Hackers have discovered a new vulnerability in the Chromecast. This allows them to play videos remotely on your television. Google recommends that users adjust the settings of their router.
Chromecast hack detected: unsolicited videos played
Several thousands of users have been affected by the vulnerability, reports The Verge. Enthusiastic fans of the YouTuber PewDiePie have hijacked the televisions of random users to show a video message. This warns the users that their Chromecast is hijacked, and they must subscribe to the YouTube channel of PewDiePie.
The vulnerability not only hijacks Chromecasts but also incorporates smart TVs with Google Cast technology. These include televisions from Sony Bravia, Philips, and Toshiba.
The hackers use the Universal Plug and Play protocol (‘UPnP’) to break into. This is enabled by default on many (especially older) routers and is used to connect all kinds of internet devices more easily.
It also makes it possible for outsiders to pretend that they are on your network. For instructions on how to disable UPnP on your router, contact your provider.
Google: no fix planned
Google claims that it is not a vulnerability of the Google Chromecast hack, but of the UPnP protocol. The company, therefore, advises users to disable UPnP functionality on their router. That is also something that many security researchers recommend. For the time being, Google does not seem to have plans to roll out a security update itself.
Users do not have to worry about hackers getting personal data through this vulnerability. All the hackers can do is play videos on your Google Cast device. Moreover, the message does not remain permanently in the picture: you can also cast something yourself directly.