‘Mr. Robot Season 2’: Hacker Reports Flaw In USA Network Show’s Website

USA Network's "Mr. Robot" aired its first season last summer, and it was immediately deemed one of the best computer hacking dramas in recent memory. The show's accurate portrayal of the cyber world and its mind-bending plot enamored fans from the get go. So much so, in fact, that it took home two Golden Globes.

But perhaps the show was a bit too spot on in its depiction of cyber security.

A new promotional website launched by the network to jump start the viral marketing for season two was recently found to include a coding flaw that could have easily allowed nefarious hackers access to millions of fans of the show. A "White Hat" hacker going by the alias Zemnmez discovered a Cross-Site Scripting (XSS) vulnerability in the "Mr. Robot" website on Tuesday, the same day that the site was launched.

The first season received ample credit from critics, fans and those in the cyber world for its accuracy. Other TV series and films that have tackled the same content have not fared so well.

One of the noteworthy promotional efforts that USA Network is employing includes a faux-announcement from President Barack Obama, who discusses the Evil Crop hack from season one. The video also contains hints as to the lingering mystery surrounding Martin Wallstrom's Tyrell Wellick.

The mistake unearthed by Zemnmez on the show's website could have given him the ability to perform countless illegal and damaging tasks. However, the white hat hacker instead reported the XSS vulnerability to "Mr. Robot" creator and show runner Sam Esmail, according to the report.

USA Network's parent company NBC Universal confirmed that they had fixed the error late Tuesday night. According to Zemnmez, the flaw could have allowed an attacker to employ malicious Javascript to steal users information, including Facebook data that "Mr. Robot" website visitors entered in a quiz.

"A threat actor with XSS on whoismrrobot.com could [have used] the XSS to inject Javascript, which inherits the ability to read Facebook information from the fsociety game," Zemnmez said. "This could be done mostly silently if correctly engineered with a short popup window."

"Mr. Robot" will return to USA Network for a second season in July.

Follow Brandon Katz at @Great_Katzby

Tags
USA Network, President Barack Obama
Real Time Analytics