Slashdot Mirror
The "Rickmote Controller" Can Hijack Any Google Chromecast
redletterdave writes Dan Petro, a security analyst for the Bishop Fox IT consulting firm, built a proof of concept device that's able to hack into any Google Chromecasts nearby to project Rick Astley's "Never Gonna Give You Up," or any other video a prankster might choose. The "Rickmote," which is built on top of the $35 Raspberry Pi single board computer, finds a local Chromecast device, boots it off the network, and then takes over the screen with multimedia of one's choosing. But it gets worse for the victims: If the hacker leaves the range of the device, there's no way to regain control of the Chromecast. Unfortunately for Google, this is a rather serious issue with the Chromecast device that's not too easy to fix, as the configuration process is an essential part of the Chromecast experience.
Nowhere in TFA does it say why a Factory Data Reset wont fix that.
Your hair look like poop, Bob! - Wanker.
Gosh, I wonder what item on YouTube THAT could point to...
If Google can "remotely configure" your device, then so can someone else if they're determined enough.
Duh.
Canonical Diffie-Hellman is vulnerable to MITM attacks when both parties are mutually-anonymous. There are ways to reduce the risk, but at the end of the day, unless at least one party knows who it's supposed to be talking to & can independently verify the other party's identity and the integrity of key-exchange traffic supposedly taking place with it, you can never know for sure that you aren't having a securely-encrypted conversation with an attacker.
AFAIK, there's no currently known way to achieve 100% mutually-anonymous key exchange that isn't also vulnerable to MITM. Every few months, someone proposes one, and someone like Schiener usually takes one look at it and casually mentions a half-dozen ways it can be defeated in between sips of coffee.