Hackers hijack Chromecast devices to warn of latest security bug

Two hackers – HackerGiraffe and j3ws3r – claimed to have taken control of 70,000 Google Chromecast smart TV devices around the world in a stunt to raise awareness of cyber security and to promote YouTuber PewDiePie.  

The hackers exploited a vulnerability which tricks Google’s media streamer into playing any YouTube video they want. In this instance, the affected Chromecasts displayed a pop-up notice warning the user that their misconfigured router is exposing their Chromecast and smart TV to hackers.  

HackerGiraffe retired the following day, noting that “the constant pressure of being afraid of being caught and prosecuted” was affecting his mental and physical health.  

Google confirmed it is aware of the issue and is offering guidance on how to handle the attack. The company said: “This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable.To restrict the ability for external videos to be played on their devices, users can turn off Universal Plug and Play (UPnP)”.  

The hackers also took the opportunity to ask viewers that they subscribe to youtuber PewDiePie’s channel. A similar tactic was employed in December 2018, when an anonymous individual hacked 50,000 printers, causing them to print out a message that urged people to subscribe to the same channel.