The Accuracy of Mr Robot
Is Mr. Robot Accurate?
This is a quick little talk I gave at
Mr. Robot and it's accuracy. Nothing really that hasn't been discussed at length
You can download this whole talk, images, fonts, and all source materials
If you'd like to embed this talk (like I did on this page), head over to
see PDF download options, embed code, and other cool stuff. Findings
Spying via open wifi
INACCURATE - DDOS used in show where rootkit would be
Phishing calls to get personal information, which is later used to create password dictionaries.
Utilizing supersu to install persistant android malware (Flexispy)
INACCURATE - Invalid IP address
Interesting story here, the show's legal department simply wouldn't allow showing a real IP address, as it posed too much of a liability risk to the show, so they had to use an invalid IP.
INACCURATE - Time is sped up on some of the slower hacks, dictionary attacks, for instance
This is necessary, as scenes with John the Ripper would have taken far too long to accurately portray.
Remotely accessible Raspberry Pi with Kali
Technical advisors worked in a cell connection so the Pi was "always accessible", even behind NAT on it's ethernet connection.
The command was netcat with a listening shell:
nc -l -p6996 -e /bin/sh
Dropping USB keys as a social engineering hack
INACCURATE - The payload was supposed to open port 22 (ssh), but the target was a Windows machine. Sure, you can run ssh on Windows, but it's an unlikely connection type, also a reverse shell is much much more likely in this scenario.
INACCURATE - Inaccuracies in the bluetooth keyboard hack, only sniffing tools were shown, not brute force or connection tools.
Social Engineering with SET - This is stupidly accurate, awesome!
Space before command to avoid history Credits
QR Code Artist
License: CC BY 3.0 Colors
Gray 3 -