 (0.5 to 1 bitcoins), even when big corporations are its victim, simply because that seems to be the price point that works.

Any more, it seems, and our willingness to engage with the crooks begins to evaporate.

CnTIJljVMAAk810
The executives discuss what to do about their CryptoWall problem

The conversation between the E-Corp CEO, CTO and Counsel that follows is painfully realistic.

Many companies find themselves with no choice but to pay the ransom, which ironically contributes to the insidious success of the ransomware “industry.”

Other options, of course, are to restore files from backup or to try to crack the encryption.

The CTO very optimistically claims it would take the company “five days, tops” to decrypt the files itself.

Assuming that this variant of CryptoWall had implemented its cryptographic code correctly, like its namesake, and given the strength of the algorithms used by most ransomware, we think he’d be very disappointed five days later.

Cracking the decryption of properly-written ransomware is typically equivalent to finding a randomly-generated AES key that’s 128 bits long.

That’s not an undertaking you could expect to finish in a week, even with $5.9 million of computing power to throw at the problem.

In the end, E-Corp decides it’s not worth the fight and instead decides to pay the ransom.

The Haunted SmartHouse

In an arresting sequence early in the episode, we see a beautiful, modern home (owned by an E-Corp executive, of course) with all the luxury fixings.

The owner has a huge projector TV, a sophisticated security system, and all kinds of home automation devices.

These mod cons begin acting up: the home alarm starts ringing and won’t silence, and she can’t turn the TV or speakers off.

An annoyance, perhaps, but no big deal so far.

But then things go beyond a cheap prank and the scene becomes truly dangerous as her lights, hot water temperature, air conditioning and even her doors stop responding to her controls and go haywire.

It’s clear that someone else has taken control of her home automation systems to drive her crazy and force her out.

(In a fragment of dialog, you hear her on the phone with technical support: “Unplug what? Everything is inside the walls! That’s how it was installed when I ordered the SmartHouse package!”)

This scenario – the complete zombification of the house – is rather theatrical, but isn’t entirely beyond belief.

As more of our home devices move to the Internet of Things (IoT), an attacker might indeed be able to commandeer those systems and cause not just mischief, but actual harm.

Some IoT vendors have set about improving the security of their devices, but others are well behind where they ought to be be in security terms.

In that spirit, this scene is something of a “buyer beware” warning for those who want the House of the Future today.

Politicians taking notice of cyberattacks

There was quite a bit of clever editing in this episode.

The show spliced together many famous remarks about cybersecurity made by President Obama and former US Secretary of Defense Leon Panetta to make it seem as if these politicians were speaking directly about society’s actions at the end of Season 1.

In fact, many of the remarks used in President Obama’s Mr. Robot dialog actually came from the fallout of the 2014 Sony hack – a breach that was so massive in its scope that politicians couldn’t help but stand up and take notice.

The remarks from former Defense Secretary Panetta were even more notable, as his mention of “Cyber Pearl Harbor” is from a speech in 2012 about cybersecurity weaknesses in critical infrastructure that could cripple entire nations if exploited.

The concept of a digital Pearl Harbour, of course, is one that sticks in the throat of many security researchers.

Real-world information security cameos

One of the things that appeals to many researchers in the cybersecurity field in this show are the real-world cameos of security tools, concepts, and even personalities.

This episode didn’t disappoint, with Darlene using a real hacker tool called the Social-Engineer Toolkit to deploy ransomware called CryptoWall, and with real-world hacker @th3j35st3r getting a cameo mention in the footer of the malware itself.

Darlene was also running Kali Linux – a Linux-based operating system that runs a number of penetration testing and security testing tools favored by security professionals, including the Social-Engineer Toolkit.

Also, a few eagle-eyed folks in Twitter caught the cameo of Gregg Housh, former hacktivist and founder of Rebel News, though we have to admit that we missed it entirely.

What next?

We’re looking forward to seeing what the rest of this season has in store – and we’re sure there will be many more cameos to catch.

What about you – are you a Mr. Robot fan?

Did you see something we missed? Did you scan Elliot’s hand-drawn QR code in his journal?  

Let us know in the comments! (Yes, you may remain anonymous.)

11 Comments

Actually I see that the only way to see Mr. Robot is via Amazon Prime but they only offer it for Germany and Austria only. does anybody know an alternative to watch online (A LEGAL WAY)

If someone paid for the show, is not charging you, open invited you to view their screen and chat with them during the show, is that illegal? (might be depend on local laws) If it is, is it also illegal to invite people to your house to watch it?
Personally I use free streaming sites for all my media (including CNN, youtube type, random streaming sites that are like the old JustinTV). 2 cents.

There are two ways I’ve been watching it — but I’m in the United States and it’s very, very likely this is geofenced content:
1) The episodes are online on the official show website after they air: http://www.usanetwork.com/mrrobot/episodes
2) I subscribe to Slingbox to watch the show as it airs, as I am one of those folks who only watches TV via Netflix et al

I am from the UK and I get Mr Robot through Amazon Prime, not sure if its available on any TV channel or other Amazon countries though

I find the comments re: “legal” way to watch this show to be deliciously ironic…

It took me 20 minutes to get the QR code pretty enough that my phone would scan it. The website it takes you to is a delight to behold, but seemed like a dead end.

Yes, I love the website it links to. I spent some time looking at the source code and checking out the Javascript referenced in there, but it all seems to be innocuous enough thus far. I’ve read some comments on Reddit that there’s something to be found on the server, which I wouldn’t doubt, but I haven’t verified it myself. I’m sure if we keep digging we’ll find something, knowing how this show has been so far.

I really enjoyed your article as I love how Mr. Robot tries to show actual hacking techniques as much as it can.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?