Skip to main content

The Mr. Robot Hack Report: Cantennas and dirty USB drives

The Mr. Robot Hack Report: Cantennas and dirty USB drives

/

Beware the rubber duckie

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

USA Network

Mr. Robot is a show built on hacks. The mother of all hacks serves as the big cliffhanger at the end of the show's first season, and nearly every plot development leading up to it was nudged along by some kind of exploit. It’s rare to get through an episode without at least one digital intrusion, often drawn from real life. Each week, we'll be running through Mr. Robot's C Y B E R activities — who got hacked, why, and how much magic would be required to make them actually work.

* * * S P O I L E R S F O L L O W * * *

So that was a lot of robot! Dissociative pastiche! The Brechtian distance effect! Alf! After simmering for the first few episodes, we’re starting to see a lot of the paranoid and upsetting style that made the first season so unpredictable. fsociety is back in action, Angela is stressing out, and horrible things are being done to Elliott’s mind and body. It’s just like old times!

Dissociative pastiche! Alf!

We also got our first honest-to-god heist sequence, with Angela venturing onto the FBI floor of the Evil Corp offices to plant the exploit-laced femtocell. We laid out the core of the femtocell hack in last week’s report, but making it happen required a lot of extra tricks, and there was a lot more to them than met the eye.

BREAKING IN

While Angela is getting in position for the femtocell drop, we see Darlene break into a hotel room using a combination of wigs, gadgets, and sleight of hand. It all happens pretty fast, and the upshot is basically "she got into the room with technology," but what she’s doing is a lot more grounded and plausible than you might think.

The core trick here is cloning the maid’s hotel key, which can open any room in the hotel. The card itself is just a number encoded on a magnetic stripe. Getting the number is as simple as swiping the card, which we see Darlene doing with what looks like a Square reader. Most credit card readers don’t store the number after it’s gone through (that would be asking for fraud), but there’s no technical measure stopping them from storing the number and reproducing. That’s how most ATM fraud happens, and as long as you’re dealing with magnetic stripes, this kind of attack will be a problem.

Of course, Darlene doesn’t have time to print and encode a new card, so things get a little more interesting from there. Instead of printing the magnetic code onto a stripe and swiping it through, she uses a gizmo to transmit it directly to the lock.

That gizmo is actually a Magspoof, a credit card spoofing device designed by Samy Kamkar. (Kamkar is also known for creating the first MySpace worm and building a drone that hacks other drones — so not too surprising that the writers looked him up!) The Magspoof uses an electromagnet to reproduce the same pattern a reader would get from a swiped card, basically making the reader believe that a card has just been swiped through. There’s even a method for disabling Chip and PIN, although Kamkar has since removed it.

Most importantly, it’s all an open-source design, so if you’re plotting your own hotel heist, you can build your own from the design available here.

RESETTING THE WI-FI

Once she got into the room, Darlene set up a tiny tripod tube at the window and proceeded to talk Angela through the process. Of course, a regular phone call would a paper trail, so they’re talking over Signal, an encryption app that scrupulously deletes metadata.

The more interesting part is how Darlene is connecting to the femtocell from a hotel room across the street — which is where that tube comes in. It’s not explained in the episode, but it looks an awful lot like a Cantenna, an old-school trick for extending the range of Wi-Fi networks. A Cantenna is literally just a can — you can even use a Pringles tube in a pinch. The lining blocks out extraneous signals from the side, so the only thing the internal sensor picks up on is signals in the tube’s line of sight. If it happens to be pointed at a Wi-Fi router, that focus lets you pick up on faint signals that would otherwise be drowned out. (It also works in the opposite direction, with a router in a can pointed at a specific access point, but let’s keep things simple for now.)

A Cantenna is literally just a can

It’s not totally clear if Darlene’s connecting to the femtocell directly or connecting through Evil Corp’s local Wi-Fi network, but it doesn’t really matter because pretty soon everything goes to hell. As Darlene puts it:

We lost wifi. You need to get to a terminal and bring it back up.…If we can’t get the interface to load, we can’t use the juniper screen OS backdoor to own the network, which means I can’t wipe the security footage of you planting the femtocell.It sounds complex, but in the end it’s just what it sounds like: resetting a router because the damn thing won’t work. Sometimes that’s all you need to do! (Mesh networkers might also notice that Darlene’s hacked femtocell is running on OpenWRT, a familiar sight if you’ve ever tried to make your router do anything unexpected.)

CHEKHOV’S USB DRIVE

There’s one other part of the heist that didn’t come up. Just as Angela is leaving the fsociety HQ, Mobley gives her a USB stick he calls a Rubber Ducky. If she can’t make the femtocell work, he says, just plug in the USB key, give it a few seconds to run, and then pull it out. If it works, they’ll have a bunch of FBI passwords for their trouble.

The Rubber Ducky is a real tool, a highly programmable hacking tool beloved by penetration testers and available online for $45. It works by masquerading as a keyboard and typing in whatever commands have been programmed in. If you’ve got physical access to a computer, you can run whatever program you want without doing anything indiscreet.

In this case, the Ducky is programed to run a tool called Mimikatz (also real), which hoovers up all the hashes and passwords from available memory. That’s not everything, but it’s an awful lot. Mimikatz is also open source, so you can get the whole thing here. Use it only for good!

Of course, the heist went fine, so Angela didn’t need the USB key — but she’s still got it. If she gets backed into a corner by DiPierro or Price at some point in the next few episodes, all she needs to do is break out the USB drive and make 15 seconds of small talk.

Or maybe we’ll never hear about it again? You never know!

That’s this week’s hackery, but we’re talking through plenty more on the Mr. Robot Digital After Show above, including the new hints about Price’s connection with White Rose and E Coin. Plus there was the whole opening dream sequence, which might be the most bizarre and stressful thing I’ve ever seen on television? As always, let me know if you have any questions — otherwise, see you next week!

Disclosure: NBC Universal, owner of USA Network, is an investor in Vox Media, The Verge’s parent company. Additionally, we are an independent editorial partner in the Mr. Robot Digital After Show hosted by The Verge.

Today’s Storystream

Feed refreshed Sep 25 Not just you

E
Twitter
Emma RothSep 25
Rihanna’s headlining the Super Bowl Halftime Show.

Apple Music’s set to sponsor the Halftime Show next February, and it’s starting out strong with a performance from Rihanna. I honestly can’t remember which company sponsored the Halftime Show before Pepsi, so it’ll be nice to see how Apple handles the show for Super Bowl LVII.


E
Twitter
Emma RothSep 25
Starlink is growing.

The Elon Musk-owned satellite internet service, which covers all seven continents including Antarctica, has now made over 1 million user terminals. Musk has big plans for the service, which he hopes to expand to cruise ships, planes, and even school buses.

Musk recently said he’ll sidestep sanctions to activate the service in Iran, where the government put restrictions on communications due to mass protests. He followed through on his promise to bring Starlink to Ukraine at the start of Russia’s invasion, so we’ll have to wait and see if he manages to bring the service to Iran as well.


E
External Link
Emma RothSep 25
We might not get another Apple event this year.

While Apple was initially expected to hold an event to launch its rumored M2-equipped Macs and iPads in October, Bloomberg’s Mark Gurman predicts Apple will announce its new devices in a series of press releases, website updates, and media briefings instead.

I know that it probably takes a lot of work to put these polished events together, but if Apple does pass on it this year, I will kind of miss vibing to the livestream’s music and seeing all the new products get presented.


E
External Link
Emma RothSep 24
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.


Welcome to the new Verge

Revolutionizing the media with blog posts

Nilay PatelSep 13
A
Youtube
Andrew WebsterSep 24
Look at this Thing.

At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.


A
The Verge
Andrew WebsterSep 24
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.


T
Twitter
Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.