Hackers have discovered a new vulnerability in the Chromecast. This allows them to play videos remotely on your television. Google recommends that users adjust the settings of their router.
Chromecast hack discovered: unsolicited videos played
Several thousand users have been affected by the vulnerability, reports The Verge . Enthusiastic fans of the YouTuber PewDiePie have hijacked the televisions of random users to show a video message. This warns the users that their Chromecast has been hijacked, and they have to subscribe to the YouTube channel of PewDiePie.
The vulnerability not only hijacks Chromecasts, but also incorporates smart TVs with Google Cast technology. These include televisions from Sony Bravia, Philips and Toshiba.
The hackers use the Universal Plug and Play protocol (‘UPnP’) to break into. This is enabled by default on many (especially older) routers and is used to connect all kinds of internet devices more easily.
It also makes it possible for outsiders to pretend they are on your network. For instructions on how to disable UPnP on your router, contact your provider.
Google: no fix planned
Google claims that it is not a vulnerability of the Google Chromecast, but of the UPnP protocol. The company therefore advises users to disable UPnP functionality on their router. That is also something that many security researchers recommend. For the time being, Google does not seem to have plans to roll out a security update itself.
Users do not have to worry about hackers getting personal data through this vulnerability. All the hackers can do is play videos on your Google Cast device. Moreover, the message does not remain permanently in the picture: you can also cast something yourself directly.