Hackers have taken over thousands of Google Chromecast streaming devices, thanks to an unfixed big. These hackers are forcing the Chromecast devices to play any YouTube video they want, and are also asking users to subscribe to YouTuber PewDiePie’s channel. Previously hackers had taken over printers and printed out messages in support of the YouTuber.
According to TechCrunch, the hackers “Hacker Giraffe” and “J3ws3r” have exploited a bug called CastHack in the Chromecast and the routers to which it connects, and carried out the attack. The hackers are also running a website for the CastHack, which says they have exposed close to 5000 devices, though this is a live ticker and the number keeps changing.
The website says that the “Chromecast/SmartTV/GoogleHome is exposed to the public internet, and is leaking sensitive information related to your device and home.” The hackers also add that they can exploit this bug to “remotely play media on your device, rename your device, factory reset or reboot the device, force it to forget all wifi networks, force it to pair to a new bluetooth speaker/wifi point, and so on.”
Keep in mind they cannot access your Google Account information or the Google Home microphone. In the bit about why they are carrying out the attack, the hackers have written, “We want to help you, and also our favourite YouTubers (mostly PewDiePie). We’re only trying to protect you and inform you of this before someone takes real advantage of it. Imagine the consequences of having access to the information above.”
Meanwhile, Google has responded to this, and told TechCrunch, “We have received reports from users who have had an unauthorized video played on their TVs via a Chromecast device. This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable.”
The Chromecast problem can be fixed by disabling UPnP or the Universal Plug and Play on WiFi routers, which exposes devices on the network. In order to find out how to disable this on your router, you can do a Google search for your router’s name and get the specific instructions to disable this. Forwarding ports should also be disabled.
The vulnerability is a known one and in fact the exploit was first showcased back in 2014. At the time security researchers had shown how the attack could be used to take over Google Chromecast devices.
Coming to the PewDiePie bit, the YouTuber is currently locked in a battle with India-based channel T-Series over subscriber base. T-Series has over 78 million subscribers, while PewDiePie is just ahead with around 79 million plus subscriber base. His fans have been posting messages asking users to subscribe to the channel, so that it is not beaten by T-Series.