Welcome back, my Mr. Robot aficianados!
In Season 2 of Mr. Robot, the FBI is on the trail of Elliot and f/society for the 5/9 hacks that crippled Evil Corp and the global economy.The FBI is investigating inside Evil Corp and Elliot must develop a way to hack their phones to eavesdrop on their conversations. This is necessary in order to anticipate their next move and find out what they know. Elliot and the crew at f/society develop a brilliant plan to do so with the help of Angela, who now works at Evil Corp.
Let's see how he does it.
Step #1: Femto-Cells
There is a little known, legal device known as the femto-cell. These devices are designed for people who don''t have good cell phone reception in their home or office. The femto-cell is like a small cell phone tower that picks up the cell signals and re-routes it through the internet very similar to a VOIP call.
These devices are sold by nearly every cellphone carrier and are specific to the carrier. here's the advertisement from the US's largest carrier, Verizon. This one costs $249, but I purchased a used one on Ebay for about $120
Step #2 Update Firmware
Out of the box, these Femto-Cells are designed to pick up the cell signal and send it to the cell phone carrier. In Elliot's case, he wants to listen in on the conversations of the FBI as they are carried to and from the cell carrier. To do so, he will need to update the firmware of this device to give himself and f/society a backdoor to listen into the FBI conversations.
There is an open source project known as OpenWRT that provides firmware for a wide-range of IoT devices. You can see Elliot and the hackers from f/society using OpenWrt here in this screenshot from the show.
OpenWRT provides custom Linux firmware for hundreds of devices. This Linux OS firmware has a writable filesystem unlike the standard firmware installed by default on these devices that is read-only. This means that Elliot and his crew of hackers can easily open a backdoor or just enable SSH on this firmware to be able to access the conversations traversing this device.
Step #4: OpenWRT
OpenWRT began in 2004 when Linksys used a Linux kernel licensed under the GNU public license to build its router firmware. Per the GNU license, they were required to publish the source code of their firmware under the same GNU license. Thus began the OpenWRT project.
Since that time, the OpenWRT project has developed hundreds of Linux based operating systems for embedded systems. Some of these are extraordinarily tiny, in order to enable them to run on very limited RAM and storage of these devices. To find one for your device, you can click here and search for the device in question.
In the screenshot below, I simply searched for all D-Link devices
Once you have found the appropriate device firmware, you can download the firmware and modify any file as well as install other software. Elliot and the team of hackers at f/society could have simply installed OpenSSH, netcat, or a simple rootkit to connect to the device.
Step #5: Connect the Modified FemtoCell to the Internet
In the final step, Angela, who now works at Evil Corp, needs to install the femto-cell on the floor of Evil Corp headquarters where the FBI is working and connect it to the Internet. As you can see below, she was able to install it among some cubicle desks and use an Ethernet connection to the Evil Corp Internet access.
Once the Femto-Cell is in place, all the FBI Special Agents cellphone calls in the area will be routed through this modified device. Elliot and f/society, with their backdoor to the device, can then divert and record all the calls to their remote location.
Summary
Femto-Cells are legal and legitimate devices to assist people with weak cellphone signals to their home or office. Acting like a local cell tower, cellphones automatically connect to it as it is the nearest cell tower. The calls are then routed through the Internet to provide better service to these cellphone customers.
Like any technology, it can be used for a multitude of purposes. elliot and his friends at f/society were able to re-purpose a femto-cell with firmware from OpenWrt to eavesdrop on the FBI conversations and plan their next move.