PewDiePie hackers strike again against insecure Chromecasts

null

A security flaw Google's Chromecast device has been exploited by hackers to both raise awareness and as the latest method to get people to subscribe to PewDiePie's YouTube channel.

Google has confirmed the news, which was uncovered by a pair of hackers that go by the names of Hacker Giraffe and J3ws3r, have found a way to trick Chromecast devices into broadcasting any video, YouTube or custom made ones.

So they used this flaw to share a video in which they warn users that their Chromecasts are vulnerable and that private data may be exposed through them. Then, they used the opportunity to promote PewDiePie.

The vulnerability is dubbed CastHack, and apparently it is possible through Universal Plug and Play (UpnP), available on some routers. UPnP forwards ports from the home network to the internet, and the best way to secure your Chromecast (and probably other connected devices, as well), is to disable the feature.

Google's spokesperson said this wasn't an issue with Chromecast, but rather with how people manage their routers.

“We have received reports from users who have had an unauthorized video played on their TVs via a Chromecast device,” a Google  spokesperson told TechCrunch. “This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable,” the spokesperson said.

Image Credit: Anthony Spadafora