Last week, in our THiNC. Spotlight #6 we brought you a movie called H0us3 (House with a zero instead of an O and a 3 instead of an E. Yes? Great.) and soon after, we had Manolo Manguia show up out of nowhere thanking us for highlighting his awesome little movie. Now, between you and me, I hadn’t watched the movie yet. We pull a lot of our Spotlight movie recommendations from the members of Patreon, the recommendations tab (that red tab at the bottom of your screen) and just random stuff I’ve seen and haven’t gotten around to writing up. Right? So, yeah, didn’t I feel dumb! hahah. Mr. Manguia, uh, LOVED your film! But regardless, do you mind doing an interview with me in spite of the fact that I’m a dolt?? hahaha. He was very kind, and agreed, and that interview will be coming in the next week I would imagine. So yeah, today? I’m going to be doing a recommendation H0us3 Movie walkthrough for the film, and then next week we’ll dive into a ton more spoilers with the writer and director of the film. Okay?
If you’ve never heard of the film, I would say it is the Spanish love child between Coherence and The Invitation, and Mr. Robot. It’s a closed box talkie, but it really brings the goods as it comes around third base and heads on home. Tons of fun to be discussed here… I really enjoyed this little indie film. Like a lot. So if you didn’t like it….. um, how about you click this link here, and just move on along with your day. Great. Thanks.
Recommendation H0us3 Movie Walkthrough
This is where spoilers just starting hitting the wall left and right. So please, trust me on this one, head on over to Prime, and watch the movie before you read anymore. Okay? Great, thanks for that.
So, the movie opens with a bunch of old college friends assembling to relive their glory days, laugh, and get to know knew spouses, etc. But soon the movie settles into a Coherence-esque setup of conversations mainly talking about the various and sundry fears involved with modern day technologies. (You’ve all seen Coherence…. right? Please tell me you’ve seen Coherence. Look, don’t make me stop this blog post on a totally different movie and put you all in detention. Because I will. Trust me. I will.) Even if you are only minimally cognizant of technology today, you will be aware of many of these worries and concerns that are being brought up by these H0us3 characters. For example, if you are on a computer, reading this blog, if I were to tell everyone here to quickly hit Alt-F4 in order to win a prize, it would actually close your browser. Or what about the hidden danger of the Internet of Things (appliances with internet capabilities) which can be turned into a Denial of Service attack zombie apocalypse. Heck, the movie even effectively explains what a man in the middle attack is. (It’s where you intercept traffic from an individual, telling them you are the wireless router, then you pass that information along to the wireless router, and just watch the traffic go back and forth… and then use that information for cracking the person’s passwords, or other malicious purposes.) And if you are really interested in these sorts of things, I highly recommend the podcast, the Darknet Diaries, wherein they talk all the time about social engineering, bank hacks, zero day threats, international espionage in the world of tech, etc., etc. I really love it. But you sort of have to geek out on these kinds of conversations… which I do. I really really do. I could tell you a ton of my own stories, but why don’t you just contact me directly if you want to hear them? hahah. Maybe these are the sorts of stories we should keep between friends!
But eventually, the H0us3 conversation turns to Edward Snowden’s insurance files, which are a very real, and very interesting ploy that Snowden is using to keep himself out of hot water with the United States secret agencies (NSA, CIA, FBI, ETC). He released these encrypted files, and if anything happens to him it would seem he would arrange to deliver the keys for these files to the individuals with them. Right? Well, Rafa explains that he has unencrypted the Snowden files, and discovered something insidious within them. And this is where the movie makes a HARD RIGHT turn out of reality and into the world of Dark Mirror sci-fi. Apparently, buried deep within the files is an iPhone app, that when compiled and distributed to your phone, it will allow the user to see 30 seconds into the future.
At first the members of the party don’t believe this is real. But after several wild examples of the app working (a light blowing out, a bottle falling over, etc.) the people in the party go all in on this wild adventure. Rafa tells them that he was able to extend the duration of the window to 90 seconds by placing several iPhones in front of one another. But otherwise, he wasn’t able to change the limits on the scope of its visibility. Eventually though, the resident hacker, is able to figure out that the local password on the app is just the word H0us3, and thus the name of the movie. And after mucking about a bit, they are able to extend the visibility window to several weeks. Which is when everything gets creepy. All they are able to see is fire, chaos and torment. When they look closer back in time, they actually encounter Rafa as he sends them a message to destroy the phone. Which sends the group into near hysterics as they begin worrying about the United States secret services as well as the Russians, and all the other organizations that might have also been able to hack Snowden’s files.
David though, worried about this having gone too far, decides to tell everyone that it was all a joke. Rafa and he had been planning this for some time, and everything could be easily explained away. The Augmented Reality app? That was actually motion tracking VR recordings they did previous to the weekend. The light bulb burning out? Easy, that was remote controlled, and it didn’t burn out at all. We always watched the videos of the “future” from Rafa’s phone. It was always under Rafa’s control. Hahaha… good laugh. And no one appreciated it at all. (Have I ever told you guys about the time I fake fired a guy? Jared? Love you man!) Somehow jokes like that just don’t go over well at all. And pretty much everyone storms off. But that is when the hacker of the group, tells Rafa and David that she successfully put the app on her own phone… THE END.
The Ending of H0us3 Explained
It seemed as though that David and Rafa had actually shown the people at the house a real time machine view of the world ahead of them. And it even gave everyone rope to figure out how to extend the time limiting of its visibility. But was it so that it could just lead everyone to water and let them drink, or was it real? Well, I think that the film makers hint at one of the two truths… and I have literally already asked the co-writer and director this very question. So it will be interesting to see what he says. But I think that the app in the movie actually worked. And that David’s ruse was a ploy to calm everyone down and get them out of a chaotic situation that they were not going to be able to change no matter what they do.
But what is the movie saying? Like from a larger perspective? From a remove? It’s saying that technology is the super power of the future. It used to be that we would worry about global thermal nuclear destruction by way of intercontinental ballistic missiles. But now though? The the real threat is from technologies. I don’t know if you know it or not, but the job of the FBI or the CIA, has gotten infinitely easier because of social media. Elliot Anderson (Mr. Robot) illustrated this eloquently for us when he showed how easy it is to target people of interest by way of social media, and data floating on the internet about a person. Someone cuts me off in traffic? Did I catch their license plate? In three minutes (for $9.95 at most, but generally for free) I can have that person’s address, their credit history, legal history, medical history… really most anything about them of interest. Then, connecting the dots, I can find their place of work, where they go to church, really almost anything. Most people though, attempt to stay secure through obscurity. Don’t be noticed, don’t be a person of interest. Which actually works, until it doesn’t.
Like, for example, I want to wardrive a neighborhood house’s (wifiwar driving is just driving through a neighborhood and listening for WiFi signals, and hacking them as you go. People have even fitted cats with wifi-decrypting tools, and gone cat-driving, as the kitties move through the neighborhood. Rafa talked about using drones to do the same thing.). It’s a lot easier than you would expect. Please don’t do this, but the way that it is done, is by watching for public handshakes that are happening between the router and devices. Basically a device will say to the router, I know that password, and the router will say, do you? And then he’ll say yes, these are the droids you are looking for. Right? But the public handshake is hashed. ^$%@#%A7#E or whatever, which translates to ‘The Droids You Are Looking For’… which, isn’t the password. It’s sort of a pre-password. But it’s using the same hash and the same encryption schema for the real password. Which gives a hint as to what is going on here.
This is the fun part. So, look at the WiFi networks you can see right now in your neighborhood, or in that coffee shop… or whatever. You can see a bunch right now I bet. There are two kinds of networks out there. There are the NETGEAR-A37BFC networks. Those passwords, I 100% guarantee are randomly generated passwords, (or the defaults – “PASSWORD” or whatever). Then there are the ‘YankeesFanDeluxe!!” networks out there. And those networks are easily hackable by just throwing password lists at them. Wait, WHAT? Password lists.
Every single time that a huge data breach happens, a list of passwords are dumped in a pile. For example, Yahoo disclosed that in 2017, over 3 billion users were compromised. Their names, dates of birth, email addresses, and passwords, all were stolen. Now, what is interesting about that is that, you, being a human, hate remembering crazy long, or cryptic passwords. I don’t like doing it either. So, you and your spouse, you prefer to use J!ll&R0ger1983 as your standard password for bank accounts, email address logins, and the like. (Which is detailed out in the film). But once that account for Yahoo was breached, that password gets tossed into an enormous password file of passwords that people on planet earth like to use. So all I have to do is to tell my graphics card to check the public and private hash of the network’s handshake by using every single password in that breach data until it finds one that works. Heck, even if it’s a random password, the network is usually easily hackable within a few hours. Heck, HECK… if you make the mistake of staying a hotel where a black hat conference is being held, you will quickly find all your devices hacked, and your information posted on the Wall of Sheep. Why? Because the only real way to stay safe? Is to turn your devices off around these people. I kid you not.
Obviously not everything is hackable. I’ve been able to keep my web systems safe (which was generally a Pyrrhic victory because the penetration testers were able to come in through the lobby systems – which we eventually hardened as well) from penetration testers – but even those systems are hackable by really motivated individuals. Zero day exploits, man in the middle attacks, social engineering? Gah. But almost everything you use is hackable! hahah. Which puts you at significant risk for all sorts of malfeasance. And think about it. A single Mr. Robot is an individual that has real super powers. Super Man doesn’t exist. But an individual with the ability to quickly gain access to your Apple Cloud account? That’s scary stuff. And once they have one doorway open, many doors start opening quickly. That is the real conversation happening here with the movie H0us3. The app that discusses the future? This is just a metaphor for the larger conversation the movie is attempting to facilitate about the risks of technology in the modern world.
My favorite example of just how flawed the system really is? This social engineering video:
Remember – this stuff is highly illegal. I’m just informing you as to the dangers of the world around you. But if you were interested in hacking hotel doors? That’s a thing. Worried about ransomware attacks, you should be. Email phishing attacks that don’t even require you to click on anything… just opening the email puts your system at risk, yeah, worry about that now too. But your car is safe – so maybe you could just hide there? Yeah, no, not so fast. Well at least the government is one shining light on a hill that is safe! Nope. But at least they aren’t making you out to be a part of ISIS or anything horrible like that! PHEW! Or not.
The cautionary tales are nearly infinite. And H0us3 is doing its best to make you aware of just how dangerous the world really is. So, the next time you get a new fridge with an internet connection? Change the default passwords. Get a password management solution and go with the default hardcore passwords that manager suggests for every new online system you create. And most importantly, educate yourself as to the dangers all around you. Because they are literally everywhere.
But as for that ending to the movie? What do you think? Is the world going to end in 2 weeks time? Or were David and Rafa just having everyone on? Thoughts? Ideas?
Edited by: CY