Despite all the plot movement and exciting twists, the latest episode of Mr. Robot was once again, a little light on the hacking! The best and only true hack in episode four was further evidence that Mr. Robot and the Dark Army used a serious, real-world Apache Struts remote code execution vulnerability (CVE-2013-2251) to pwn E Corp’s shipping web application for the Stage 2 attack.
In his latest Mr. Robot Rewind column on GeekWire, WatchGuard’s CTO, Corey Nachreiner, breaks down this Struts hack and several other interesting technical details from episode four. One powerful, but less-obvious lesson everyone can take away from Mr. Robot this week is the importance of protecting metadata:
“Between Elliot digging in the trash, and Dom catching the Fsociety faker through a video upload, hopefully you are convinced that metadata isn’t just worthless excess, but potentially sensitive information that could tell people more about you than you want them to know. If you learn anything from this episode, just be cognizant of the digital fingerprints you leave online, no matter what you do. For instance, before uploading a picture, perhaps consider whether or not your geo location might be embedded in that picture, and remove it if it is. Finally, as governments or businesses try to convince you that all metadata should be public record, weigh in on that debate. If you want to protect privacy, you should also protect your metadata.”
Photo Credit: USA Networks