Has your Chromecast stick ever played YouTube videos all of a sudden without you asking it to? You may have been the victim of something called CastHack – which is one of the latest Chromecast hacks.
We will clarify what exactly this is all about and how you can protect your Chromecast adapter against attacks.
Chromecast hacks exploit vulnerabilities
There has been a recent security hole, under the name of CastHack, where hackers can take over your Chromecast stick. “Hackers Giraffe” and “J3ws3r” are the pseudonyms of the hacker responsible for the attacks. It exploits a vulnerability and disconnects the Chromecast adapter from your home network and then plays videos from the YouTuber PewDiePie.
The good news is that the hackers do not seem to pursue evil intentions with CastHack. According to their own statement, they only want to draw attention to the vulnerability in the Chromecast-Stick and support their favourite YouTuber.
Nevertheless, the vulnerability in Google Chromecast should not be taken lightly, because it shows that many IoT( Internet of Things ) devices are accessible over the Internet and are therefore vulnerable. After all, Google is already working on an update for the streaming stick.
How does the Chromecast hack work?
In the meantime, the hackers have found over 100,000 Chromecast sticks that can be accessed over the Internet. The problem with this is that once the streaming sticks are accessible over the Internet, they are vulnerable to attacks. This is mainly because many routers have Universal Plug-and-Play (UPnP) enabled by default. It allows devices within the same network to communicate with each other.
However, some routers can also use UPnP to open ports on their own to handle requests from the Internet. This is where the problem lies, as it allows hackers to access IoT devices such as streaming sticks relatively easily.
CastHack: Not the first attack on the Chromecast stick
CastHack is not the first attack on the Chromecast stick. Back in 2013 the first ever Chromecast was released and shortly after, in 2014 the first Chromecast was successfully hacked. Ken Munro, who founded Pen Test Partners says there’s no surprise that somebody else stumbled on to it. While attackers with such Chromecast hacks typically can not access Wi-Fi passwords, Google Accounts, or other devices on the network.
Chromecast adapters accessible via the Internet, nevertheless transmit all kinds of information over the network. In addition, hackers could also reset your Chromecast stick and make it play media content without you wanting to. Even audio signals can be played during an attack, with which language assistants such as Google Home or Amazon Alexa can also be activated.
This is how you protect yourself from the Chromecast hacks
But what is the best way to protect yourself from Chromecast hacks like this? Since the security hole is directly in the Chromecast stick, you have to wait until Google publishes an update. Basically, you should disable UPnP in your router’s settings if possible. Need help setting up your home network? Then your TrustATec specialist will help you on-site and take care of the complete security of your network .