Hackers using router vulnerability to take over Google Chromecasts

“The hackers are also using the forced privilege to do their bit for PewDiePie, who is in an inadvertent subscriber count battle against T-Series.”

A known, but a seemingly unresolved vulnerability in Google Chromecast streaming devices has led to hackers taking control of a number of these devices, and consequently playing random, forced YouTube videos of their own choice. A TechCrunch report suggests that two hackers in particular, namely ‘Hacker Giraffe’ and ‘J3ws3r’ have been behind this, taking advantage of a bug in Chromecast and simultaneously the routers that they connect to. 

google-chromecast 3

The bug, named CastHack, allowed them to exploit the Universal Plug and Play (UPnP) on Wi-Fi routers. According to reports, the causing factor for this is not Chromecast or Google Home in particular, but any smart device, which becomes publicly accessible owing to the router settings. This particular vulnerability is actually a known one — back in 2014, security researchers had found the flaw in general router settings that would make internet-enabled gadgets accessible in public domain, and thereby allowing anyone interested enough to take control of them.

As with this case, the two hackers in question have been taking over Chromecasts, but so far, there have been no reports of forcibly imposing lewd content. Instead, the duo took this opportunity to warn users of the frailties, and have popped up a warning message on the connected TV screens that they have managed to infiltrate. The warning details the potential consequences of such a hack, stating how the effect could be far more disastrous if hackers with malicious intent end up taking over TV screens in front of families. It also details how to fix the issue — disabling the aforementioned UPnP as well as forwarding ports should do the trick. 

However, such a fix is not the most appropriate or easy for non-savvy users, and it is not yet clear if and when Google may roll out a potential fix for this rather concerning issue. While Hacker Giraffe and J3ws3r have been the Good Samaritans, warning users before any potential damage and only asking them to subscribe to Pewdiepie in return, other hackers may not be so kind unless a fix is issued, soon.