Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Are Taking Over Chromecasts To Promote a YouTube Channel (theverge.com)

Posted by BeauHD on from the device-vulnerabilities dept.

In what is being referred to as CastHack, hackers j3ws3r and HackerGiraffe are promoting Felix "PewDiePie" Kjellberg by forcing TVs to display a message encouraging people to subscribe to his YouTube channel. "The hack takes advantage of a router setting that makes smart devices, like Chromecasts and Google Homes, publicly viewable on the internet," reports The Verge. "The attackers are then able to gain control of the devices and broadcast videos on a connected TV." From the report: A website for the attack claims to count the number of TVs forced to show the PewDiePie message and currently says more than 3,000 have been affected. While it's not clear that this is an accurate number (it has reset several times), a number of people posted on Reddit that the video had appeared on their TV. Google tells The Verge it has received reports from people who had "an unauthorized video played on their TVs via a Chromecast device," but said the issue was the result of router settings. Both HackerGiraffe and Google told The Verge the best way for affected users to fix the issue is to turn off Universal Plug and Play (UPnP) on their routers. The two hackers said they were behind a hack in November that forced printers around the world to print out sheets of paper telling people to subscribe to PewDiePie.

3 of 90 comments (clear)

  1. Impressive... by fuzzyfuzzyfungus · · Score: 3, Insightful

    This story of spammers trying to drum up support for the incumbent puerile attention whore of youtube almost makes me think that the Iranian social media crackdown will do them some good.

    And that takes some doing. Good work guys.

  2. Re:So why totally open this port... by dissy · · Score: 4, Informative

    Why does Chroecast open up a port, any port, to the whole wide internet?

    It doesn't. The malware these people ran is what sent the uPNP packet to open holes in their router.

    The same method has been used by malware in the past to open tons of holes in NAT devices that claim to be firewalls, even SMB and remote desktop, iterating internal IPs in turn to try and find a vulnerable windows host.

    uPNP is simply retarded and shouldn't exist. Any user-level software capable of sending a UDP packet can render such a NAT device completely useless as a level of protection that an actual firewall wouldn't allow.

  3. Opposite take, liking the vulnerability exposure by SuperKendall · · Score: 4, Insightful

    I really don't care to watch PewDiePie at all (I tried a little, once).

    However the actions of his hacking subscription army exposing the absolute dismal state of the Internet Of Thangs has me absolutely cheering him on and wishing for more, and more and more similar activity until even the least technical person says "wait a minute" to installing new network connected devices.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley