How Realistic is the Hacking in TV Shows?

A group of five high school girls dressed impeccably almost murdered dozens of times by the same mysterious stalker and the police in their idyllic small town is either corrupt or incompetent to worry about. As the girls fight back? Hacking, of course. At least, that’s kind of like they do it on Pretty Little Liars. “Hacking” is the deus ex machina in many scenarios on Pretty Little Liars and other mainstream programs, so that people can easily follow, harass, stalk and defend one another 30 to 60 minutes at a time.
But how real is it? To determine the feasibility of the hacks on shows like Pretty Little Liars itself, Sherlock, scandal, arrow, CSI: Cyber ​​and agents of SHIELD, I spoke with Patrick Nielsen, senior security researcher at Kaspersky Lab.
“One of the interesting things about security is that a lot of what you see on TV is actually not that far from the truth, the real hacking is not nearly as colorful, but the result is usually closer to realistic possibility as an absurd fiction, “says Nielsen.
Nielsen suggests that many seemingly absurd functions of the technology on the TV is not correct, per se, but they often ahead of their time.
“We use computers in more things every day, from critical infrastructure to fitness bands, and they all run software – software vulnerable – and we’re not putting almost as much effort to make sure the software,” he says. “So we can about how ridiculous laugh heels UIs or ‘two hands’ hacking scenes from NCIS are, but the threats are real. ”
On that ominous note, let us once again deceive ourselves about the problems of real life with TV.

Pretty Little Liars ABC Family

Pretty Little Liars, ABC Family

In “Welcome to the Dollhouse” (Season 5, Episode 26), four young women a serious offense ride in the back of a police car convicted. They are talking and hugging – there is no one whose supervision, of course – when suddenly, bam. The van departs violently and crashes to a halt. As it turns out, creep, which has stalking and torture these girls for years could hack into the onboard computer and the remote control of the car.
“The biggest problem is that most cars (achievable) computer in them, but also the smartest of smart not so far, have the computer to go completely control the car – yet,” says Nielsen. “As a rule, an attacker information that will cause the car to send the brakes, but they would not steer able to. So now remote control of a vehicle is unrealistic.”
Later discuss in this episode, a group of young men, friends of the girl, what happened and what they plan to do about it. One of the boys is a 18-year-old prodigy technology. It’s fast hacking, but he is very concerned about the girls, as well as his friends: a rookie cop and a high school English teacher. You call that stalker “A.” Here is the transcript of this scene:
Caleb came in the PD command center.

And if you do. Cross-check of the transporter GPS system with the PD system, it’s dead here

On Route 30 near the railroad crossing.

That is, if A hacked into the computer system van and took remote control of the vehicle.

OK, so A would be required to be in the area, have to keep the van on the road.

The transfer would have given a clear view and also by the deputies.

Is there traffic cameras in the area, you can hack?

I’m one step ahead of you. I am backing up this shoot now.
Nielsen says that a big problem with this scenario is that the guys flying blind. You are not hardware specific location, the know often the most difficult part of a successful hack.
“Even though the penetration into the type of computer that uses a certain police station or a particular CCTV camera is simple, you still need to find the right target,” he says. “It can be much more difficult than the hack, then, the development of a specific camera based on their position in real time is also quite unrealistic, at least on the Internet -. If she were in the physical proximity of the camera, it would be easier, but then they would not need the camera. ”
KASPERSKY CONCLUSION: Mostly unrealistic
My verdict: Never trust a hacker that something as unnecessary, says: “GPS system.”

Sherlock BBC

Sherlock, BBC

This includes a similar technological overload that occurs in two separate episodes: “The Reichenbach Fall” (Season 2, Episode 3) and “His Last vows” (Season 3, Episode 3).
In “The Reichenbach Falls,” it is today’s London, and Sherlock Holmes in a cabin after a hard day of hunting for clues. An ad playing on the TV in front of his seat, and he asked the driver to turn it off. Instead, the display cuts out and is a video of Holmes’ archenemy, Moriarty Jim replaced. The video is only for Holmes, and it’s only playing in his taxi. The twist: After Holmes leaves the car in a daze, he sees that the driver Moriarty.
“The interesting question here is not whether compromises display of a taxi is possible – it is – but how Moriarty knew not only the cabin Sherlock was, but how can he compromised to find the taxi on any network,” says Nielsen.
Jump to “Las His Vow” Season 3 finale, and someone – possibly Moriarty – is cut into a position in each TV channel in the UK at the same time. The nation watched in shock as mocking, shocking video plays on loop without interruption. Two government officials speak horrified:
How is this possible?
We do not know. It is on every screen in the country, each screen simultaneously.
“As for compromise TV channels, sure it’s possible, but nothing really stops people to speak very quickly to the TV stations from turning off the compromised feeds so that an attacker would have in a real scenario,” says Nielsen.
KASPERSKY CONCLUSION: Mostly unrealistic
My verdict: Cab displays can be affected in any case; good to know.

Scandal ABC

Scandal, ABC

Scandal focused on Washington, DC Top political communications expert, Olivia Pope, and in the first episode of Season 4: “Randy, Red, Super Freak and Juliet”, we do not see them lounging in luxury on an island so far away, it is displayed on any map. A boat with supplies arrive, including five bottles a rare and coveted wine. Along with the wine, Pope gets asked a letter to return home. Later, it is revealed that a colleague, an amateur but talented hacker, Pope found by tracking shipments of wine – something they can not live without – all over the world.
“International shipments must specify content and its value for the individual purpose, and this information is stored in databases, it is not unrealistic at all here present someone with a laptop’s internal network, a shipping company and look forward to all ‘Wine’ programs in which the value is very high, and the search for the location / shipping so, “says Nielsen. “The hardest part would be to get the note in the package, but is also possible with some social engineering. My question is how would a shipping company, you’ll find an island that is not on a map?”
My verdict: These are bad times; Times when I did not even dare to keep to my secrets.

Agents of SHIELD ABC

Agents of SHIELD, ABC

The Avengers offshoot has a ton of futuristic and alien technology, so as to help warm Nielsen, we have a line of Season 1, Episode 4, “Eye Spy.”
In this episode, the well-educated, super-intelligent agents of SHIELD are hundreds of photos of the same people, scanning, moving from photo-detection software scan multiple online sources.
It’s amazing. Each year, this part of our work is easier. Between Facebook, Instagram and Flickr surveilling the people themselves.
Nielsen calls this line “moving.”
“We’ve all seen the technology that tells us we came to one of our Friends Photos [ie tagging] and ‘we want for our timeline?’ There is no technical reason why the same technology can not be used to a certain person in all the photographs, the company, or why an attacker who has compromised the company can not. “To find
The majority of this particular Agents of SHIELD episode focuses on a woman with a high-tech camera implanted in her eye. Skye, SHIELD, the go-to expert hacker, looking for this camera transmitting source – they do not know that it is an in-eye system only – it successfully reverse-engineers.
I think I can recover the data signing of the encrypted broadcast. I do not understand it yet, but that’s how they watch us. Give me an hour. Maybe we can just start back.
“I mean, they use real words, but it is not clear what the real value would be,” says Nielsen. “It may be that they found a reference to the origin of the shipment, and that was enough to determine network / IP address of the attacker, they compromised then exactly.”
Nielsen does not see a problem with the distance in mind the safety of Skye’s eye camera; it is quite plausible. It is the lead time on the actual hacker, however, that he finds problematic.
“What makes this unrealistic (based on the description), as the SHIELD agents discover a completely new technology, and then figure out how to compromise it in a few seconds or minutes. Actually, this is a very long and tedious process. real attacks are incredibly fast, as a rule, with fancy animations or no windows appear on the screen, but on the basis of scripts and programs, vulnerabilities, lasted for the months or years, and analyze to use. ”
This hack reminds Nielsen A recent paper on side-channel attacks on encryption.
“A few years ago, Adi Shamir, a famous cryptographer, and his team published a paper showing how you could extract [a] encryption key from a computer simply by listening to them. In February this year, they showed how you could do it with a radio by detecting the electromagnetic emanations from a computer computer information leaks everywhere -. noise, electromagnetic waves, heat -. and it all means something clever attacker can extrapolate all kinds of information from this “.
KASPERSKY CONCLUSION: Mostly unrealistic
My verdict: In-eye cameras are not really that far away – at this rate, they are probably closer than from Facebook Oculus Rift

Arrow The CW

Arrow, The CW

In “Home Invasion” (Season 1, Episode 20), we give a warehouse-turned-bunker with exercise equipment and high-tech gadgets lined. Felicity Smoak, hacker extraordinaire secret vigilante Oliver Queen, is situated at an online fact-finding mission. She hacks into ARGUS, a government organization, and ends lurking in their systems for days, even weeks at a time.
I thought it would be helpful to track ARGUS “chasing Deadshot, so I deciphered their communication protocols again. That said, I’ve just hacked a federal agency. What kinda makes me a cyber, what is bad, because I can not me imagine, fits in well in Guantanamo Bay.
Nielsen says that this is a largely checked. “Compromise a company and steal information from their databases, whether they are reports, customer data, or anything else that is on the agenda, and we often attacks on for months or years away before they were discovered.”
Later Smoak shows their computer skills again with the following description:
I had a remote access Trojan scour the internet for Edward Rasmus. His name appeared just on a passenger list, 08.15 clock to Shanghai.
This is a little more complex, says Nielsen.
“Be a Trojan that ‘scours the Internet” for someone or something, something that we have seen in some advanced malware like Stuxnet, which did very little, but spread when she got accepted access to a particular type of control system that used by Iran’s nuclear reactors. The difference between the reality of the nation-state attacks and TV is that the nation-states to have to spend a lot of time, the weak points and ads they wish to use and shoot. There is no such thing as a Trojan, which simply infiltrated everything, including flight booking systems, unless it was designed to do this. ”
My verdict: The unrealistic aspect of the arrow is all sculpted abs ridiculous.

CSI: Cyber CBS

CSI: Cyber, CBS

Ah, the main vein. In CSI: Cyber, Special Agent Ryan Avery and her team to hunt down criminals, but in “Fire Code” (Season 1, Episode 4), the damage is all in real life. Someone has figured out how to start house fires from a distance. Ryan and Dawson (sorry!) Agents Elijah Mundo chasing one of their criminal informants, a hacker, who a USB stick with your hands “a hot new piece of code.” Back at the lab, Agents, and white-hat hackers Daniel Krumitz admired the USB drive before going to work.
The connection is secure. Simply plug in the flash drive.
He puts it in.
“Plugging in a flash drive is actually very risky, no matter whether you are online or not,” says Nielsen. “On a lot of computers, it can give an attacker full access to the entire system, not just by frying software in your operating system, but by reading memory on the hardware level, under the operating system. You can also . I do not want to connect your computer to a USB stick is not only the trust because someone says. “It’s ok”
Continuation of the scene when the data is loaded on the flash drive, Krumitz proposes a button and the printer starts to try to print something – and it caught fire immediately.
Your CI gave us code in a firmware update that the thermal switch triggers a printer hidden. The switch regulates the temperature of an ink fixing unit, keep it from overheating. Well, if the paper loads, touching the blazing-hot fusing it sparks and ignites the paper in the tray, making it catch fire.

Thus, the fuser is the game, and the paper is the fuel.

Code was sent from a computer all this?

It’s pretty amazing, is not it?
This description is not realistic, says Nielsen. Maybe a little too realistic.
“I lost. … Am I the protocol of the CSI episode, or research paper?” he asks. “I would certainly give CSI: ‘. Writing a GUI interface using Visual Basic to track the IP address of the murderer’ Cyber ​​Pros support the script from the real research, and not just”
My verdict: Plugging in an unchecked, random flash drive is silly, so remember to always guard (no, we’re not talking about a Trojan).

These scenarios are of course a small selection of wild and wacky ways Hollywood portrays technology in television. But all in all, it seems, even the craziest ideas are not too far off the mark. There is still a limitation, however, and that is price.
“For all the stops, which I marked realistic, the cost in time and knowledge. But money can speed up the process,” he says. “It takes time to learn how to do these things, and the research necessary to do to affect certain systems, especially if you have a type of device that hard to get your hands as a particular type of CCTV compromises need. could carry out a person with a laptop all attacks, especially with exploits that have written other people, but it would be more than a large, well-funded group of people are the same. The attacks, which I referred to as are to take unrealistic possible if you are nation-state level attacks, ie the way in which money and other resources are not an issue. “


Leave a reply

You must be logged in to post a comment.