Tens of Thousands of Chromecasts Hijacked; Promote PewDiePie

Hackers have compromised more than 50,000 Chromecast devices, Google Home smart speakers and Smart TVs using Chromecast using a five year old bug that Google knows about but chose not to fix.

The attack puts a warning on the TV that the Chromecast is attached to saying it was hacked.  This obviously is being done to get Google’s attention and not do any damage.  Bad peops may not be so altruistic.

The hack would allow bad guys to collect information like what devices have been connected to your Chromecast or Google home device, which Bluetooth devices it is paired with, play media of the attacker’s choice (including objectionable content), reset or reboot the device, force it to forget all networks or make it connect to new networks.  Probably other stuff too.

This all comes about because the devices are exposed to the Internet using that dumpster fire that Microsoft promoted for years called universal plug and play (UPnP).  UPnP allows a device to open a connection to the Internet via your firewall if the firewall is configured to allow it, WHICH IT SHOULD NOT BE (or at least, that is what I say).

To see if your firewall/router is configured to allow UPnP (note to reader JW–I got your message about tools 🙂 ), go to Steve Gibson’s wonderful site at https://www.grc.com . Unfortunately, I can’t send you a direct link because of the way the site is coded, so once you get to the site do this:

  1. Hover over services at the top of the page and then click on Shields up, which is a great free security tool.
  2. Click on PROCEED.
  3. Click on the big yellow box labelled GRC’s instant UPnP Exposure test
  4. If you get a green box at the end of the test, you are safe.
  5. Anything else and you need to change the configuration of your router or firewall and then retest.  You may need the help of your ISP to fix this.  Hopefully yours will be safe :).
  6. It is important to understand that some games assume that UPnP works, so you will have to manually make a hole in your security for those games, but that, while a pain, is much safer since only you will open holes that might let bad people in.

These folks are the same crowd that hacked 50,000 printers last year.

Both attacks include an ad for YouTuber PewDiePie.

Clearly if they were malicious, this would not be pretty, but now that the cat is out of the bag either throw away your Chromecast devices (not likely) or make the change to your firewall/router.  The next hacker may use those devices to attack the Internet.

If your Chromecast device was exposed because UPnP was on, you may need to contact your support person to help you un-play the device.  It uses ports 8008, 8443 or 8009.

Information for this post came from The Hacker News.


Leave a Reply

Your email address will not be published.