Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

‘Mr. Robot’ Rewind: Owning the FBI in Episode 5

0
0

‘Mr. Robot’ Rewind: Owning the FBI in Episode 5
[Spoiler Alert]This article may spoil some of the surprises from the latest episode ofMr. Robot. If you haven’t watched eps2.3_logic-b0mb.hc, check it out on USA Network,Amazon, or iTunes before coming back to this article to learn its secrets.

LATEST IN A SERIES:Corey Nachreiner, CTO at Seattle-based WatchGuard Technologies , isreviewing episodes of Mr. Robot on GeekWire. The show airs on USA Network on Wednesdays at 10 p.m. Join the conversation onon Twitter using #MrRobotRewind, and followCorey @SecAdept .

This week, I’m attending the Black Hat and DEF CON

security conferences in LasVegas, where the smartest hackers and researchers from the security communitycome together to share their latest discoveries. These people can be some of themost perceptive, detail-oriented, and nit-picky people in the world. So whenentertainment covers information and cyber security, you can expect the InfoSeccommunity to pick it apart like a school of ravenous piranha. But it turns out thatMr. Robot has been a constant topic of discussion here and presenters have actuallyused it as an example in their presentations. In short, the jury has reached a verdict.Real hackers think Mr. Robot gets hacking right.

If you’ve been following the Mr. Robot Rewind series, where I dissect the hackuracyof each episode, this comes as no surprise. So why don’t we dive right in and seewhat the latest episode gets right.

Hacking the FBI’s Androids with 0day

After a number of episodes with no hacks, or any time in front of a screen, it’s goodto see Elliot in his natural element again. This episode starts with our antiheroscripting away to create a new exploit to hack the FBI. Though a lot seems to happenon Elliot’s screen, his monologue is what really gives you the technical details youneed to understand the hack. Let’s unpack this scene.

First, what happens on his screen? This scene dynamically cuts between the manytasks and windows Elliot is working on, but only one of them has anything do withthe FBI hack. In a wide shot, you see the four main windows he has up.


‘Mr. Robot’ Rewind: Owning the FBI in Episode 5
Figure 1: Elliot hacking and multi-tasking.

The top windows pertain to the darkweb server migration project Elliot is supposedto be doing for Ray. In the top left window, he ran a command to install and updateTor, and in the top right Elliot unpacked the compressed backups of the“Marketplace” site (and its Tor configuration) onto a new server. In the bottom rightwindow, he’s still chatting with Darlene on IRC. By the way, I didn’t spell it out inlast week’sRewind article, but her IRC handle, D0loresH4ze, is a reference to acharacter in the Lolita (which also explains her heart sunglasses). Anyway, thebottom right window is the only one relevant to the FBI hack. That’s where Elliot iswriting a Ruby script.

Now the screens alone don’t tell you much about Elliot’s hack. For that, you need hisnarrative. I won’t cover it verbatim, but the first clue comes when Elliot mentionshe’s using “Android zero days” to “own the FBI standard-issue smartphone.” Thistells you two things. First, it confirms what you hopefully suspected afterlastepisode. He’s targeting the FBI’s Android devices. Second, the reference to “zerodays” conveys that Elliot has apparently found some unpatched vulnerabilities inAndroid. He can presumably leverage these vulnerabilities to gain control of theFBI’s Android devices. Though he uses flowery language to discuss the process,Elliot essentially tells us that he’s writing a script to exploit these zero-day Androidflaws.

So far this is all very accurate. Any software, including Android, can and will havevulnerabilities. In fact, there have been many cases where researchers have foundflaws in Android components. Hackers also need to write scripts of code to exploitthese vulnerabilities. Code savvy geeks may notice Elliot is writing his script inRuby. Even that language choice is realistic since Metasploit , the most popularexploit framework, uses Ruby.

By the way, I did notice one small “behind-the- scenes” detail. This scene impliesElliot’s writing a custom exploit for a new vulnerability, but it turns out the showjust has him typing an existing Metasploit exploit from real life.


‘Mr. Robot’ Rewind: Owning the FBI in Episode 5
Figure 2: A bit of Elliot’s Android “exploit script.”

While studying the screenshots to find clues about Elliot’s Android vulnerability, Inoticed a reference to “KNOX Browser RCE”. Knox is a proprietary security platformbuilt into Samsung Android devices, and RCE stands for Remote Code Execution,which allows a remote attacker to run code on your system. With a little Googleresearch, I learned that researchers found a real Knox RCE vulnerability in 2014.More interestingly, a penetration testing company wrote a Metasploit exploit forthat flaw. Comparing Elliot’s script to this real world exploit, it is clearly the show’ssource material. In any case, this is further proof of how accurately the showportrays hacking by actually using real world exploits.

Hijacking FBI Phones with a Rogue Femtocell

So now you know Elliot’s writing a zero-day Android exploit. But how will he forcehis exploit to run on the FBI’s Android devices? That’s where a femtocell comes in.

In his monologue, Elliot mentions a “femtocell delivery system.” If you haven’t heardof a femtocell , it’s a networking device designed to extend cellular coverage to “deadzones” by using the Internet. A femtocell device looks similar to a Wi-Fi access point.One of its interfaces plugs into a wired Internet connection, which is used to accessyour carrier’s network. Meanwhile, the device also contains a cellular radio, giving itthe capabilities of a mini cell tower. Cellular devices will automatically connect to anearby femtocell if it has the strongest signal. Keep in mind, these cellularconnections happen behind the scenes, without any user interaction. There isnothing you can do to prevent your cellular device from connecting to whichevercellular tower’s signal is strongest.

Researchers have already hacked femtocell devices. In 2010, a pair of researchersshowed how to root―or gain administrative access to―these embedded linuxsystems. In 2013, another pair of researchers showed how to le

Viewing all articles
Browse latest Browse all 12749