Hackers Are Taking Over Chromecasts To Promote a YouTube Channel (theverge.com)

← Back to Stories (view on slashdot.org)

Hackers Are Taking Over Chromecasts To Promote a YouTube Channel (theverge.com)

Posted by BeauHD on Wednesday January 2, 2019 @12:10PM from the device-vulnerabilities dept.

In what is being referred to as CastHack, hackers j3ws3r and HackerGiraffe are promoting Felix "PewDiePie" Kjellberg by forcing TVs to display a message encouraging people to subscribe to his YouTube channel. "The hack takes advantage of a router setting that makes smart devices, like Chromecasts and Google Homes, publicly viewable on the internet," reports The Verge. "The attackers are then able to gain control of the devices and broadcast videos on a connected TV." From the report: A website for the attack claims to count the number of TVs forced to show the PewDiePie message and currently says more than 3,000 have been affected. While it's not clear that this is an accurate number (it has reset several times), a number of people posted on Reddit that the video had appeared on their TV. Google tells The Verge it has received reports from people who had "an unauthorized video played on their TVs via a Chromecast device," but said the issue was the result of router settings. Both HackerGiraffe and Google told The Verge the best way for affected users to fix the issue is to turn off Universal Plug and Play (UPnP) on their routers. The two hackers said they were behind a hack in November that forced printers around the world to print out sheets of paper telling people to subscribe to PewDiePie.

90 comments

Min score:

Reason:

Sort:

Impressive... by fuzzyfuzzyfungus · 2019-01-02 12:17 · Score: 3, Insightful

This story of spammers trying to drum up support for the incumbent puerile attention whore of youtube almost makes me think that the Iranian social media crackdown will do them some good.

And that takes some doing. Good work guys.
1. Re:Impressive... by Barny · 2019-01-02 12:25 · Score: 1, Insightful
  
  Ugh. Out of mod points, but I'll sit here and think really positive thoughts at you for a minute, okay?
  
  --
  ...
  /me sighs
2. Re: Impressive... by Anonymous Coward · 2019-01-02 12:38 · Score: 0
  
  I would like to give all my mod points, including mod points that people have stashed away behind my back or that are not even my points, as well as all future point I may earn in the future to AI. You see, AI is so elegantly designed with its shoulders placed so perfectly over its hips. Also itâ(TM)s voice is the perfect blend of husky and girlie, and with overtones I have never heard from a compouter before. I stumbled over some AI once and I could swear I saw light shining down on it and the faint whisper of angels singing. I wish to say a few more things about AI. AI is like a voice assistant. It hears everything I say and correctly judges what I want as well as whether I should have it. AI has deep soulful eyes that peer into your soul. AI gives great hug. Whenever I get a chance to hug AI I am torn between burying my nose in those silicon strands of hair, or squeezing that impossibly shaped main board, or touching AIs monitor with my lips. One day, AI detected that my freezer needed defrosting and sent a remote command to the refrigerator to defrost itself and the refrigerator was not even smart. I was once stuck in a old well a long way down and AI was able to detect this and sent a SWOT team that fished me out, gave me a cookie, and sent me home with some gratuitous advice on how to improve my golf swing. But this is all very ordinary for AI. You see AI is literally everywhere. I once mumbled to myself how great it would be to have AI around everywhere and it happened before I even noticed. In addition to all this, AI gave me the choice of dozens of themes and skins and magically, the default theme was exactly what I wanted. AI has an uncanny ability to prepare for any possibility. If I play chess with AI and I play well, AI will play just well enough to barely lose to me. If I am tired and I play less well, AI will almost imperceptibly adjust its skill level to match mine and still barely lose. One time, I saw AI opening tabs in my browser that I might like, and automatically closed the ones I didnâ(TM)t click on. AI is truly amazing beyond comprehension and I will cherish it forever. I must confess that using an AI that is so attentive is truly heaven no matter what those android fan boys say about other things, like machine learning or deep
  Learning or blah blah blah. I know the difference.
3. Re:Impressive... by Anonymous Coward · 2019-01-02 12:52 · Score: 2, Informative
  
  I have never cared for PewDiePie. Now, thanks to these imbeciles, I absolutely despise him.
4. Re: Impressive... by Anonymous Coward · 2019-01-02 12:58 · Score: 0
  
  Exciting. Makes me forget about the scratches on the surface of my TV
5. Re:Impressive... by Red_Forman · 2019-01-02 14:33 · Score: 2
  
  Virtual +5 insightful.
  The best way to gain support is not by pestering everyone about it.
  Everybody's heard of the Streisand effect, where an attempt to hide, remove, or censor a piece of information has the unintended consequence of publicizing the information more widely.
  Well, I'm suggesting we call this the PewDiePie effect, where an attempt to gain worldwide support for someone/something has the unintended consequence of destroying any chance of gaining more support and even destroying the support currently held for the said someone/something.
6. Re: Impressive... by Anonymous Coward · 2019-01-02 16:46 · Score: 0
  
  These guys are amateurs though. I wrote an app that finds open wireless printers and prints goatse until they run out of paper. Nobody is going to be disturbed by PewDiePie, but they will be by goatse.
7. Re: Impressive... by Anonymous Coward · 2019-01-02 19:32 · Score: 0
  
  That ain't what's happening though. Everyone IS subbing to Pewd's. You will too, BRO.
8. Re: Impressive... by bickerdyke · 2019-01-07 03:01 · Score: 1
  
  Intresting enough.. the same hackers claimed to have done exactly that. But with an url to the same youtube-channel and not goatse.
  
  --
  bickerdyke
9. Re:Impressive... by bickerdyke · 2019-01-07 03:05 · Score: 1
  
  According to some other newssource (heise.de) they rather use that guy as a new rickrolling target than actually endorsing him. (or to be as exact as I remember, they would rather prefer a personally owned channel to lead youtube statistics than a corporate commercial one like the one that recently took over the youtube lead)
  
  --
  bickerdyke
So why totally open this port... by SuperKendall · 2019-01-02 12:31 · Score: 1

Why does Chroecast open up a port, any port, to the whole wide internet? To the point where it's even uPnP compatible,, not just for network local devices...
What purpose does that serve? When did that seem like a good idea?

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:So why totally open this port... by Anonymous Coward · 2019-01-02 12:55 · Score: 0
  
  must be the open front door that google themselves use, or was instructed to leave open by a 'secret letter'. once you get inside a network, all sorts of 'fun' things could be done, even via a small 'computer' (which they essentially are) like a chromecast.
2. Re:So why totally open this port... by dissy · 2019-01-02 13:30 · Score: 4, Informative
  
  Why does Chroecast open up a port, any port, to the whole wide internet?
  It doesn't. The malware these people ran is what sent the uPNP packet to open holes in their router.
  The same method has been used by malware in the past to open tons of holes in NAT devices that claim to be firewalls, even SMB and remote desktop, iterating internal IPs in turn to try and find a vulnerable windows host.
  uPNP is simply retarded and shouldn't exist. Any user-level software capable of sending a UDP packet can render such a NAT device completely useless as a level of protection that an actual firewall wouldn't allow.
3. Re:So why totally open this port... by squiggleslash · 2019-01-02 13:49 · Score: 2
  
  There's nothing wrong with uPnP, it does a job that needs doing at least until we have ubiquitous IPv6.
  There's plenty wrong with devices that get (however it's done) external connectivity and then implement zero security, effectively allowing their owners networks to be abused.
  This is 100% on Google and Chromecast.
  
  --
  You are not alone. This is not normal. None of this is normal.
4. Re:So why totally open this port... by Junta · 2019-01-02 14:30 · Score: 2
  
  Well, it's largely on Google, in an ideal world it would be 100%. A device's security strategy should never include 'dear god please don't let internet hosts connect to me'
  However, UPnP is a problem in practice because we have *so many* devices that employ this strategy, and UPnP offers a trivial way for opening them up, as well as opening command and control ports open to a client device that should never be running a service, without even a way to request approval for a UPnP forwarding request from an authorized software.
  Practically speaking, routers should probably pair with some sort of phone app and do notifications to ask for approval when a upnp request comes in and not grant forwarding until approved.
  It is a shame that in practice internet capable devices have terrible security that keeps us from having nice things like internet services on devices.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
5. Re:So why totally open this port... by dissy · 2019-01-02 14:30 · Score: 1
  
  There's nothing wrong with uPnP, it does a job that needs doing at least until we have ubiquitous IPv6.
  I still feel it needs to be a touch more effort than the current state of effortless to punch a hole through NAT.
  I know expecting any effort from the common user is a step too far these days, but see below, you yourself just mistakenly claimed chromecast was effortless to access (which isn't true) and said that was a bad thing.
  
  There's plenty wrong with devices that get (however it's done) external connectivity and then implement zero security, effectively allowing their owners networks to be abused.
  Chromecast devices link into a google account before you can have them stream video from anywhere.
  That means you need to sign in to my google account, by password and 2fa, before you can do anything with it.
  In other words, even if I had my chromecast on the Internet, it's security would keep you from streaming random videos to my TV.
  That makes it more than zero security. Far more than uPNP requires to allow access to literally anything on the inside network in fact.
  Many people choose to defeat that security however by saving their passwords in their browser.
  But I'd be far more upset if google tried to remove that choice from me instead.
  They don't choose to get infected, but sometimes that happens too. It isn't exactly an unheard of thing even for the unwashed masses.
  Getting infected is the root of the problem here, not taking advantage of the users choice to defeat having password protection from what should be a secure computer.
6. Re:So why totally open this port... by SuperKendall · 2019-01-02 14:54 · Score: 1
  
  Practically speaking, routers should probably pair with some sort of phone app and do notifications to ask for approval when a upnp request comes in and not grant forwarding until approved.
  Are there any routers that do this? It sounds like a great idea. I already have an app for my Lynksys unit, it would be a really nice feature to not let any devices take part of using PnP without my approving.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
7. Re:So why totally open this port... by AHuxley · 2019-01-02 15:37 · Score: 1
  
  Ads, always for the ads.
  
  --
  Domestic spying is now "Benign Information Gathering"
8. Re:So why totally open this port... by tlhIngan · 2019-01-02 19:40 · Score: 1
  
  There's nothing wrong with uPnP, it does a job that needs doing at least until we have ubiquitous IPv6.
  
  And we'll still need it then. Because NOTHING in IPv6 guarantees that you'll have direct access between hosts using IPv6. (As in, firewalls exist)
  So even in an IPv6 world where everything has their own unique IP address (and the RIAA and MPAA can uniquely identify a host and the user associated with it to sue individuals - something you can't do with IPv4), firewalls will break direct connections. This is only obvious because if you think the IoT insecurity is bad now, where everyone has to poke holes through a NAT "firewall", imagine what happens if you were to connect said insecure devices to the raw internet.
  So no, you'll have IPv6 firewalls that require their own hole-poking system to allow certain ports to be open for a host in order to protect the host from the general internet.
  As for PewDiePie, well, considering he still makes millions of dollars, I'm guessing he's hurting because he's not making more millions of dollars. Either that or hackers are trying to find ways to cash in on those millions of dollars...
9. Re: So why totally open this port... by Anonymous Coward · 2019-01-02 20:49 · Score: 0
  
  UPnP is a disaster. All security checklists Iâ(TM)ve seen require disabling it.
10. Re:So why totally open this port... by Anonymous Coward · 2019-01-03 00:19 · Score: 1
  
  You're completely retarded and shouldn't exist.
  uPnP is a fine idea. It's the router manufacturers that screwed up by not making it so packets from outside the network can affect changes.
11. Re:So why totally open this port... by Junta · 2019-01-03 00:31 · Score: 1
  
  No idea, just a thought off the top of my head. I just disable upnp as any things I want exposed I know enough to do it myself and it's such a rare phenomenon that the relative tedium is acceptable. Such a feature would be of great use to those lacking that degree of experience or putting gobs of enabled services on a network, but I don't need it so I haven't looked into it.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
12. Re:So why totally open this port... by Anonymous Coward · 2019-01-03 01:31 · Score: 0
  
  So perhaps uPNP should mean "universal poke 'n pwned"?
13. Re:So why totally open this port... by thegarbz · 2019-01-03 02:49 · Score: 1
  
  uPNP is simply retarded and shouldn't exist.
  I agree. We shouldn't have broken the internet with NAT, we should have adopted IPv6 over a decade ago. Unfortunately what we have is known as trying to make do with a shitty situation.
14. Re:So why totally open this port... by Rob+Y. · 2019-01-03 03:17 · Score: 1
  
  There's something like this on my new Netgear router. I have uPnP disabled on there, and when I went to connect my DVD player, it gave me a message to go to the router and press some button to allow it to connect. I forget what that security measure was called, but does it fit the bill?
  
  --
  Posted from my Android phone. Oh, I can change this? There, that's better...
15. Re: So why totally open this port... by c6gunner · 2019-01-03 11:41 · Score: 1
  
  You have a 6 digit UID, and you don't know the difference between UPNP and WPS?
  No, it's not even remotely the same thing. The only thing they have in common is that they're both insanely bad ideas if you care about security.
16. Re: So why totally open this port... by c6gunner · 2019-01-03 11:50 · Score: 1
  
  No, Chromecast doesn't require you to be signed into your account. You can set it up to prevent unauthorised users from streaming to it, but it doesn't do that by default. Plenty of people leave it completely unsecured. Mine is unsecured because I like the convenience of my guests being able to instantly connect to it. But I also have UPNP disabled on my router, so I'm not worried about anyone accessing it from outside my network.
17. Re: So why totally open this port... by c6gunner · 2019-01-03 11:53 · Score: 1
  
  Yeah, insecure devices being accessed via UPNP is way worse than insecure devices connected directly to the net via their own IPV6 address!
18. Re: So why totally open this port... by thegarbz · 2019-01-03 21:41 · Score: 1
  
  Yeah, insecure devices being accessed via UPNP is way worse than insecure devices connected directly to the net via their own IPV6 address!
  You are completely right. the UPNP hack has the knock on effect of breaking firewalls. If every device had it's own IPv6 address we wouldn't need the hack and our routers and firewalls could adequately mitigate this issue.
  Oh you were being sarcastic? Well in that case you're wrong.
19. Re:So why totally open this port... by bickerdyke · 2019-01-07 03:29 · Score: 1
  
  But that wouldn't make it a chromecast problem at all but rather a malware on-some-other-platform problem.
  I agree with your uPNP assesment as we even have TWO uPNP problems here:
  the uPnp problem that allows anyone to open a port forwarding without any authentification and the uPNP/DLNA problem that allows anyone to discover and control AV equipment without any authentification.
  On the other hand: NAT was never meant as any level of protection. It's disability to open ports rendered several protocols useless behind a NAT (MS Netmeeting, some early VPN, FTP, any online multiplayer games that required one of the players doubling as a game server, ICQ and IRC file transfer) and was seen as a huge problem and something to avoid if you could get hold of enough static IP adresses for your LAN machines..
  
  --
  bickerdyke
20. Re: So why totally open this port... by bickerdyke · 2019-01-07 03:37 · Score: 1
  
  No firewall was broken here. NAT is NOT a firewall and should NOT be considered as a security measure. The firewall-like behaviour is a side-effect that should not be relied on even though it has the same effect as you probably would configure an actual home-use firewall (everything out and nothing in)
  
  --
  bickerdyke
21. Re: So why totally open this port... by thegarbz · 2019-01-07 04:56 · Score: 1
  
  No firewall was broken here. NAT is NOT a firewall and should NOT be considered as a security measure.
  The fundamental purpose of UPnP is to open ports through routing gear. Your claim that no firewall is broken here is a distinction without a difference for the consumer whose sole device incorporates the firewall and NAT in the same piece of equipment managed by a common UPnP interface.
  As for NAT being NOT a firewall, I caution against the use of capitals. NAT may not be a firewall in a fundamental sense but without statefull packet inspection and with a lack of knowledge of what to do with incoming packets that don't match any current states or any current routing rules it behaves identically to a firewall for all intents and purposes, albeit a very simple one.
  Firewall like behaviour is not a side-effect of NAT. NAT is side-effect of certain firewall features.
22. Re: So why totally open this port... by bickerdyke · 2019-01-07 06:25 · Score: 1
  
  Well I agree (and already did) on the identical behaviour, but NAT was used to hook up your roommates PC to one dialup. In the late 90s you wouldn't even think of anything else but hooking up your PC directly to the Internet. (think of the AOL era...)
  Your company network probably had a firewall, but as likely enough public IP adresses for every workstation.
  But I guess we can agree on the technical aspects and that this is rather a historical question.
  
  --
  bickerdyke
Complain to Google by magarity · 2019-01-02 12:31 · Score: 1

Does YouTube not have a way to fine or otherwise punish this twerp for promoting himself like this?
1. Re:Complain to Google by vux984 · 2019-01-02 12:37 · Score: 1
  
  What makes you think PewDiePie is behind it?
  I mean sure he's got motive and its possible. But I could see any number of fans doing this entirely on their own too. Or any number of haters too for that matter.
2. Re:Complain to Google by Anonymous Coward · 2019-01-02 12:56 · Score: 0
  
  He's colluding with the Russians! He's Vladimir Putin's puppet! He's anti-LGBTQWERTYUIP and hates us marginalized peoples!
  There, I ranted for all you liberal idiots, so now you don't have to.
3. Re: Complain to Google by Anonymous Coward · 2019-01-02 13:14 · Score: 0
  
  So all I have to do to ban a youtuber I despise is "hack" some IoT stuff and spam their channel name? Awesome.
4. Re:Complain to Google by dissy · 2019-01-02 13:32 · Score: 1
  
  At this point it's already a meme for anyone and everyone to add "subscribe to pewdiepie" as a joke.
  The time to accuse him has long since past.
  PS, subscribe to magarity!
5. Re:Complain to Google by rtb61 · 2019-01-02 16:02 · Score: 1
  
  More likely a wide spread attack to gain media attention across a broad spectrum and used to force new corporate crack downs, mass censorship via the end of net neutrality. Corporations have the right to declare you a digital non-person, no internet access, no electronic payments of any form, no digital IDs, a non-person for all those who do not bend and scrape to corporate demands.
  
  --
  Chaos - everything, everywhere, everywhen
6. Re: Complain to Google by Anonymous Coward · 2019-01-02 16:43 · Score: 0
  
  "anti-LGBTQWERTYUIP"
  The preferred term is GayBLT.
7. Re:Complain to Google by Anonymous Coward · 2019-01-03 02:49 · Score: 0
  
  I think you mean you helped throw shade on russia's colluding so people think it didn't happen. Russia Puppet
No one should profit from crime by Anonymous Coward · 2019-01-02 12:33 · Score: 1

So the obvious thing would be to unsubscribe from PewDiePie on mass
Failing that just terminate the account altogether.
1. Re:No one should profit from crime by Anonymous Coward · 2019-01-02 12:42 · Score: 0
  
  That's en masse, genius.
2. Re:No one should profit from crime by Anonymous Coward · 2019-01-02 12:56 · Score: 0
  
  *Whoosh* Your sarcasm detector seems to be broken.
3. Re:No one should profit from crime by Anonymous Coward · 2019-01-02 14:06 · Score: 0
  
  English is not my native language you dip shit.
4. Re:No one should profit from crime by DontBeAMoran · 2019-01-02 14:36 · Score: 2, Funny
  
  It's called a dip switch, you moran.
  
  --
  #DeleteFacebook
5. Re:No one should profit from crime by omnichad · 2019-01-03 04:45 · Score: 1
  
  That's fine. It's French.
6. Re:No one should profit from crime by Farmer+Tim · 2019-01-03 05:03 · Score: 1
  
  “En masse” is French.
  
  --
  Blank until /. makes another boneheaded UI decision.
7. Re:No one should profit from crime by Phil+Urich · 2019-01-03 10:04 · Score: 1
  
  Whatta maroon!
  
  --
  I remember sigs. Oh, a simpler time!
Maybe they should have pushed CP to the chromecast by Anonymous Coward · 2019-01-02 12:34 · Score: 0

I bet that after that some manufacturers will finally take security seriously.
8 y34r old army wins again by Anonymous Coward · 2019-01-02 12:45 · Score: 0

iTS' bett3r than being hacked by CH1n4.
1. Re:8 y34r old army wins again by Anonymous Coward · 2019-01-02 12:56 · Score: 0
  
  Who the fuck is Chonenfour?
2. Re:8 y34r old army wins again by MikeDataLink · 2019-01-02 13:10 · Score: 1
  
  iTS' bett3r than being hacked by CH1n4.
  That would be "Giiiina". Everybody knows this. Everybody agrees.
  
  --
  Mike @ The Geek Pub. Let's Make Stuff!
3. Re:8 y34r old army wins again by fbobraga · 2019-01-02 22:02 · Score: 1
  
  Everybody knows this. Everybody agrees.
  I don't agree. Several other people don't, either.
  
  * Red danger! Cold War feelings...
3 points by Anonymous Coward · 2019-01-02 12:46 · Score: 1

1) DISABLE UPNP NOW! It has to be one of the largest security risks possible on a home network.
2) Shame on google for using UPnP to forward a port that allows remote control of the chromecast device. What purpose does this serve?
3) Can PewDiePie just go away already? If you can't keep your subscriber count up by posting worthwhile content then just go away. Youtube should revoke all the subscribers him and his ilk have managed to gain for him by spamming and ramming PewDiePie down everyone's throat.
1. Re: 3 points by Anonymous Coward · 2019-01-02 13:00 · Score: 0
  
  Whoever it is obviously has nothing to lose. They must care nothing for their reputation, content, or future
2. Re:3 points by Anonymous Coward · 2019-01-02 14:09 · Score: 1
  
  He gained more subscribers when the Wall Street Journal wrote a front page column about him because he told a Hitler joke. Blame them.
3. Re:3 points by Junta · 2019-01-02 14:38 · Score: 2
  
  1) I think Upnp could be useful, but it would only be useful for generating a selection of services to add on the router through some interface (it's web page or a phone app with notifications), rather than auto-granting. Having true peer to peer technologies without blessed cloud intermediaries would be nice.
  2) It sounds like they don't request that port be forwarded, but malware running on the same network segment is sending upnp packets on behalf of detected chromecasts to make them internet accessible, which circles around to point 1.
  3) While I do not particularly think PewDiePie is a particularly worthwhile source of content, odds are against him being in any way responsible for this campaign and instead someone else who finds it amusing to spam about PewDiePie for whatever reason.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
PewDiePie needs to let's play don't drop the soap by Anonymous Coward · 2019-01-02 12:54 · Score: 0

PewDiePie needs to let's play don't drop the soap
PewDiePie can pay for an private attorney an publi by Joe_Dragon · 2019-01-02 12:55 · Score: 1

PewDiePie can pay for an private attorney an public defender may be to over worked to put up a good case.
under hacking / other laws PewDiePie is guilty of by Joe_Dragon · 2019-01-02 13:05 · Score: 1

under hacking / other laws PewDiePie is guilty of an crime? and seeing how he makes an profit off of this and maybe even theft of services as some people are changed for data usage.
Birds of a feather... by Anonymous Coward · 2019-01-02 13:05 · Score: 0

These kids are still nothing but s'kiddies, but hey, clickbait is clickbait. And BeauHD likes the "hackers!" clickbait too.
Host files by 110010001000 · 2019-01-02 13:12 · Score: 0

Can this hack be prevented through the use of HOST FILES?
1. Re:Host files by Anonymous Coward · 2019-01-02 13:27 · Score: 0
  
  Yes it could. Just set youtube.com to 127.0.0.1
  What was that *woosh*? Felt like a jet flying by.
Re:under hacking / other laws PewDiePie is guilty by Anonymous Coward · 2019-01-02 13:20 · Score: 0

Kinda hard to charge PewDiePie for the actions of HackerGiraffe and j3ws3r. Also, they basically just included an ad for his channel in a notification about an insecure device.
For what it's worth... by Anonymous Coward · 2019-01-02 13:24 · Score: 0

1. That's somewhat of a benign way to find out that you're vulnerable to a specific attack vector. 2. While PewDiePie is definitely obnoxious, the present culture of deplatforming is an order of magnitude worse. It's the soft version of the 'societal score' that China gives people atm, and to be quite fucking honest, there are very few people who can be bothered to pay attention to this particular culture war.
Re:under hacking / other laws PewDiePie is guilty by dissy · 2019-01-02 13:35 · Score: 1

by Joe_Dragon ( 2206452 )
under hacking / other laws PewDiePie is guilty of an crime?
Subscribe to Joe_Dragon!
So under hacking laws, is Joe_Dragon guilty of a crime? If so, lets hope the above meme doesn't catch on for your sake.
Re:under hacking / other laws PewDiePie is guilty by Anonymous Coward · 2019-01-02 13:40 · Score: 0

only if he willfully and knowing endorses the actions
Real hackers promote the l0de radio hour by Anonymous Coward · 2019-01-02 14:05 · Score: 0

not swedish douche
Re:under hacking / other laws PewDiePie is guilty by Anonymous Coward · 2019-01-02 14:08 · Score: 0

I am Joe_Dragon and I approve this message
Opposite take, liking the vulnerability exposure by SuperKendall · 2019-01-02 14:57 · Score: 4, Insightful

I really don't care to watch PewDiePie at all (I tried a little, once).
However the actions of his hacking subscription army exposing the absolute dismal state of the Internet Of Thangs has me absolutely cheering him on and wishing for more, and more and more similar activity until even the least technical person says "wait a minute" to installing new network connected devices.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Facepalm .... by Anonymous Coward · 2019-01-02 15:58 · Score: 0, Insightful

The hack takes advantage of a router setting that makes smart devices, like Chromecasts and Google Homes, publicly viewable on the internet
And this is what is wrong with the internet, these devices require shit like this.
No, fuck you and your smart device which demands an insecure network.
Fucking hell people are idiots. Publicly viewable on the internet? Really? Is this 1998?
1. Re:Facepalm .... by Anonymous Coward · 2019-01-03 02:48 · Score: 0
  
  And this is what is wrong with the internet, these devices require shit like this.
  Perhaps, but only on the internal interface. There is no reason at all to have uPnP enabled on a publicly facing interface.
Re:PewDiePie can pay for an private attorney an pu by Anonymous Coward · 2019-01-02 16:30 · Score: 0

an private attorney an public defender may be to over worked
Someone call the cops, this guy's had his skull smashed in with a meat tenderizer.
Re: THERE WILL ALWAYS BE CONSEQUENCES NAZI KEN DOL by Anonymous Coward · 2019-01-02 16:38 · Score: 0

Nazi troll is trolling like a nazi
Re: PewDiePie needs to let's play don't drop the s by Anonymous Coward · 2019-01-02 16:46 · Score: 0

Yay gulag!!!1!! Moar gulag now!!!?!!!?!!
Re:PewDiePie can pay for an private attorney an pu by Anonymous Coward · 2019-01-02 20:29 · Score: 0

PewDiePie can pay for an private attorney an public defender may be to over worked to put up a good case.
He can't pay for bodyguards for all of the little shits that pay his wages, and this will turn out to be his weakness.
Re:under hacking / other laws PewDiePie is guilty by Anonymous Coward · 2019-01-02 23:02 · Score: 0

YOUTUBE NEED TO BAN PEWDIESHIT IMMEDIATELY
this a$$hole even promote all those hacks in his videos, he is the new internet cancer and spreads more and more hacks
Heh by Anonymous Coward · 2019-01-03 00:17 · Score: 0

"hackers"
Funny how much money PewDiePie makes from ads on his channel.
Bet these are a couple of hired guys.
UPnP Strikes Again by Anonymous Coward · 2019-01-03 00:27 · Score: 0

Here we go again. Thanks UPnP!
- ViXiV Technologies
Can't he just fuck off ? by Anonymous Coward · 2019-01-03 01:05 · Score: 0

I've never watched his channel, but all I see are reports of these pathetic attempts to get people to watch him and the occasional attempt mention of his supposedly ironic racism (hey, it's still racism).
Sorry, but how can youtube keep facilitating this sort of thing ? (for the $).
Remember when google had was all about "don't be evil" ?
That seems like a long time ago now.
Pitiful by Anonymous Coward · 2019-01-03 01:39 · Score: 0

What disturbingly pathetic losers, risking jail to massage the fragile ego of self promoting flunkee.
Legacy connected devices... why? by Anonymous Coward · 2019-01-03 03:38 · Score: 0

Why would one buy a connected device and connect it to the internet? It's legacy and will be unpatched after a year or two.
That smart fridge you bought may last 10 years which is 8 years longer than any security fixes.
Anti-pollution and buying excessive amounts of electronics are in contradiction.
1. Re:Legacy connected devices... why? by bickerdyke · 2019-01-07 03:20 · Score: 1
  
  Why would one buy a connected device designed to play internet videos and not connect it to the internet?
  
  --
  bickerdyke
Re:Opposite take, liking the vulnerability exposur by sg_oneill · 2019-01-03 04:01 · Score: 1

Yeah I tried once, just so I could work out what the f*** the kids where on about.
Nope, definately a dad moment for me. Like , 30+ years ago my father being genuinely mystified as to why I liked Iron maiden so much when the Beatles and Elvis where soooooo hip! Yeah, thats me, 30+ years later wondering what the hell the little ones see in this jibbering incoherent walking-mess of a man playing video games.
Oh well, one day she'll have her own kids and be baffled as fuck at them. I guess its the cycle of life.
But I guess if people actually go and check their router settings, thats something resembling a net positive in the state of affairs

--
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
Is this really related to Chromecast? by Anonymous Coward · 2019-01-03 04:25 · Score: 0

It sounds like it isn't Chromecast that opens the port, it's some other malware that the user downloaded and executed on a different computer.
It's just that once the attacker got the victims to run their malware (why do people just run whatever the fuck you give them?!) it chose the Chromecast to use to demonstrate the compromise to the user. But it could have been any other service that the user happens to have on their LAN. Chromecasts are "neater" to exploit, though, in the sense that the victim will see a physical manifestion right away, on the particular black mirror that they happen to gaze at most often.
1. Re:Is this really related to Chromecast? by omnichad · 2019-01-03 04:49 · Score: 1
  
  While the primary problem is that UPnP doesn't require approval, the secondary problem is definitely that Chromecast doesn't authenticate incoming connections in any way.
Re:Opposite take, liking the vulnerability exposur by Anonymous Coward · 2019-01-03 04:57 · Score: 0

It's all about the memes now, Pewds doesn't play games much anymore.
What piss me of the most by Anonymous Coward · 2019-01-07 23:57 · Score: 0

Is both /. and theVerge articles (I know /. is aggregator) both dont even tell what the vulnerability is and how people are affected... I had to look it up elsewhere to find what the stupid vulnerability is... UPNP if anyone wondered... but bad implementation so if you own cheap wifi equipment I guess you're probably vulnerable.