A few trusted hackers take thousands of Google's Chromecast streaming dialogs to alert users that devices can download and remotely compel any YouTube video that attackers choose, TechCrunch reports.
Error CastHack exploits the weakness in the Universal Plug and Play networking standard (UPnP) in some routers, which some connected devices – like Chromecast – make available on the Internet.
Two hackers, named Hacker Giraffe and J3ws3r, have taken the opportunity to present a message that warns users of security vulnerabilities. They also encouraged people to subscribe to YouTube PewDiePie, and even they are rickroll with the link shown on the screen.
If anything sounds familiar in the distance, it's because Hacker Giraffe roams around 50,000 printers around the world last month that they saw the devices splashed a message that encourages owners to subscribe to PewDiePie's channel to keep the platform's position the largest channel by the audience (in front of the Indian music label T-Series).
Google has told TechCrunch that this is not a problem with Chromecast, but a problem that affects routers. In addition, the bug can be solved by disabling UPnP on your router. However, it is a worrying fact that an attacker can kidnap your Netflix binge at any time when you like them.
Not the first time Google's streaming dongle is compromised. The bugs that allowed remote abduction were detected in Chromecasts in 2014 (shortly after debiting) and in 2016. Since both adults and children are used by them, Google will do everything to protect them further and prevent unauthorized access – even if it is not the fault of the company.
Posted January 3, 2019 – 7:31 AM UTC