Hackers Exploit Chromecast UPnP Router Vulnerability on Smart TVs

Funny story really, Swedish video-game vlogger PewDiePie got some unexpected help boosting subscription numbers when hackers took over Chromecast devices to promote his channel.

So basically a router setting that makes smart devices, like Chromecasts and Google Homes, publicly viewable on the internet. The attackers are then able to gain control of the devices and broadcast videos on a connected TV.

The 'CastHack' is being conducted by two hackers, HackerGiraffe and j3ws3r. The main hacker behind this hacking campaign explained on Twitter that CastHack takes advantage of users who use incorrectly configured routers that have the UPnP (Universal Plug'n'Play) service enabled, service which forwards specific ports from the internal network on the Internet.

The ports are 8008, 8009, and 8443, which are normally used by smart TVs, Chromcasts, and Google Home for various management functions. The devices expose these ports on internal networks, where users can send commands from their smartphones or computers to the devices for remote management purposes. But routers with incorrectly configured UPnP settings are making these ports available on the internet.

A website for the attack claims to count the number of TVs forced to show the PewDiePie message and currently says more than 3,000 have been affected. The best way for affected users to fix the issue is to turn off Universal Plug and Play (UPnP) on their routers. The can also make sure UPnP doesn't port-forward ports 8008, 8009, and 8443.

HackerGiraffe said their attacks are more about exposing vulnerabilities than promoting Kjellberg’s channel. “We want to help you, and also our favorite YouTubers (mostly PewDiePie),” their website reads. “We’re only trying to protect you and inform you of this [vulnerability] before someone takes real advantage of it.