The hackers who brought you Printer Hack 1 and Printer Hack 2 have upped the ante with an entirely new hack.
This time they are spreading awareness of the vulnerabilities of our internet-connected devices, under the guise of promoting the YouTube channel of star vlogger Felix “PewDiePie” Kjellberg.
Ethical hackers @HackerGiraffe and @j3ws3r teamed up to exploit a common router setting that forced thousands of Google Chromecast devices, Google Home devices, and smart TVs to broadcast a video and display a message to their unsuspecting owners.
The hackers dubbed their latest stunt CastHack and urged recipients of their message to subscribe to PewDiePie’s YouTube channel, but also (more importantly) to ensure that in future their routers are kept secure from potentially malicious hacks.
Though the hack was directed predominantly at Google devices, the vulnerability isn’t with the Google devices themselves, but rather with a flaw in the Universal Plug and Play (UPnP) settings on certain routers. The weakness in this setting can easily be exploited by a hacker to gain access to and control devices remotely, as well as to expose the user’s sensitive information. The hackers explain that the user can disable UPnP on their routers to patch the vulnerability and prevent an attacker from gaining access to their devices. Additionally, the hackers note that users should stop forwarding ports 8008, 8443, and 8009 if they had been forwarding them.
The message warns device owners that their “Chromecast/SmartTV/GoogleHome is exposed to the public internet, and is leaking sensitive information related to [their] device and home.”
The sensitive information referred to includes, the user’s wifi network name, Bluetooth pairings, and even what alarms the user has set. With this information and access to the device, a hacker can easily “remotely play media on your device, rename your device, factory reset or reboot the device, force it to forget all wifi networks, force it to pair to a new Bluetooth speaker/wifi point, and so on.” The message goes on to provide assurance that a hacker wouldn’t be able to access their personal Google account details using this exploit.
The hackers explain that: “We want to help you, and also our favorite YouTubers (mostly PewDiePie). We're only trying to protect you and inform you of this before someone takes real advantage of it.” Although their stunts may be perplexing or annoying to those affected, their message brings to light the critical importance of making sure your internet-connected devices are secure and protected from any potentially malicious attack.
Not only is it crucial to secure any device you may have connected to the internet, but it is also becoming more and more essential that you use a VPN to protect yourself whenever you go online. Take a look at our comprehensive guide to the best VPN services and learn how they can help you secure your connection and protect your sensitive data from ending up in the hands of malicious hackers.