Two hackers have hacked into thousands of Google Chromecasts and broadcast propaganda for YouTube celebrity PewDiePie. The hackers who went by the handles @TheHackerGiraffe and @j3ws3r had also put up a website showing data on the so called “CastHack”. At its peak, the site showed that a total of 72,341 devices had been compromised. As of right now, both hackers have deleted their Twitter account and also removed the website. They released a public statement on Pastebin saying claiming they were retiring from the hack, saying they were concerned about prosecution and other threats. The hackers claimed that they were trying to expose the security vulnerability in the system and to encourage users to secure their devices.
If #Pewdiepie is suddenly starting to play on your Smart TV, don’t wonder – disable UPnP at your router. A live hack ist going on. More then 4.500 Smart TVs, Google Home & ChromeCastdevices are exposed right now, numbers going up. #casthackhttps://t.co/F6iDI8rTjj pic.twitter.com/LFINJVow6q
— Svea Eckert (@sveckert) January 2, 2019
The hackers have maintained that they had no malicious intent in mind. But they did reveal what could have been done on these exposed devices. They claimed that it would be possible to collect all sorts of personal information from people’s homes. Like what Wi-Fi network the Chromecast is connected to, what Wi-Fi networks has it been connected to in the past, or what bluetooth devices has it been paired with. Furthermore, it would also be possible to do all sorts of things like rename systems, force reboot the device or force pair the device. Not to mention, play media files, which is what the hackers did with the PewDiePie broadcast.
Are we forgetting that HackerGirrafe primarily did that mass printer hack to show how vulnerable the devices were and only tacked on PewDiePie as a joke to show that he wasn't seriously going to do any harm, just spread awareness?
— DuskQuill Team (@DuskQuill_Team) January 4, 2019
This isn’t the first time TheHackerGiraffe has made the news. He was also previously involved in another hack involving printers. He had hacked into thousands of printers and printed pages of PewDiePie support. The HackerGiraffe has however maintained that he only uses PewDiePie as a joke and that his main objective has always been to expose vulnerability in devices.
When asked what they were planning to expose next, TheHackerGiraffe made the following statement:
“I don’t think I’ll go for anything else. The amount of threats I get, just isn’t worth public awareness. But if I don’t do it the way I do, who will fix their things? How will you force a company to act on it’s vulnerable products? Releasing blog posts and research papers doesn’t do much… unlike actual hacks.”
But not exactly a Chromecast related issue?
The hackers chose mostly inoffensive PewDiePie videos to broadcast during this hack. Several users however still sent reports to Google regarding the tampering of their Chromecast streaming devices. A spokesman from Google sent an email statement to Forbes regarding the Company’s response to these hacks:
“This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable.”
Google has made a suggestion to its users on how to avoid such hacks in the future. It has asked users to turn off a protocol called the Universal Plug and Play (UPnP). The company provided detailed guides regarding how to turn it off. But it also warned users that this protocol makes it easy for devices such as printers or game consoles to connect to routers. So turning it off could stop those devices from functioning properly.
The Hackers also made similar claims regarding the security vulnerability of devices with open UPnP protocols. According to them over 2 million devices were exposed due to open UPnP systems. The hackers also claimed that as a result of their “exposure”, a lot of people were updating their systems.