Security News

Mr. Robot Review: eps3.2_legacy.so

Stefanie Smith, 26 October 2017

Mr. Robot eps3.2_legacy.so hack references explained by Avast expert and Mr. Robot fan, Jakub Kroustek.

This week’s flashback episode of Mr. Robot finally filled some gaps!

Since the season finale of season one, we have been left wondering where Tyrell is, but this episode finally sheds light on Tyrell’s whereabouts, his role in the hacks against E Corp, and his personality.

Tyrell has been cooped up in a house upstate working on stage two, dealing with some of his personal issues, like his daddy issues, rumors of Joanna’s infidelity and divorce plans, and Elliot’s disappearance (to prison).

We learn that Irving has been working for the Dark Army much longer than Sam Esmail lead us to believe, and my question to Sam is: Why did you keep such an incredible character from us for so long?!

The most important thing that we learned from this episode though, is how Trump became president; Whiterose endorsed him.

This episode filled us ini on many of the things that happened in season two, but it lacked hacks.

In the opening scene, we are back at FSociety’s HQ on Coney Island, basically we are back in season one, episode eight. Elliot encrypts all of E Corp’s files, making them impossible to access, as the encryption key will  set to delete itself after the process finishes.

Stefanie: We explained in our Mr. Robot Review: m1rr0ring.qt, how unwanted file encryption could affect the average computer user and what an encryption key is, but this time I’d like to know if a hack like this could happen to a real company?

Jakub Kroustek, Threat Lab Team Lead: Yes, it can definitely happen. Unfortunately, it is easier than you may think to cause damahge to a company, if you are able to hack in its network. This situation is just like a ransomware attack - the bad guys get in (either via an exploit or user’s inattention) and they encrypt everything valuable. The consequences are similar to what we’ve seen in this show. We have seen this kind of damage caused in recent ransomware outbreaks, such as WannaCry or NotPetya/Petna, the cybercriminals even threw away the decryption keys making decryption impossible, so what Elliot is doing i even more realistic than we may want to believe.

Stefanie: What should companies and even normal people do to protect themselves from data loss like this?

Jakub: There are a number of things both companies and consumers can do to protect themselves from file loss. First and foremost, install antivirus, on all of your devices, not just your PC. Some antivirus, like Avast Premier, include extra layers of protection, like Ransomware Shield, which allows you to select folders that mean the most to you to protect. Ransomware Shield will prevent malicious programs from altering files in the selected folders.

Businesses, on the other hand, should make sure they have multiple layers of defense, including antivirus, of course, firewall, intrusion detection, update their firmware and software on a regular basis, and implement proper usage access rights for their employees.

Another very important thing businesses and consumers can do to protect their data is to back it up on a regular basis. The best thing you can do when backing up your data is back it up to an external, but more importantly offline storage, and disconnect from the internet while doing the backup, only turning access back on after disconnecting the external storage. Keeping backups offline prevents outsiders from accessing the backuped files via the internet.

We see Darlene give Darlene give Cisco the femtocell with the malware that Elliot created on it. All Cisco has to do, according to Darlene, is mod it and do his thing with the antennas. After their meeting, Cisco gives the femtocell to the Dark Army, who gives it to Tyrell to inspect. Tyrell finds additional code on it, Android malware, which according to him, has nothing to do with their plan.

Stefanie: Is the code on the screen, the Android malware that Tyrell says shouldn’t be on the femtocell, part of Elliot’s plan to hack the FBI, the one he describes in season two, episode eps2.3_logic_b0mb.hc?

Jakub: Yes, but it seems like Tyrell was unaware of Elliot’s plan to hack the FBI! What’s also interesting is the filename of the exploit used, “android_know_exploit.rb”. It sounds like an exploit coded in Ruby, which targets devices using the KNOX system. Knox is an enterprise mobile security solution provided by Samsung. So. it seems that only FBI officers with Samsung phones were targeted, which is in line with Elliot’s plan mentioned it eps2.3.

I am curious to see what will happen in next week’s episode, if we will see more of Tyrell and in what mood Mr. Robot will be in.