Some hackers (two, to be exact), boasted today on Twitter of having managed to “hack” more than 70,000 Google Chromecast, the device for relaying content of the Great G. When captured, it showed a screen warning that he was being exposed “to the public Internet” and showing “sensitive information about you”. They also urged subscribing to the PewDiePie channel, but that’s another matter.
Those responsible say that the underlying idea was not to promote the channel of the well-known youtuber but to alert of a security failure in the Google Chromecast, although in fact, it has to do more with the configuration of the router than with the device itself.
How to prevent them from capturing your Chromecast
The exploit used by j3ws3er and hackergiraffe, as the subjects are called, is able to get access to the Chromecast and, thus, allow the playback of content remotely, rename the device, reset it or forget all the WiFi keys.
It is not that the Chromecast is not safe (although it has already been alerted on some occasion about an exploitable vulnerability), but it has to do with the Universal Plug and Play protocol, better known by its acronym UPnP.
This system allows the devices to open and close ports autonomously to modify the connection depending on the needs. It is especially useful for online games to have an optimal open Network Address Translation (NAT) and improve the stability of the connection. According to Google:
“We’ve received reports from users who have seen an unauthorized video played on their TVs through a Chromecast device.” This is not a specific Chromecast problem but is the result of the router’s configuration, which makes smart devices, including Chromecast, are publicly accessible To restrict the ability to play external videos on their devices, users can disable Universal Plug and Play (UPnP). ”
So, to disable UPnP, simply access the internal configuration of the router by typing the address “192.168.1.1” (without the quotes) in the search bar and enter the access credentials. Once inside, you will have to look for the corresponding section. In my case, I have an Orange Livebox router, the access is in Advanced configuration > Network configuration > UPnP, although it will vary depending on the one you use.
Once there you will see that the box is checked, so you only have to deactivate it and save the configuration. Once this is done, the Chromecast will lose the possibility of opening ports autonomously and will not be able to access it in theory.
Via | Techcrunch