While the latest episode put some pieces of the story’s puzzle together, there are still some unanswered questions. Let's take a look at what we currently know.
Elliot is free and we now know he was arrested and pled guilty to hacking his therapist’s ex and stole his expensive little dog. Darlene is quick to catch him up on what has happened during his time away and him and Mr. Robot get right back to business. In the meantime, Angela uses the rubber duck from Mosley to gain access to Mr. Green’s passwords, revealing that he is a Friends fan (holidayarmadillo!), which she then uses to copy confidential files about the Washington Township Leak. She runs these files over to the Nuclear Regulatory Commission, but they seem suspicious Angela, maybe they want to hand her over to the FBI? Angela is a smart girl and leaves before anything can happen. Dom from the FBI makes a house call and tries to bribe her into talking by offering her her favorite food. Dom wasn’t the only one to make a house call in the episode, Joanna and her crew drop by Elliot’s place, or as Joanna knows him as, Ollie.
While this episode put some pieces of the story’s puzzle together, there are still some unanswered questions. What is stage 2? Why does White Rose care about the Washington Township plant? What happened to Elliot and Darlene’s mom? Who is in the smart house with Cisco?
The big hack of the episode was Elliot hacking Zhun’s phone to listen in on his conversations. Elliot uses a Pwn phone to send an SMS to Zhun’s phone. He then gains full control of the device and is able to listen to Zhun’s surroundings via his phone’s microphone.
Stefanie: What is a Pwn phone?
Jaromir Horejsi, senior malware analyst:A Pwn phone is a portable penetration testing device. Like Elliot says, it is a phone loaded with 103 monitoring and attack tools.
Stefanie: Okay, so Elliot uses the Pwn phone to send an SMS to Zhun’s phone, but what happens after that?
Jaromir:The SMS Elliot sent to Zhun’s wasn’t a normal SMS, it was a binary SMS. Binary SMS is a message that cannot be read, because it does not contain text, but binary data (1s and 0s) - This specia lSMS causes Zhun’s phone to send back a signed error message. Elliot then uses the data from the received message to crack the signing key. Once the cracking is done (this normally takes a lot more time and computational power than shown on the show), Elliot sends a malicious payload signed with the previously obtained signing key, as a binary SMS, to Zhun’s phone. Zhun’s SIM card then installs the signed malicious payload.
Stefanie: How easy do you think it was for Elliot to carry out this hack?
Jaromir:Security researcher Karsten Nohl presented about this hack at Black Hat 2013. According to him, this attack normally would take either a lot of money or time. According to Karsten’s presentation, the hack can cost up to $50,000 if the attacker wants to carry out it one day or can take six months and $1,000 to be carried out. Elliot hacking Zhun’s phone within minutes seems a bit unrealistic.
Stefanie: How widespread is spyware in the real world and how can normal users like you or I be infected?
Jaromir:Spyware is pretty common in the mobile malware space. Normal people, like you or I, can be affected by spyware if we were to receive a phishing message containing a malicious link and click on the link or if we visit a malicious website. My colleague, Nikolaos, reported on RATs (remote access tools), tools that can be used to spy on people remotely, late last year. You can read more about his findings and how a RAT for Android devices was spread in the wild, here.
What did you think of the episode? Let us know in the comments below!