So, what Android spyware does appear in Mr. Robot?
In the “Debug” (“eps1.2_d3bug.mkv”) episode of the awesome Mr. Robot TV series, Tyrell Wellick, the show’s antagonist so far, is shown installing a backdoor on a lover’s phone in order to steal corporate secrets. The target is in the shower and his phone is unattended — Tyrell only has a few minutes to install his spyware.
Since Mr. Robot aims to portray hacking in an intelligent and realistic way, it is safe to assume that this backdoor app must be based on an actual product. Luckily, the episode illustrated the spyware installation in extensive detail.
We have gone over installation guides on YouTube for some of the more popular spyware products, trying to find something similar to these screens. mSpy installation looked different from the screenshots, but we hit the jackpot with a product called Flexispy.
Humbly self-described as “the only mobile monitoring software that can spy on 13 instant messengers”, FlexiSPY website features video tutorials and the video titled “Install FlexiSPY on to an Android Target phone” shows the exact installation sequence from Mr. Robot. The screenshots from the video (on the left side) correspond to Mr. Robot screenshots on the right.
“SystemUpdate” is a name designed to lull the target into a false sense of security
The spyware must have superuser privileges to work
SuperSU is the tool that grants root privileges to the spyware app
The spyware hides the SuperSU icon so that no tracks are left on the phone
Final activation using the FlexiSPY license code
The installation sequence shows granting root privileges to the backdoor app named “System Update” — apparently, Flexispy’s “safe name”, on the Android phone. The root privilege is granted by an access management tool called SuperSU. Then, SuperSU’s icon is hidden by the spyware so that the unsuspecting target wouldn’t realize that his phone had been tampered with. After the process is done, the phone looks absolutely clean and untampered.
A real life attacker who wants to intercept someone’s sensitive messages would only need a few minutes with the target’s phone to install one of these powerful commercial products, that any sociopath with a credit card can buy online in 10 seconds.
It is impressive to what lengths Mr. Robot’s production has gone to make sure that bugging a phone is displayed authentically. The depiction of Android spyware in Mr. Robot is meticulous. This kind of attention to details is what makes an awesome show!