Skip to main content

The Mr. Robot Hack Report: Worst Thanksgiving ever

The Mr. Robot Hack Report: Worst Thanksgiving ever


I am thankful for all these eerily plausible cybersecurity scenarios

Share this story

MR. ROBOT -- "eps3.6_fredr1ck+tanya.chk" Episode 307 -- Pictured: Car in Desert -- (Photo by: Ursula Coyote/USA Network)
MR. ROBOT -- "eps3.6_fredr1ck+tanya.chk" Episode 307 -- Pictured: Car in Desert -- (Photo by: Ursula Coyote/USA Network)

Mr. Robot is back, and the C Y B E R is back, too. The show takes a special interest in showing off the details that usually get glossed over, often drawing on real hacks and real cybersecurity problems. So after every episode, I’ll be breaking down who got hacked, how, and with what. It turns out, there’s a lot more to each one than you can see on-screen.

Well that was extremely upsetting! There’s no show this week because of Thanksgiving, which is probably just as well because I am FURIOUS. Trenton and Mobley were arguably the coolest characters on the show (more Trenton than Mobley, if we’re being real), and now they’re both gone, sacrificial pawns in the Dark Army’s fiendish game. Leon must have known, right? No good.

In a broader sense, it’s starting to look like the Dark Army is just getting everything they want. America is in chaos, E Coin is ascendant, and the whole Stage Two mess has been pawned off on F Society and Iran. As a cherry on top, we even got Zhang’s public humiliation of Price at their fancy evildoers’ soiree. Plus, a bunch of Knight Rider references, which is basically a win for everyone.


The biggest hack this week came at the end, when Trenton and Mobley are taken to the Dark Army’s hacker lair and get a sense of the mysterious post-Stage Two plot that Dom’s been hearing so much about. (I like to think of it as Stage 2.1.) It seems like a false flag, but the Dark Army really did their homework on it. On the table, there’s a map of airspace routes and the next screen shows a list of vulnerabilities in Oracle’s Weblogic software (you can find a more recent version here), which is presumably what their local airport is running on their servers. There are also a mess of onscreen Python scripts, including “” and “,” neither of which seem like good news. The next screen shows layout tools for the FAA’s flight data service and enterprise messaging system — basically all the stuff you would use if you were trying to hack a bunch of airplanes out of the sky.

Trenton and Mobley put a button on this when the Dark Army handler asks them what they see:

Trenton: A threat analysis for the FAA’s NextGen IP-based system.

Mobley: Targeting IPs in Chicago, Atlanta and LA.

Trenton: This is malware that targets air traffic control systems at major airports.

Mobley: They’re planning another attack…probably like today except this time they’re crashing planes.

It’s diabolical! And unlike 5/9 or even Stage Two, it would be aimed more at causing general mayhem and death than damaging Evil Corp specifically or capitalism in general. Setting up all this stuff seems more about framing Trenton and Mobley than actually executing the hack, but it’s still scary to have an idea like that kicking around. Could they really do something like this?


In broad strokes, this is surprisingly viable hack. The air traffic control system is the heart of air travel, the single network that makes most of the decisions for what planes do in the air. If you could compromise it, you could cause serious chaos — and compromising it isn’t nearly as hard as it should be. The best protection is that the computers running air traffic control — known as National Air Space or NAS systems — are supposed to be kept separate from the internet at large. Unfortunately, a 2015 review by the Government Accountability Office found there were lots of places to jump from networked computers onto NAS systems. The review also found that air traffic systems were terrible at patching and not great at sensing network intrusions either, all of which would make things a lot easier for hackers.

There are also ways to cause trouble without breaking directly into air-traffic systems. In a talk at Defcon in 2012, Brad “Renderman” Haines laid out a plan for spoofing the ADS-B transponders that airplanes use to locate each other in the sky. At the time, the signals weren’t encrypted, letting researchers like Haines easily copy them. The result would be a “ghost plane,” a signal that looks like a real plane to air traffic controllers. If an attacker could create enough ghost planes at once, it could cause nearly as much damage as hacking into the air traffic system directly. That’s particularly relevant because we’re likely to see very similar systems in cars as part of the push for self-driving tech, which will be vulnerable to very similar hacks.

That’s it! The show will be back next week, so you can see our beautiful faces again instead of just reading words on a screen. In the meantime, hit us up on Twitter or Reddit if there’s anything you’re wondering. And have a nice flight!