On Wednesday, a hacker duo hijacked thousands of Google’s Chromecast streaming adapters, Google Home smart speakers and smart TVs with built-in Chromecast technology to play a video urging users to subscribe to Swedish Youtuber ‘PewDiePie’s’ Youtube channel. The hacked smart TV’s also displayed a message on the similar lines. The hackers behind this hacking campaign –codenamed CastHack– are known on Twitter as TheHackerGiraffe and j3ws3r.
The attack took advantage of badly configured routers to find streaming devices exposed to the public internet. Once found, the hackers renamed the device’s Wi-Fi name, and then played a PewDiePie Youtube video. A website detailing the hack lists the statistics on the number of devices forced to play the video, total renamed devices, total exposed devices and much more.
The website shared some of the information the hackers had access to, including “what WIFI your Chromecast/Google Home is connected to, what bluetooth devices it has paired to, how long it’s been on, what WiFi networks your device remembers, what alarms you have set, and much more.” However, they state that “We’re only trying to protect you and inform you of this before someone takes real advantage of it. Imagine the consequences of having access to the information above.” They further added that “We want to help you, and also our favorite Youtubers (mostly PewDiePie)’.
According to Variety, the attack was part of a marketing campaign- “Subscribe to PewDiePie”-that fans of the Swedish video-game streamer and vlogger have been engaged in since late last year. The goal of that campaign is to defeat the Indian Youtube channel T-Series for the title of ‘Youtube’s most popular channel’ by gaining more subscribers than the latter.
How did the attack take place?
The attack exploited a Chromecast bug allegedly ignored by Google for almost five years. According to ZDNet, the ongoing CastHack takes advantage of users who use incorrectly configured routers that have the UPnP (Universal Plug’n’Play) service enabled, a service which forwards specific ports from the internal network on the Internet. The ports are 8008, 8009, and 8443, normally used by smart TVs, Chromecasts, and Google Home for various management functions.
The streaming devices expose these ports on internal networks, where users can operate them by sending commands from their smartphones or computers to the devices for remote management purposes. Routers with incorrectly configured UPnP settings make these ports available on the internet.
This allowed FriendlyH4xx0r to scan the entire internet for devices with these ports exposed. Once devices are identified, the hacker said another script renames the devices to “HACKED_SUB2PEWDS_#” and then tries to autoplay a video (now taken down by Youtube) to promote PewDiePie’s channel.
A Google spokesperson, told Variety via email: “To restrict the ability for external videos to be played on their devices, users can turn off Universal Plug and Play (UPnP). Please note that turning off UPnP may disable some devices (e.g. printers, game consoles, etc.) that depend on it for local device discovery.”
This is the second time that HackerGiraffe and j3ws3r have teamed up to promote PewDiePie’s channel. Both said they were behind a hack in November that forced printers around the world to print out sheets of paper telling people to subscribe to PewDiePie.
Why are local printers being hacked for this pic.twitter.com/fAnNTIp6ds
— madison. (@maddybenavente1) November 29, 2018
You can head over to The Verge for more insights on this news.