Chromecast Hack: One part stupid, one part funny [Updated]

A security flaw in Google’s Chromecast allows malicious types to take over your tiny streaming dongle. The odds are against it, though, and the payback tends towards the silly rather than malicious. Update: Or possibly not. It may be a little bit more worrying than that.
The exploit works because the Chromecast has an unusual reaction to being sent too many data packets of a specific type across a Wi-Fi network. It resets itself, and that’s not a question of just restarting. This is a reset back to configuration mode, at which point the attacker could (in theory) stream whatever they liked to your Chromecast-connected TV.
The analyst who discovered the flaw went as far as to build a proof of concept hacking machine. Dubbed the RickMote — because the analyst’s choice of video is the evergreen Rick Astley’s “Never Gonna Give You Up” — it’s built on top of a Raspberry Pi, and takes over a Chromecast on a local Wi-Fi network to play Astley’s most infamous hit.

Just in case you were unfamiliar with it, he lied.

Here’s a video of the RickMote controller in action

Now, before you run to your TV to tear your Chromecast out in blinding terror, it’s worth considering that the attack relies on a RickMote (or other hacking device) already being on your WiFi network.
If they’re already on your network and they’re malicious, you’ve got much bigger problems to deal with. As such, as hacks go it’s more on the silly than genuinely worrying side.
Update: Or possibly not. As Patrick Gray from the excellent Risky.Biz pointed out to me, it’s theoretically possible to send the necessary de-auth packets from an external network. That’s more of a problem, albeit one that’s still constrained by the limitations of what a Chromecast can actually do.

At least until this gets involved. Then somebody is going to suffer.

Source: BishopFox via TechCrunch

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.