Avast takes a closer look at the hacks from the Mr. Robot two-part episode, unm4sked.tc.
Image via: USA Network @whoismrrobot
The two-part premiere of season two of Mr. Robot did not disappoint! The episodes focused more on the current state of the main characters than on hacking and a lot has changed since season one.
Elliot is trying to get his life back on track. He is living with his mom, has developed a routine, which includes attending a church group, and keeps a journal. Mr. Robot does not like the new Elliot and is itching to get back to work, taunting Elliot. Darlene is leading fsociety in the meantime, but the group’s other main hackers seemed to have disappeared. Angela has joined the dark side and is working as a PR Manager for E Corp. Joanna, Tyrell’s wife, has found a new BDSM buddy to fill her missing husband’s void.
We were also introduced to some new characters, and I am looking forward to learning more about them as the season goes on. There is the FBI agent investigating the E Corp hack and Elliot has also made a “new friend”, Ray. Ray wants to do business with Elliot, but Elliot is not interested – but Mr. Robot seems to be…
There were a few things that happened in the episode that I was curious about and therefore had some of our security experts here at Avast explain:
Susan Jacobs’, a member of E Corp’s General Counsel, smart-home is hacked. First her smartwatch’s fitness app doesn’t work, then her TV turns on by itself and she has trouble turning it off. Next, music starts to play when she is done with her swim and the lights flicker a bit. While she showers, the water gets extremely hot. She finally realizes her entire smart-home has been hacked when her thermostat, radio, TV, lights, and alarm all go off at once.
Stefanie: This is my personal nightmare! We find out later in the episode that fsociety was behind the hack, but how do you think this could have happened and how can people protect themselves from someone remotely controlling the devices in their homes?
Michal Salat, Threat Intelligence Manager
The number of Internet of Things (IoT) devices is growing and the majority of current IoT devices rely on network security, which means that everything and everyone on the same network can gain control or access to them. If your home router, for example, gets hacked or is poorly configured and the attacker is able to get into your network, he/she can control most of your IoT devices. The attack surface is further increased if an IoT device is available from the Internet.
With each IoT device that is available from the Internet there are more options for the attacker to infiltrate the network and one penetrated device can act as an entry point to the whole network.
Additionally, IoT devices in many cases do not use encryption to protect the information they send and many devices also use the cloud as a communication/connection platform and as a result, could leak potentially sensitive information to hackers on the line. Many devices also don’t verify the cloud servers’ identity, so even a simple DNS attack might compromise the security of the device.
To protect an attacker from controlling your IOT devices, secure your router. Avast’s Home Network Security feature scans routers for vulnerabilities.
Darlene is determined to finish E Corp off. She uses a social engineering toolkit (SET). We can see from Darlene’s screen that she is deploying a web attack, more specifically a Cryptowall recursive attack to all of E Corp’s computers.
Stefanie: Wow! The SET is a powerful tool! Where do you think Darlene got it from?
Jaromir Horejsi, Senior Malware Analyst: The SET Darlene used, can be easily found on the Internet and is open source.
Stefanie: That seems a bit odd to me, why would something like this be available on the Internet? I would think that a tool like this, that can be used for malicious purposes, would only be available on the darknet…
Jaromir Horejsi, Senior Malware Analyst: This kit is online, available for anyone to download, because it should be used by pentesters. Pentesters are hired by companies to test their systems to see if they can penetrate them. If pentesters are successful at penetrating a system, they report their success so that the company can fix the vulnerability the pentester was able to abuse. Unfortunately, everything can be used for either good or evil.
Stefanie: What is Cryptowall?
Jaromir Horejsi, Senior Malware Analyst: Cryptowall is a type of ransomware that has been around for a while and has evolved many times over the past years. As we saw in the episode, it can display a message on the victim’s computer with a countdown and ransom demand for the decryption key. In this case, the ransom was $5.9 million to be paid within 24 hours. We normally discourage people from paying ransom, because that only proves to cybercriminals that ransomware is an effective attack method and encourages them to continue to use it for financial gain. However, this wasn’t exactly the case in the episode. Darlene was more interested in having a statement made, otherwise she wouldn’t have made E Corp’s CTO burn the money.
Gideon, Elliot’s former boss at Allsafe, visits Elliot at home. Gideon, the main suspect in the FBI’s investigation of the E Corp hack, tries to get Elliot to admit his part in the E Corp hacking. Mr. Robot is present during the conversation and adds his commentary. Gideon explains to Elliot that someone is hacking into his email. He sees logins at times and from machines he doesn’t recognize and keeps changing his password.
Stefanie: Is there something Gideon can do to make it harder or prevent Elliot, or Mr. Robot, from hacking into his email?
Jan Sirmer, Senior Malware Analyst: Yes, he can use two-factor authentication.
Two-factor authentication requires users to enter a second code along with their username and password. This code is typically sent to a mobile number or can be generated on a mobile device. If that user isn’t trying to log in to that account, two-factor authentication can also serve as a warning system when someone else is trying to break in. We have, however, also come across mobile malware specifically designed to steal one-time passwords (OTP) in order to access victims’ banking accounts. One more reason to make sure you install antivirus on your mobile device, like Avast Mobile Security.
Unfortunately, there was no happy ending for Gideon in part-two of the episode, RIP Gideon. I am curious to see what happens with the burner phone Joanna received and if Tyrell will try to contact her. I also wonder what he and Elliot are up to...
Make sure you subscribe to the Avast blog to keep up with our weekly Mr. Robot reviews!
PS: Did you catch the Easter eggs? :)