• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
TechEngage®

TechEngage®

Technology news and opinions

  • Tech News
  • Reviews
  • How-to
  • Roundups
  • Science
    • Energy
    • Environment
    • Health
    • Space
  • Apps
  • More
    • Opinion
    • Noteworthy
    • Culture
    • Blockchain
      • Cryptocurrency
    • Events
    • Deals
    • Startups
      • Startup Submissions
  • Videos
TechEngage » News » Security

Chromecasts are hijacked by PewDiePie fans, exposing huge security flaw

Avatar Of Fazeel Ashraf Fazeel Ashraf Updated: January 13, 2020

Design contains Chromecast 3rd gen
Design by abdugeek | TechEngage

Forget printers getting hacked and informing users to subscribe to PewDiePie, its Chromecast’s turn. A couple of mischievous hackers have exploited thousands of Chromecast devices to promote Swedish YouTuber Felix “PewDiePie” Kjellberg’s channel.

The hackers, known as “HackerGiraffe” and “j3ws3r” found a vulnerability in the router settings of smart devices hooked up to televisions. This vulnerability made Chromecasts and Google Homes publicly visible on the Internet.

HackerGiraffe and  j3ws3r were able to exploit this to broadcast videos on connected televisions. The hackers had discovered 72,341 exposed devices at the time of writing. The hack is known as “CastHack” and the CastHack website is keeping the Internet updated on its success.

Pewdiepie Hack
via: TheHackerGiraffe

CastHack displays a message instructing viewers to subscribe to PewDiePie and KeemStar, another YouTuber who covers feuds and gossip news. The website also had links to the hackers’ personal Twitter accounts.

It also provides information about the total number of devices renamed as a result of the hack as well as the “Total devices forced to play video,” “Total Google Homes devices,” and “Total SmartTVs/Chromecast devices” that were breached. The hackers exploited the routers’ Universal Plug and Play (UPnP) option. Google has admitted to the hacks.

Chromecast Hack

The website also had an FAQ section featuring questions like “What is going on?” “What information is being leaked?” and “What can hackers do with this?” HackerGiraffe and j3ws3r  provided information to the people they hacked and gave advice about how they can best protect their devices in the future. The answer: “Disable UPnP on your router, and if you’re port forwarding ports 8008/8443/8009 then STOP forwarding them.”

The hackers informed those affected that they were able to wirelessly play media of their choice on users’ devices, erase Wi-Fi network setting, rename devices, and connect other devices wirelessly with Chromecast and Google Home. HackerGiraffe clarified that their intention wasn’t to cause real harm or steal data but to alert Google and its customers to the vulnerability.

HackerGiraffe further added that the attack doesn’t gather or save any information from affected devices.

Google told The Verge that many users reported: “an unauthorized video played on their TVs via a Chromecast device.” The company confirmed the hack was due to router settings. Both HackerGiraffe and Google told The Verge the best way to fix the issue is by turning off the Universal Plug and Play (UPnP) option on their routers.

Since the hacked seemed not to have any malicious purpose, it might be a blessing in disguise for some users who are now aware of a security loophole. This will prevent malicious actors from using it for much more nefarious deeds. Since HackerGiraffe gave a solution to the security bug, some may even find humor in the situation.

This isn’t the first time the hackers backed Kjellberg and promoted his YouTube channel. The duo admitted that they were behind the printer hacks that told users to subscribe to PewDiePie, back in November. HackerGirrafe gained access to close to 50,000 unsuspecting printers worldwide to promote PewDiePie and help him retain his position as the most subscribed YouTuber. At the time, he was facing tough competition from Indian music label T-Series’ YouTube channel.

Just last month, PewDiePie was at the center of another controversial hack orchestrated by his fans. This time they targeted The Wall Street Journal, which posted a story in 2017 about Kjellberg being anti-semitic after he had paid two strangers to hold up a sign reading “Death to all Jews” in a publicity stunt that lead Disney to cut all ties to the YouTube star. In response to the critical story, hackers replaced sponsored content on the website with calls for the newspaper to apologize for taking the stunt out of context.

Kjellberg is the most subscribed YouTuber, currently having a whopping 79 million subscribers. The Swedish star has successfully maintained his position as the most subscribed YouTuber since 2013.

It is highly impressive how many subscribers he gained after his “war” against the Indian music conglomerate, even adding a mind-blowing half million subscribers in one day back in October.

The YouTuber himself had nothing to do with any of the hacks as far as we know. They were all conducted by members of his enormous fan base.

It’s likely that the media will find a way to blame PewDiePie. He has made mistakes in the past, including his “all Jews must die” joke and saying the N-word during a live stream, for which he later apologized.

It will be interesting to see how this whole hacking fiasco turns out. It will be in everyone’s interest, PewDiePie’s included, to prevent further hacks in the future.

This post was orginally published on: January 5, 2019 and was updated on: January 13, 2020.

Related Tags: Chromecast Google PewDiePie Security Security Breach

Related Stories

  • Google Pulls Down Several Apps From Play Store For Stealing Facebook Data

    Google pulls down several apps from Play Store for stealing Facebook data

  • Facebook Gave Far Greater Access To Tech Companies Than It Disclosed

    Facebook gave far greater access to tech companies than it disclosed

  • Your Home Can Be Smart Or Secure, But Probably Not Both

    Your home can be smart or secure, but probably not both

Avatar Of Fazeel Ashraf

Fazeel Ashraf

Former Author @TechEngage

IT graduate from the National University of Science and Technology with a passion for writing. When not reading or writing, I can be found listening to rock and metal or playing some classic jams on my electric guitar. I’m also a big fan of horror movies.

Reader Interactions

Share Your Thoughts Cancel reply

Please read our comment policy before submitting your comment. Your email address will not be used or publish anywhere. You will only receive comment notifications if you opt to subscribe below.

Primary Sidebar

Become a contributor

We are accepting contributor applications. All applications will be decided in 3 days after applying. To learn more click here.
TechEngage-Apple-News
TechEngage-Google-News
An Image of a best gaming mouse

Best gaming mouse on Amazon in 2023

best gaming consoles

Best video game consoles to buy on Amazon in 2023

Recent Stories

  • Twitter may charge brands $1,000 to retain their Gold verified badge
  • Best Graphics Cards (GPUs) for gaming in 2023
  • A box packed OG iPhone is set to auction for $50,000
  • 6 best treadmills on Amazon in 2023
  • Samsung unveils Galaxy S23 series with “made for Galaxy” Snapdragon processor

Footer

Discover

  • About us
  • Newsroom
  • Staff
  • Advertise
  • Send us a tip
  • Startup Submission Questionnaire
  • Brand Kit
  • Contact us

Legal pages

  • Reviews Guarantee
  • Community Guidelines
  • Corrections Policy and Practice
  • Cookies Policy
  • Our Ethics
  • Disclaimer
  • GDPR Compliance
  • Privacy Policy
  • Terms and Conditions

Must reads

  • Best AirPods alternatives on Amazon
  • Best PC monitors for gaming on Amazon
  • Best family board games
  • Best Graphics Cards (GPUs) for gaming
  • Best video doorbells without subscription
  • Best handheld video game consoles
  • Best all-season tires for snow
  • Best mobile Wi-Fi hotspots
  • Best treadmills on Amazon
  • Best AM radios for long-distance reception

Download our apps

TechEngage-app-google-play-store

Copyright © 2023 · All Rights Reserved · TechEngage® is a Project of TechAbout LLC.
TechEngage® is a registered trademark in United Kingdom under Trademark Number UK00003417167 and is ISSN protected under the ISSN 2690-3776 and OCLC Number 1139335774.

Go to mobile version