Hacker finds vulnerability in Mr. Robot’s website

A white hat hacker going by the name Zemnmez found the flaw on the new promotional website for upcoming season 2 of Mr. Robot. Mr. Robot was the biggest 'Hacking Drama' television show of 2015 and its second season will return to American TV screens on July 13, 2016. The vulnerability could have given Zemnmez an easy way to pawn fans of the show, tricking them into giving over much of their Facebook information. But, shortly after a quick note to Mr. Robot’s writer Sam Esmail, the vulnerability was closed off. The vulnerability known as cross-site scripting (XSS) was discovered on the day when the show launched its promo for the second series. During the launch ceremony, a clip of President Obama was shown condemning a destructive attack launched on the US financial system at the end of the first series, and a website, whoismrrobot.com, mimicking a mix of Linux command line and IRC chat. The series had already received praise for its relatively accurate portrayal of hacking, something other shows and films have failed at miserably. USA Network’s owner NBC Universal confirmed that the website was patched late Tuesday (May 10) night, hours after Zemnmez reported the flaw. XSS bugs are widespread. It’s the most common vulnerability class on the web. If the reporter would have been a malicious hacker, he’d have abused it to steal users’ Facebook information. In particular, he’d have targeted a section of the website that contains a quiz, whoismrrobot.com/fsociety, which requested access to players’ Facebook data. FSociety is the hacktivist collective that central character Elliot Alderson, played by Rami Malek joins early in series one.