Mr. Robot is a TV series about an anti-social cybersecurity engineer/vigilante hacker named Elliot Anderson, and it's been hailed as the most realistic depiction of hacking to ever hit the screen. As we get ready to binge-watch Season 2, we asked Kevvie Fowler — KPMG Canada's National Cyber Response Leader, whose team tests client systems for vulnerabilities and launches simulated attacks — for a primer on five hacks from the show and how they work in real life.
RATS and webcams (Episode 2)
What it is: Remote Access Trojans, bits of malicious code installed onto a computer, allow hackers to control everything from keyboards to webcams.
Mr. Robot hack: Someone from the Dark Army, a Chinese hacking collective, poses as a musician hawking free CDs. Angela's boyfriend, Ollie, loads one (and the webcam spying trojan) onto their home computer, giving the attacker a view of everything within the camera's sight.
Brute-force password hack (Episode 2)
What it is: Tools like John the Ripper detect weak Linux passwords and crack them by making thousands of attempts per second.
Mr. Robot hack: Elliot employs a common dictionary word search tactic using John the Ripper to crack the password of Evil Corp's interim chief technology officer, Tyrell Wellick. In real life, this would take between 20 and 30 minutes, but it goes down much faster in TV land.
Spyware (Episode 3)
What it is: Spyware monitors a device's activity and reveals anything stored in, say, a phone's memory or on its SIM card. This hack is unnervingly simple, though it requires physical access to the phone for about three minutes, plus an Internet connection.
Mr. Robot hack: Tyrell inserts a chip onto his target's Android phone to give him control of the device, then uploads the spyware to steal his secrets.
Badge Cloning (Episode 5)
What it is: Devices like the Tastic RFID Thief, a tool from Bishop Fox, can steal security-badge information via RFID when it's placed within one metre of the target.
Mr. Robot hack: At Steel Mountain, one of Evil Corp's data centres, Elliot clones an employee badge using a gadget like the RFID Thief, which he has hidden in his backpack.
Steganography (Episode 9)
What it is: The art of concealing information in plain sight, in music or photo files.
Mr. Robot hack: Elliot keeps files on everyone he's hacked on CD-ROMs disguised as music CDs. He uses DeepSound, an audio converter tool, to convert photos and other files to WAV and FLAC audio files. The real files are encrypted and password-protected.