قالب وردپرس درنا توس
Home / Technology / Dual UPnP Chromecast Exploitation allows Hacker to hijack devices, force any YouTube video to play

Dual UPnP Chromecast Exploitation allows Hacker to hijack devices, force any YouTube video to play



And Google Chromecast Ultra.
Photo: Gizmodo

Hackers have discovered an error that allows attackers to take control of Google's Chromecast Media Streaming player, which makes it possible to force the device to play a YouTube video they want ̵

1; including custom-made videos, "TechCrunch reported on Wednesday.

The error exploits a well-known vulnerability (routers that have Universal Plug and Play [UPnP] enabled by default, expose devices to a wider web network) and an apparent error in Chromecast's design allows anyone who has access to the device to "hijack the media stream and show what they want" without authentication, wrote TechCrunch. The site added to the latter error has been known for many years since it was discovered by security researchers: [19659005] Bishop Fox, a security consulting firm, first found the error in 2014, not long after Chromecast's debut, researchers found that they could perform a "deauth" attack disconnecting from Chromecast one from the Wi-Fi network it was connected to, and caused it to return to its out-of-the-box state, waiting for a device to tell you where to connect and what to stream. That's when it can be hijacked and forced to stream whatever the captain wants. All of this can be done at a glance – as they did – with a touch of a custom-built handheld remote.

Two years later, British cyber security company Pen Test Partners discovered that Chromecast was still vulnerable to "deauth" attacks, making it easy to play content on the neighbor's Chromecasts in just a few minutes.