Unknown (2011)

Unknown (2011 film), with Liam Neeson

Spoiler alert. Although the review doesn't reveal anything crucial, I suggest you watch the movie first.

There is not a lot to review from a computer science's point of view. The only interesting scene happens at the reception where the bad guys steal important data from a notebook.
They (covertly) insert a usb-dongle into a laptop, remotely (from a small notebook) access the computer where they log in through a login screen (conveniently owning the password) and then finally copy some 150+ files to a local usb drive.

While unrealistic, this attack is actually plausible: in general, a device is compromised the moment someone has physical access to it. Some devices (for example Chromebooks) are better at it than others, but even Chromebooks should be considered compromised once the device was in the wrong hands. The attacker could physically modify the keyboard and register every keystroke. In that case the operating system (OS) wouldn't be able to tell that the machine was compromised.
The USB port is, in fact, a rather good vector of attack: the drivers, responsible for dealing with attached USB periphery, run in privileged zones and an error in the driver allows the attacker full access to the computer. An example for such an attack can be found here:
Now there is a catch, though: in the movie the notebook was closed. I don't know of any notebook that reacts to USB devices while it is closed (and thus in sleep-mode). But let's be forgiving and assume that the scientist was just very unlucky and got a machine that continues running while closed. I know that Linux had some troubles putting itself to sleep several years ago (in the early days...).

Even the remote login is plausible. My personal preference (as attacker) would have been to create a clone of the whole machine, but in this case the attackers didn't have much time, and using a remote login (which is now provided by most OSs: WindowsMacOsX, or Linux) makes it easier to extract the precious information. In the movie the data was copied in less than 40 seconds, which would be impossible to do if they had to copy the full hard drive. Even if they had access to some futuristic high-speed wireless transfer technology, they would still need to read it from the hard-drive which just cannot provide the data that fast.

That doesn't mean that the movie makes sense: the purpose of the whole operation was to steal the data and then destroy the original. Here is my first and biggest complaint: if the data is that small (and it cannot be big, as otherwise 40 seconds would not be enough to read it from the hard drive) there must be a backup copy. No self-respecting scientist would keep only one copy of such important data. Hard-drives (including SSD drives, and USB drives) are known to fail regularly (or to get stolen). So this clearly is a plot-hole.

Another nit: if the attackers have access to the passwords they don't really need to exploit the machine anymore. If the OS supports remote-access (which is likely) they could have just logged in over the internet. In any case: a targeted phishing attack (with a specially crafted mail and 0-day exploit) seems much easier than physically accessing the device.

That's it for "Unknown". While improbable, the CS is actually not impossible.

[edit: changed conclusion from "plausible" to "not impossible"].

Comments