• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

TechEngage®

Connecting mankind with technology

  • News
  • Reviews
  • Cryptocurrency
  • How-to
  • Roundups
  • Science
    • Energy
    • Environment
    • Health
    • Space
  • Apps
  • More
    • Opinion
    • Noteworthy
    • Culture
    • Events
    • Deals
    • Startups
      • Startup Submissions
  • Videos
  • Tools
TechEngage » News » Security

Chromecasts are hijacked by PewDiePie fans, exposing huge security flaw

Fazeel Ashraf Follow Fazeel Ashraf on Twitter Updated: January 13, 2020

Design contains Chromecast 3rd gen
Design by abdugeek | TechEngage
FacebookTweetPinLinkedInPrintEmail

Forget printers getting hacked and informing users to subscribe to PewDiePie, its Chromecast’s turn. A couple of mischievous hackers have exploited thousands of Chromecast devices to promote Swedish YouTuber Felix “PewDiePie” Kjellberg’s channel.

The hackers, known as “HackerGiraffe” and “j3ws3r” found a vulnerability in the router settings of smart devices hooked up to televisions. This vulnerability made Chromecasts and Google Homes publicly visible on the Internet.

HackerGiraffe and  j3ws3r were able to exploit this to broadcast videos on connected televisions. The hackers had discovered 72,341 exposed devices at the time of writing. The hack is known as “CastHack” and the CastHack website is keeping the Internet updated on its success.

PewDiePie hack
via: TheHackerGiraffe

CastHack displays a message instructing viewers to subscribe to PewDiePie and KeemStar, another YouTuber who covers feuds and gossip news. The website also had links to the hackers’ personal Twitter accounts.

It also provides information about the total number of devices renamed as a result of the hack as well as the “Total devices forced to play video,” “Total Google Homes devices,” and “Total SmartTVs/Chromecast devices” that were breached. The hackers exploited the routers’ Universal Plug and Play (UPnP) option. Google has admitted to the hacks.

chromecast hack

The website also had an FAQ section featuring questions like “What is going on?” “What information is being leaked?” and “What can hackers do with this?” HackerGiraffe and j3ws3r  provided information to the people they hacked and gave advice about how they can best protect their devices in the future. The answer: “Disable UPnP on your router, and if you’re port forwarding ports 8008/8443/8009 then STOP forwarding them.”

The hackers informed those affected that they were able to wirelessly play media of their choice on users’ devices, erase Wi-Fi network setting, rename devices, and connect other devices wirelessly with Chromecast and Google Home. HackerGiraffe clarified that their intention wasn’t to cause real harm or steal data but to alert Google and its customers to the vulnerability.

HackerGiraffe further added that the attack doesn’t gather or save any information from affected devices.

Google told The Verge that many users reported: “an unauthorized video played on their TVs via a Chromecast device.” The company confirmed the hack was due to router settings. Both HackerGiraffe and Google told The Verge the best way to fix the issue is by turning off the Universal Plug and Play (UPnP) option on their routers.

Since the hacked seemed not to have any malicious purpose, it might be a blessing in disguise for some users who are now aware of a security loophole. This will prevent malicious actors from using it for much more nefarious deeds. Since HackerGiraffe gave a solution to the security bug, some may even find humor in the situation.

This isn’t the first time the hackers backed Kjellberg and promoted his YouTube channel. The duo admitted that they were behind the printer hacks that told users to subscribe to PewDiePie, back in November. HackerGirrafe gained access to close to 50,000 unsuspecting printers worldwide to promote PewDiePie and help him retain his position as the most subscribed YouTuber. At the time, he was facing tough competition from Indian music label T-Series’ YouTube channel.

Just last month, PewDiePie was at the center of another controversial hack orchestrated by his fans. This time they targeted The Wall Street Journal, which posted a story in 2017 about Kjellberg being anti-semitic after he had paid two strangers to hold up a sign reading “Death to all Jews” in a publicity stunt that lead Disney to cut all ties to the YouTube star. In response to the critical story, hackers replaced sponsored content on the website with calls for the newspaper to apologize for taking the stunt out of context.

Kjellberg is the most subscribed YouTuber, currently having a whopping 79 million subscribers. The Swedish star has successfully maintained his position as the most subscribed YouTuber since 2013.

It is highly impressive how many subscribers he gained after his “war” against the Indian music conglomerate, even adding a mind-blowing half million subscribers in one day back in October.

The YouTuber himself had nothing to do with any of the hacks as far as we know. They were all conducted by members of his enormous fan base.

It’s likely that the media will find a way to blame PewDiePie. He has made mistakes in the past, including his “all Jews must die” joke and saying the N-word during a live stream, for which he later apologized.

It will be interesting to see how this whole hacking fiasco turns out. It will be in everyone’s interest, PewDiePie’s included, to prevent further hacks in the future.

This post was originally published on January 5, 2019 and was updated on January 13, 2020.

Filed Under: Security, Internet Tagged With: Chromecast, Google, PewDiePie, Security, Security Breach

Related Stories

  • “Hey Google” smart home summit scheduled for July 8th

    “Hey Google” smart home summit scheduled for July 8th

  • Trump sues Facebook, Twitter, and Google

    Trump sues Facebook, Twitter, and Google

  • Google personalizes search results in Incognito, DuckDuckGo study finds

    Google personalizes search results in Incognito, DuckDuckGo study finds

FacebookTweetPinLinkedInPrintEmail

About Fazeel Ashraf

IT graduate from the National University of Science and Technology with a passion for writing. When not reading or writing, I can be found listening to rock and metal or playing some classic jams on my electric guitar. I’m also a big fan of horror movies.

Reader Interactions

Share Your Thoughts Cancel reply

Please read our comment policy before submitting your comment. Your email address will not be used or published anywhere. You will only receive comment notifications if you opt to subscribe below.

Primary Sidebar

Become a contributor

We are accepting contributor applications. All applications will be decided in 3 days after applying. To learn more visit the contributors page.
TextSheet Alternative

6 Top Alternatives to Textsheet for 2025

Muhammad Zeshan Sarwar October 5, 2024

battery draining apps

Top 10 battery draining apps to avoid 2025

Muhammad Abdullah October 5, 2024

Recent Stories

  • 6 Top Alternatives to Textsheet for 2025
  • Top 10 battery draining apps to avoid 2025
  • The Benefits of Having a Small Air Compressor for Flat Tires
  • 4 Best Free VPNs for 2025
  • 9 Best Calendar Apps in 2025

Footer

Discover

  • About us
  • Newsroom
  • Staff
  • Advertise
  • Send us a tip
  • Startup Submission Questionnaire
  • Brand Kit
  • Contact us

Legal pages

  • Reviews Guarantee
  • Community Guidelines
  • Corrections Policy and Practice
  • Cookies Policy
  • Our Ethics
  • Disclaimer
  • GDPR Compliance
  • Privacy Policy
  • Terms and Conditions

Must reads

  • Best AirPods alternatives on Amazon
  • Best PC monitors for gaming on Amazon
  • Best family board games
  • Best video doorbells without subscription
  • Best handheld video game consoles
  • Best all-season tires for snow
  • Best mobile Wi-Fi hotspots
  • Best treadmills on Amazon

Download our apps

TechEngage app coming soon on App Store

© 2024 TechEngage®. All Rights Reserved. TechEngage® is a project of TechAbout LLC.

TechEngage® is a registered trademark in the United States under Trademark Number 6823709 and in the United Kingdom under Trademark Number UK00003417167. It is also ISSN protected under ISSN 2690-3776 and has OCLC Number 1139335774.

  • Terms & Conditions
  • Privacy Policy