Thursday, May 12, 2016

Hacker reports Vulnerability in Mr. Robot Season 2 Website

mr-robot-season-two
Mr. Robot was the biggest 'Hacking Drama' television show of 2015 and its second season will return to American TV screens on Wednesday 13th of July 2016.

However, the new promotional website for season two of Mr. Robot has recently patched a security flaw that could have easily allowed a hacker to target millions of fans of the show.

A White Hat hacker going by the alias Zemnmez discovered a Cross-Site Scripting (XSS) vulnerability in Mr. Robot website on Tuesday, the same day Mr. Robot launched a promo for its second series.

The second season of the television show had already received praise from both critics and viewers for its relatively accurate portrayal of cyber security and hacking, something other cyber crime movies and shows have failed at badly.

The new series also features a surprising yet welcome guest: President Barack Obama, who is giving a speech about a cyber threat faced by the nation.

The flaw Zemnmez discovered on the show's website could have given him the ability to perform many malicious tasks, but being a white hat, the hacker responsibly reported the XSS flaw to Sam Esmail, the creator of Mr. Robot series, Forbes reported.

USA Network’s owner NBC Universal confirmed that the website was patched late Tuesday night, hours after Zemnmez reported the flaw.

According to Zemnmez, the flaw could allow an attacker to inject malicious Javascript to steal user information, including Facebook data that Mr. Robot website visitors enter to participate in its quiz.
"A threat actor with XSS on whoismrrobot.com could [have used] the XSS to inject Javascript, which inherits the ability to read Facebook information from the fsociety game," Zemnmez told Forbes. "This could be done mostly silently if correctly engineered with a short popup window."
Also, the flaw could also be exploited using some simple social engineering technique like phishing to get site victims to click on a malicious link that executes the Javascript code, enabling attackers to steal Facebook user's real name, email address, photos and pictures they are tagged in, Zemnmez added.
Hacking is not always easy to explain on TV, but Mr. Robot is a smart and compelling show that accurately portrays the hacking culture and what hackers are really like. 
 source:thehackersnews.com

0 comments:

Post a Comment

Twitter Facebook

 
Powered by Blogger