Jump to content

Chromecast PewDiePie hack exposes long-standing unpatched bug


Recommended Posts

Exploiting a Chromecast bug that's been allegedly ignored by Google for almost five years, a hacker has taken control of thousands of users’ Chromecast-connected devices.

Hacker Giraffe has remotely gained access to the TVs and smart devices of tens-of-thousands of users and displayed a pop-up that both warns of the exploit and links to a page listing the current number of affected devices. 

Despite these seemingly noble intentions, the message also takes a chance to promote controversial YouTube personality, PewDiePie – a move this particular hacker has previously made by hijacking connected printers.

The bug has been dubbed CastHack and utilizes the Universal Plug and Play (UPnP) functionality of some routers in order to remotely gain access to devices connected on their local networks.

Consequently, users are able to block this kind of access to their network by disabling UPnP on their router.

Teaching an old bug new tricks

While technically this latest hack is made possible via a security flaw in a users’ router, the exploit related to the Chromecast is one that has been known since the year the device launched.

In 2014, security firm Bishop Fox found that it could gain control of a Chromecast by disconnecting it from its current Wi-Fi network in what’s known as a “deauth” attack and reverting it to a factory state. 

It was confirmed that the device was still vulnerable to these attacks in 2016 by Pen Test Partners, another cybersecurity firm.

While the initial deauth attacks required the hacker to be within range of the target’s Wi-Fi network, this new breed of attack can occur remotely over the internet, via the UPnP flaw previously mentioned. 

http://feeds.feedburner.com/~r/techradar/software-news/~4/Z9DqAFh-X8o
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...