A pair of hackers have hijacked Google Chromecasts and called on their owners to follow YouTubers PewDiePie. The hackers, known as HackerGiraffe and j3ws3r, are estimated to have accessed more than 70,000 devices so far with the exploit, according to the CastHack website the hackers launched (via The Verge).
Affected Chromecasts cast a message stating their device is exposing sensitive information about them and advising owners to visit the CastHack page for more information. The page was live during the writing of this article but currently can’t be reached. In addition to displaying the CastHack URL, the message also suggested that users subscribe to PewDiePie.
The exploit targets a router setting that makes smart home products viewable on the internet. With Chromecast access gained, the hackers can “remotely play media on your device, rename your device, factory reset or reboot the device, force it to forget all Wi-Fi networks, force it to pair to a new Bluetooth speaker/Wi-Fi point, and so on,” it said on CastHack. Folks have also taken to Reddit to talk about their hacked devices.
Google has said it isn’t to blame for the attack, but that it’s the fault of the individuals’ routers. Both Google and HackerGiraffe have said the best way to fix the issue is to turn off “Universal Plug and Play (UPnP)” in their routers’ settings, said The Verge.
Despite advocating the YouTube stars’ pages, HackerGiraffe said promoting PewDiePie wasn’t the main purpose of the attack. Rather, the hacker said it was to expose the product’s vulnerabilities and remind Google of security flaws.
Reportedly, the hackers don’t harvest or save any information accessed during the attack, they just rename devices. Still, well-meaning or not, seeing the hack message pop up on a TV must be a very unsettling experience for the people affected.