In a bizarre hacking case, over 72,000 Chromecasts were infiltrated to expose a vulnerability to users while at the same time promoting the hackers’ favorite YouTuber, PewDiePie.
The hackers, who go by HackerGiraffe and J3ws3r, targeted thousands of Chromecast streaming dongles, Google Home smart TVs, and speakers with built-in Chromecast technologies.
They were able to do so by exploiting a misconfigured router security bug that Google has been aware of since 2014.
The hacked devices displayed a security warning reading: “YOUR Chromecast/Smart TV is exposed to the public internet and is exposing sensitive information about you! To find more about what to do and how to fix this, visit https://bit.ly/CastHack for more information. You should also subscribe to PewDiePie.”
The message linked to a website set up by the hackers called CastHack. It contains a link to subscribe to the YouTuber’s channel. The website also explains what has happened to the hacking victims and how they are exposed to potential hackers.
“What WIFI your Chromecast/Google Home is connected to, bluetooth devices it has paired to, how long it's been on, what WiFi networks your device remembers, what alarms you have set, and much more,” it explains, going on to warn hackers can “remotely play media on your device, rename your device, factory reset or reboot the device, force it to forget all wifi networks, force it to pair to a new bluetooth speaker/wifi point, and so on.”
HackerGiraffe and J3ws3r previously gained notoriety for hacking over 50,000 printers around the world and commanding them to print out flyers encouraging people to subscribe to PewDiePie’s YouTube channel.
Since the Chromecast hack gained traction, HackerGiraffe deleted its Twitter account and wrote a farewell letter on PasteBin in which they explained the pressure of getting caught was too great to continue.
“I just wanted to inform people of their vulnerable devices while supporting a YouTuber I liked,” they wrote. “I never meant any hard [sic], nor did I ever have any ill intentions. I’m sorry if anything I’ve done has made you feel under attack or threatened.”
“@pewdiepie, I love your content man, keep on going,” they added.
HackerGiraffe accessed the devices by exploiting a Chromecast flaw which allowed them to display a message on the televisions connected to them. They accessed routers that still have the default Universal Plug and Play [UPnP] enabled, which leaves them vulnerable to infiltration, as UPnP forwards internal network points out to the internet, making Chromecasts accessible.
As explained on the CastHack website, users can disable this to increase their security.