Chromecast hack promoting PewDiePie reveals security bug

3 Jan 2019

A Chromecast device. Image: Fruehauf/Depositphotos

Hackers have hijacked thousands of Chromecasts, smart TVs and Google Home devices using incorrectly configured routers.

Two hackers have taken advantage of a router setting that makes smart devices such as the Google Chromecast publicly visible on the internet.

Using the misconfigured settings, TheHackerGiraffe and j3ws3r claim to have forced devices to display a message promoting controversial YouTube star Felix Kjellberg, also known as PewDiePie.

A statement from the perpetrators

The two hackers responsible said: “We want to help you, and also our favourite YouTubers (mostly PewDiePie).” They continued: “We’re only trying to protect you and inform you of this [vulnerability] before someone takes real advantage of it.”

According to TheHackerGiraffe, the attack does not gather or save any information from the affected devices, it simply renames the devices and forces them to play their promotional YouTube video.

The takeover of thousands of devices was made possible using Shodan, a search engine specifically for connected devices.

Last year, TheHackerGiraffe successfully took over tens of thousands of printers, making them print a similar message telling affected users to subscribe to PewDiePie’s channel.

How to protect your devices

The attack is being referred to as CastHack and both Google itself and TheHackerGiraffe said that users should turn off Universal Plug and Play (UPnP) on their routers. Users can also ensure that UPnP does not forward network traffic to ports 8008, 8009 and 8443.

“We have received reports from users who have had an unauthorised video played on their TVs via a Chromecast device,” a Google spokesperson said. “This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable,” the spokesperson added.

According to TechRadar, in 2014 security company Bishop Fox found it was able to gain control of a Chromecast by disconnecting it from its current Wi-Fi network and reverting it to a factory state, which is known as a ‘deauth attack’. In 2016, Pen Test Partners discovered the Chromecast was still at risk from these types of attacks.

Speaking to TechCrunch, founder of Pen Test Partners, Ken Munro, said that these types of vulnerabilities could be exploited in more malicious ways. Google said it is working on a fix for the Chromecast ‘deauth’ bug.

A Chromecast device. Image: Fruehauf/Depositphotos

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects