The internet-connected devices in our homes can make life more enjoyable, but they can also provide an in for internet ne'er-do-wells. A pair of jokers has undertaken a campaign of Chromecast hacking ostensibly to warn people about their vulnerability. Although, they're also promoting PewDiePie for some reason.
While the hackers known as HackerGiraffe and j3ws3r have chosen to target Chromecasts, the flaw is not technically part of that device. They are exploiting a technology in many routers called UPnP (universal plug and play), which can allow external access to devices on your network. Without the right safety measures, someone you don't know can also gain access. HackerGiraffe and j3ws3r used UPnP to display a warning message (see above) about the vulnerability, followed by a casual suggestion that you subscribe to video streamer PewDiePie. Lest you should think the pair are simply being helpful, the URL in the warning is a Rickroll.
The website for the hack (currently down) included a counter showing that more than 3,000 devices have been taken over with the warning. According to the site (and common sense), the best way to prevent attacks like this is to disable UPnP in your router settings. In a similar stunt last November, HackerGiraffe and j3ws3r hijacked connected printers to print pages advertising PewDiePie. The streamer is currently in danger of being overtaken by India-based T-Series as the top YouTube account by subscribers. Apparently, this is something that gets HackerGiraffe and j3ws3r very riled up.
In what is totally in no way, shape, or form connected to this story (uh-huh), Google has stepped up and today published a router-config guide of Google Home & Chromecast security tips.
As we explained before, the reason this "attack" is possible is not due to any real flaw in how Chromecast devices operate, but a consequence of the lines between "home network" and "the internet at large" blurring due to router configuration. So while Google's not going so far as to assign itself blame and call this a Chromecast bug, the company is taking steps to see that users are properly educated about hardening their systems against it.
In addition to obvious steps like using a strong Wi-Fi password for their router, Google advises users to disable port forwarding on ports 8008, 8009, and 8443. Check out all the company's advice here.
- The Verge