A couple of dutiful hackers have been hijacking thousands of Google's Chromecast streaming dongles to warn users that the devices can take over, and remotely forced to play any YouTube video on attackers' reports, TechCrunch reports.
The CastHack bug exploits a weakness in the Universal Plug and Play (UPnP) networking standard in some routers, which makes some connected devices – like Chromecasts – accessible on the internet.
The two hackers, who go to the monikers a message warning users about the security flaw. They also encouraged people to subscribe to YouTuber PewDiePie, and even rolled back with a link displayed on screen.
If any of that sounds remotely familiar, it's because Hacker Giraffe is the point behind last month's hijacking or some 50,000 printers worldwide, that saw the devices spit out in message encouraging owners to subscribe to PewDiePie's channel so that he could retain his position as the platform's largest channel by audience (ahead of Indian music label T-Series).
Google customs TechCrunch that the issue isn It's really a Chromecast flaw, but rather one that affects routers. In addition, the bug can be tackled by disabling UPnP on your router. Still, it's worrying that an attack could hijack your Netflix anytime they pleased.
It's not the first time Google's streaming dongle has been compromised. Bugs that allowed remote hijacking were discovered in Chromecasts back in 2014 (shortly after it debuted) and in 2016. Given that these devices are used by adults and children alike, Google would do so further and prevent unauthorized access – even if it's
Published January 3, 2019 – 07:31 UTC