For those who haven’t watched the USA Network TV show “Mr. Robot”, it is basically the modern day equivalent of Fight Club, except with a lot more hacking involved. The show has been praised for the attention it has paid to the technical aspects of hacking to make it seem more realistic and has also been renewed for a second season.
To promote the second season, USA Network launched a dedicated website for the show, but in an ironic twist, it seems that the website has since been hacked. However the good news is that the hackers behind the hack are “white hat” hackers who are basically helping to sniff out any vulnerabilities that would leave a site/program open for exploitation.
The hacker in question, Zemnmez, reported a cross-site scripting vulnerability that could potentially be used to trick visitors into giving up Facebook profile data. The site has since been patched after the hacker had reached out to the show’s writer Sam Esmail. However this isn’t the only issue discovered.
After hearing about the hack (and the irony behind it), another white hat hacker by the name of corenumb discovered and vulnerability in the site’s PHP email registration code, which when exploited would basically allow attackers to execute SQL commands against the database. NBC Universal has since acknowledged the flaw but it is unclear if it has been addressed since.