“Mr Robot” is an American drama series that follows the story of Elliot, a hacker who fights against “E Corp”, a company that looks like our own Google.
The series stands out primarily for the realistic portrayal of modern hackers and how vulnerable we are in the tech world, which is why it is loved by those involved in the subject.
So now that it has come to an end, it is worth looking at some of the things that it has affected and should be concerned about with regard to internet security.
 |
|
| Mr robot season 4 |
To begin with, when we say “realistic imagery” we do not mean, of course, that all hackers are addicted to substances, nor do they suffer from mental illnesses such as Elliot.
We talk clearly about the abilities of this and the other hackers we see in the series, not to mention that in some cases what we saw was not a bit of a drag.
In general, everyone agrees that the methods and tools used are very realistic and that is why we should at least make us wonder about the measures we have taken to protect our digital lives.
1- If you become a target you paint it
We start with the basics. Elliot has a specific goal and that is to dismantle the world’s largest corporation.
Even in his small ventures, he cracks everyone up for very specific reasons. That is, he has something to gain from them.
This is also the first lesson the series gives us, that we must become a target in order for someone to be interested in us.
Specifically, if we have something important in our possession such as information, an asset or a position (eg US President) that someone else wants to take away from us, then we must take serious action on our digital devices.
Fortunately for you and me, everyday and ordinary people, it’s hard to find anyone interested in cheating on us, but we can have a good password for every service we use on the Internet so that we can cover everything.
2 – Your cafeteria’s Wi-Fi is not secure
In the very first episode, Elliot cracks a restaurant owner who distributes photos of child-friendly content online.
The way to do this is extremely simple as all you need to do is connect to the Wi-Fi network using the store’s generous password.
Then with the ARP Spoofing / Poisoning method, in which it simply converts its device to a router, it now receives all the packet traffic of the other devices.
All he has to do is use a packet analyzer like Wireshark to see what other users using the same network are doing and steal their passwords across different services.
What we hold from this case is that public Wi-Fi networks are not secure.
The reason is that we do not know the security measures taken by the owner of the connection and because there is a very unknown world that can use these techniques.
So if you have to use the cafeteria’s Wi-Fi, it is advisable to connect to a VPN at the same time to encrypt our data. This could be our PiVPN or a commercial such as ProtonVPN.
3 – Alpha and Omega are passwords
In one episode Elliot decides to hack his psychologist by finding her email password.
We have seen in an earlier article the available methods used by hackers for this purpose, from which Elliot chooses Dictionary Attack.
So knowing some personal information about Krista, such as the date of birth and her favourite musician (Bob Dylan), she uses an automated program (probably “crunch” if she has Kali Linux) to create a file of possible codes.
For good luck, Krista actually uses such a combination so she manages to get into her account.
In a similar case, Elliot hacked Tyrell, this time using John the Ripper, a program also preinstalled on Kali Linux.
These assumptions teach us that we must have difficult but different passwords in all of our online accounts, which should not be based on our personal information.
But if we use codes that look something like “^ 7Gv ^% 9; p {= – ai” on each page, how can we remember them?
We will use Keepass, which will not only clean up our passwords but may generate random and secure passwords to replace the ones we already use or the new pages we will write in the future.
4 – Your calls and SMS are not encrypted
Throughout the series, Elliot almost never speaks on the phone, nor sends SMS.
The reason is that he knows that cellular networks are not encrypted, so if one of their antennas crashes, they can see and hear their personal conversations.
Using such a hack, Elliot steals Deus Group members ‘money in the latest episodes of the series, essentially taking the information from his members’ 2-step verification SMS!
We also never saw Elliot or the Dark Army use Viber, Facebook Messenger or WhatsApp.
The reason is that companies that own these popular services market or give our personal information to the authorities without our consent.
Instead, they both use Signal, an application that offers end-to-end encryption on (internet) calls and messages. In fact, Signal is no different than Messenger or Viber.
You just have to convince your friends to use it too if you want to take a step towards the privacy of your conversations.
5 – The “cloud” is simply someone else’s computer
In many episodes we see Elliot storing DVDs of what he has cracked, importing them into mp3 files with DeepSound.
Although using DVD is excessive for 2020, it shows that it does not trust cloud services, such as Google Drive, Dropbox or OneDrive.
The cloud is actually someone else’s computer where we store our files, without knowing the security measures it has taken to protect them.
Dropbox, for example, has been hacked twice with the latest in 2016, in which it lost 68 million accounts! If you were a Dropbox user at that time, it is very likely that someone has posted your personal moments in their room.
The truth is 10 years ago we had no choice but now we can set up a reputable Nextcloud server in our home in just a few steps to have our files everywhere but on our own computer.
This way the security of the server is in our hands, and it’s hard to be interested in hacking, as we won’t have 68 million users.
6 – Use up-to-date Linux and Android for security
It is no secret that all the “connoisseurs” and all who care about their data use a Linux computer and an Android smartphone.
Elliot at work uses Ubuntu with Gnome, Tyrell also says in one of the first episodes that he prefers KDE, while at home where Elliot uses his computer mainly to hack, he uses Kali Linux.
Instead, Dominique, presented as “irrelevant” to technology, uses a Macbook and an Amazon Echo (Alexa) at home.
He even knows Signal in the last season when he does Dark Army, and in one of the highlights of the last round, Darlene somehow “releases” her, breaking the Amazon Echo in her possession!
With all this, the creators of the series are trying to tell us that some operating systems are better than others in terms of security and data collection, while also showing us our dependence on specific services.
This is true of course as if you have a smartphone that has not been upgraded for a long time, or you are using Google and other “big” services, then you have a hole in the water.
So we choose Android devices that are regularly upgraded, such as the Android One smartphone, while for our computer Ubuntu is an excellent choice, especially if we use it mainly for home use.
Note:
There are a bunch of great Linux distributions to try. But we recommend Ubuntu because it is overall the most complete and easy to use.
CheckOut: – HiSense E75F, the official new gaming TV: all the details and prices
7 – Your cellphone is a wallet and not just a phone
In another episode of the first season, we see Tyrell looking for a way to spy on his lover. So at an unexpected moment, he picks up his cellphone and installs FlexiSPY, one of the most popular programs available for this purpose.
This service can inter alia listen to their conversations, read their messages and emails, view their photos and check their location.
The lesson we learn from this case is that we should never leave our cellphone unlocked, especially if we have rooted.
We generally need a change of mind about the smartphone, which is not just a mobile phone, but a “wallet” that now contains our most sensitive personal data.
8 – Are your wallet and keys protected?
At some point in the series, the society members decide to go to E Corp’s data centre to destroy their backup files.
To get into the building, Mobley uses the Tastik RFID Thief to copy the RFID keys they use to open the doors.
So it puts in a bag a device that at a distance of one meter can retrieve the input card data. He then saves this information on a new card, which he can now enter into the building.
In addition to business entrances, RFID / NFC technology is now used in bank cards.
So with such a device one can get on a bus and get a whole lot of card data without understanding it. So we need to protect our wallet too and to do that we can put our keys in special RFID cases or buy a new RFID wallet.
9 – Immediately turn on 2-step verification (2 step verification)
In another episode, Elliot needs Gideon’s boss details to get into the Allsafe system on his own account.
Gideon uses “2-Step Verification” for security, in which in order to login to his account, in addition to his username and password, he has to give his cellphone extra approval.
As good a hacker as Elliot is, the best solution he can find is to get Gideon’s mobile in his hands to see this extra verification code.
This shows us how important 2-step verification is, which all major companies have now incorporated, and we need to activate it.
Verification can be done either via a mobile alert (e.g. Google) or via SMS (eg Sony PlayStation). But we try to avoid SMS, as we said before the cellular network is not encrypted and in the extreme case of someone hacking the cellular antenna in our area, they will have access to this code.
10 – Bluetooth is not as secure as you think
In episode six of the first season, the smuggler Vera blackmails Elliot to get him out of prison.
In this particular attempt, Elliot smashes a police officer’s Bluetooth keyboard, with which he then controls his computer.
So it uses “hcitool” (possibly “btscanner”) to find the name and MAC address of the device of interest. He then uses “spooftooph” to clone keyboard elements and connects (without seeing how) to the computer, probably thanks to the classic “0000” code or occupying the position of the real keyboard.
The lack of security in Bluetooth is well known and even used commercially as “Proximity advertising”.
That is, you can set up a Bluetooth Beacon in your store, which will send pictures and text bids to the smartphone of those who pass by! With the same reasoning, no one will stop you from sending malicious software.
In this case, of course, we do not mean that we should not use Bluetooth devices at all. However, we should turn off Bluetooth on our cellphone when not in use and not accept connections or messages that we do not know where they come from.
11 – The security of a laptop is also important
In the second season, Angela decides to work for E Corp. in order to find out the details of her mother’s death. She needs to steal passwords from her boss’s computer but has no idea of hacking techniques.
The society team then gives her a USB stick, which acts as a keyboard rather than a storage device (USB Rubber Ducky). They use the “Mimikatz” program to extract all the passwords used on this computer.
The lesson we get in this case is that we should not put dubious USB sticks on our computer. Also if anyone wants to use our PC, we should be present all the time, and if we need to leave it open and leave, it is a good idea to lock it.
12 – Pay close attention to your “smart home”
In the first episode of season two, Darlene and her team “drive” a smart home, driving its owner out.
Although the attack is not analyzed, the whole scene wants to show us how little we know about the security of IoT devices.
Imagine if someone could turn off your alarm, unlock an electric lock like this, watch your home camera stream or … make your robotic vacuum cleaner play songs from Spotify!