#CastHack: Thousands of Chromecasts hacked to promote YouTuber PewDiePie
In a major surprise, thousands of Chromecast dongles, smart TVs have been hijacked by a pair of hackers. The attackers, going by the name of Hacker Giraffe and J3ws3r, were able to compromise the devices and play any content of their choice. They gained control and broadcast a custom video message warning of the vulnerability, and then promoted YouTuber PewDiePie. Here's more on it.
Bug stemmed from poorly configured routers
Chromecast dongles are pretty secure, but in the latest 'CastHack', the hackers demonstrated how the devices can be tricked into playing anything. The problem, as they noted in the video message, is an improperly configured router, which exposes the connected device on the internet. It makes the device publicly viewable and accessible, allowing attackers to gain control and play whatever they want to.
Universal Plug and Play Settings to be blame
Routers have Universal Plug and Play (UPnP) settings to help users add devices. For this, it forwards ports from the internal network to the internet, making the Chromecasts accessible from anywhere. The attackers hijacked more than 5,500 devices in just two hours using this technique.
And, this could be a major problem
The attack was not ill-intended, but having devices like Chromecasts exposed on the internet can be a major issue. This is because an attacker can take control and play anything, including a clip created to command smart home devices. So, theoretically, it could be exploited to command Alexa into turning off house alarms or ordering an iPad.
What Google says about the issue
While speaking to CNET on the matter, Google claimed that the issue is not a Chromecast problem. "This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable," Google spokesperson said in a statement. Both Google and the hackers have recommended turning off UPnP settings to avoid such exposure.
Also, why the hackers promoted PewDiePie?
Along with the security warning, the hackers also promoted PewDiePie by calling on people to subscribe to his YouTube channel. Currently, PewDiePie is battling T-Series in terms of subscribers count, with the former inching closer every day. "We want to help you, and also our favorite YouTubers (mostly PewDiePie)," the hackers' website reads. "We're only trying to protect you and inform you of this."
They were also behind the printer hack
Notably, these two hackers were also behind the printer hack, which forced printers around the globe to print sheets with a message for supporting PewDiePie.
