‘Mr. Robot’ Rewind: Checking for vulnerabilities in Episode 4

‘Mr. Robot’ Rewind: Checking for vulnerabilities in Episode 4

Affiliate[Spoiler Alert] This text could spoil a number of the surprises from the most recent episode of “Mr. Robotic.” Should you haven’t watched Season 2, Episode 4: eps2.2_init1.asec, test it out on USA Community or iTunes earlier than coming again to this text to study its secrets and techniques.

LATEST IN A SERIES: Corey Nachreiner, CTO at Seattle-based WatchGuard Technologies, is reviewing episodes of Mr. Robot on GeekWire. The present airs on USA Community on Wednesdays at 10 p.m. Be part of the dialog on Twitter utilizing #MrRobotRewind, and comply with Corey @SecAdept.

That stated, when your hacker protagonist has forbidden himself from touching a pc, and his crew is on the run, there’s little hacking available. Fortunately, even hack-free “Mr. Robotic” episodes have a tendency to incorporate loads of safety and tech references. Let’s see how hackurate this episode was.

Our first geeky tech reference arrived a few minute into this episode, when Darlene interrupted Elliot by saying “init one.” Within the scene, this appeared to be a sibling code phrase used to speak a severe want for assist. Later in the episode, we discovered that init-1 was truly the primary command Elliot ever taught her, when her laptop was crashing.

On Linux and Unix based mostly techniques, init is the initialization course of. It’s the primary course of that runs when a pc boots, accountable for each course of thereafter. Init masses with varied runlevels, which primarily outline what state a machine boots into. As an example, runlevels determine whether or not or to not boot into multiuser mode, whether or not or to not load community companies and whether or not or to not load a GUI or simply the CLI.

Init-1 is single-user mode. Single user mode boots straight right into a CLI because the superuser (root or administrative account) with none community companies. You primarily use this runlevel to repair issues. Should you’re extra conversant in Home windows, it’s sort of like booting into the command line Safe Mode with out networking. In any case, typing the command “sudo init 1” will instantly drop a Linux laptop right into a mode the place it’s reduce off from all different machines, however in a position to repair native issues.

Whereas the present by no means actually defined any of this, Darlene’s use of “init one” instantly rings true as a code phrase for assist. By saying it, she instantly conveyed to Elliot that she wished to chop off exterior distractions and get to the intense enterprise of fixing a giant drawback.

Not a couple of minutes later, we obtained to our second notable tech reference, and the closest factor to a hack this episode. As Darlene ordered supply from Postmate — an IRL service that provides on-demand supply for regular takeout — she bragged about how she’s getting her boyfriend’s Postmate coupons by way of some elaborate hack:

“I hacked Postmate’s proxy that helps the APN for my boyfriend’s cell service. Now it does a URL rewrite and sends each’s request to my affiliate hyperlink.”

Let’s decode these complicated technical references beginning with (*4*).

Plenty of e-commerce websites have affiliate applications the place customers, clients, or advertisers get some form of profit by referring to or utilizing the e-commerce service. The e-commerce web site tracks affiliate references by way of particular hyperlinks or URLs that include affiliate ID data that the common person could by no means discover. For instance, maybe your favourite tech or gaming weblog does a daily publish on every day bargains. They conveniently place a “purchase now” hyperlink in their publish, which directs you straight to Amazon’s order web page. You might not understand this hyperlink contains an affiliate ID, and your favourite weblog earns a fee on something you purchase by way of that hyperlink.

Since affiliate clicks are price cash, legal hackers are very in hijacking them, and have completed so for years using multiple techniques. In any case, hackers can and do hijack affiliate applications for enjoyable and revenue, so this facet of the reference is correct.

Subsequent, let’s discuss proxies and URL rewriting. A proxy server is a pc that sits between you and the Web. It acts as a go-between for all of your connections to the skin world. You may legitimately use a proxy server so as to add some form of safety filtering or simply to anonymize your connection. Nevertheless, unhealthy guys additionally use proxies to hold out man-in-the-middle assaults. Because the proxy server “sees” all of your net requests, it may possibly rewrite them in transit. When Darlene mentions URL rewriting, she implies that if she controls a proxy server, she will be able to rewrite affiliate IDs in all URLs, thus falsely gaining credit score for her boyfriend’s referrals. This reference checks out.

That final piece of this puzzle is the point out of a cell service Access Point Name (APN). An APN is the identify of the gateway your cellular gadget makes use of to get its information connection to the Web. It’s the settings your cellular makes use of to establish itself in your service’s community, in order that your service can route your information site visitors correctly. Amongst different issues, APN settings can embrace a proxy server configuration. Nevertheless, these days plenty of carriers lock customers out of the APN settings. Whereas some people have messed with these settings earlier than to attempt to get free Web, or bypass service restrictions, it’s a lot more durable to do right this moment with out jail damaged, rooted or unlocked cellular gadgets. In different phrases, I don’t suppose injecting a proxy server into her boyfriends APN settings is as simple as Darlene suggests.

In the long run, nevertheless, there are numerous methods to setup proxy servers on cellular gadgets (similar to International proxy settings). In essence, the essential constructing blocks of Darlene’s affiliate hack are fairly believable.

On this episode, we lastly noticed Elliot reunite with a pc. After coming to a stalemate along with his alter ego, Elliot determined to assist Ray along with his laptop drawback (principally to realize entry to a pc in order that he might contact his sister on-line). Ray gave Elliot some “migration” directions and left him to work. As a substitute, Elliot connects to an Internet Relay Chat (IRC) channel to talk privately along with his sister. Right here’s how:

None of this was hacking, neither is it significantly thrilling or subtle to most Linux customers. Nevertheless, each element was offered with excessive accuracy. Frankly, it’s uncommon for Hollywood to indicate practical laptop utilization, moderately than simply “sexing it up” with glitzy graphics.

This episode additionally comprises many different enjoyable and hackurate tech parts:

As at all times, this episode was full of enjoyable technical and inventive Easter eggs for these prepared to dig deeper:

With none actual hacks, a key safety second in this episode was when Elliot defined the advantages and disadvantages that include exposing vulnerabilities. The takeaway? Patch! Whereas researchers exposing vulnerabilities may present hackers what could be exploited, it additionally permits software program builders to repair the failings. So long as you religiously apply safety updates as quickly as they’re obtainable, you shouldn’t have to fret about hackers exploiting recognized flaws.

With this episode ending on the road, “I’m hacking the FBI,” the upcoming chapters are positive to be hacktion packed. Be part of us subsequent time for one other technical dive into “Mr. Robotic,” and as at all times, go away your questions, observations and theories in the feedback part beneath.

Related posts

Woman sues ‘smart’ sex toy maker, claiming it collected data on her use of device and app


First piece of Seattle’s Space Shuttle Trainer arrives


Hate Hillary Clinton’s logo? Check out these designs