Irony reloaded : Mr.Robot website has a serious XSS vulnerability
The man who teaches the world the dangers of hacking is himself vulnerable to cyber attacks. This was revealed by a white hat hacker on Tuesday who found serious vulnerability in Mr.Robot website.
The hacker whose handle is Zemnmez, found the flaw on the new website for Mr Robot, the hit USA Network show. Zemnmez said that the vulnerability easily allows him to to pwn fans of the show visiting the website, tricking them into giving over much of their Facebook account details.
Zemnmez said that shortly after a quick note to Mr Robot writer Sam Esmail, the vulnerability patched by the administrators.
The website in question, whoismrrobot.com had a serious vulnerability, known as a cross-site scripting (XSS) flaw. Zemnmez found the vulnerability the same day Mr Robot kicked off a promo campaign for the second series, airing on July 13th.
The launch itself was pretty impressive with a hacked voice over video of President Obama condemning a destructive attack launched on the US financial system at the end of the first series, and a website,whoismrrobot.com, mimicking a mix of Linux command line and IRC chat.
Mr.Robot has been lavishly praised by all including hackers who often bemoan the films and TV serials for showing them as nerds or super humans who are able to do anything by clicking enter on a keyboard. The TV serial has been relatively accurate in its portrayal of hacking, which makes it even more interesting.
Zemn immediately sought to disclose the weakness on Tuesday May 10th, but could find no suitable contact on the website. FORBES pointed him in the direction of Esmail, whose contact information could be found in old domain records. USA Network owner NBC Universal confirmed later that the website had been patched.