This week, security researcher and all-around prankster Dan Petro debuted his new Chromecast-pwning device — labeled the “Rickmote” — after the famous Rick Astley prank which plagued the Internet for years before everyone finally got themselves in on the joke and learned to be a little more careful the next time they opened an unrecognized link.
The exploit works much like the Dropcam vulnerability which we reported on earlier this week, wherein all a hacker needs to do is find themselves within range of a Chromecast device in order to compromise the wireless network it’s attached to. Moreover, it borrows many of the same tactics that were employed by hackers who had discovered an unused backdoor in LG Smart TVs back in April of this year.
Petro writes in his official statement about the newly unearthed hole:
“… it possible to hijack unsuspecting Chromecast users’ TVs, turning their Game of Thrones marathon into a 1980s flashback … by briefly disconnecting nearby Chromecasts from their Wi-Fi.
When this loss of connectivity occurs, the Chromecast tries to reconfigure and accepts commands from anyone within proximity.”
By latching on to a momentary lapse in permissions, Petro is able to trick the Chromecast into allowing anyone with falsified credentials to sneak onto the network unnoticed. From there it’s a few simple steps, that even the most basic of script kiddies would know how to execute, to own a network and every Smart TV device that’s connected to it within range.
Petro even designed a physical box for his new creation, and gave the guide for its construction up for free on the commonly used text portal Github. Anyone with a mischievous streak and a little free time on their hands could deploy the same crack against their friends who have picked up one of the wildly popular dongles that turns any TV with a USB port into a personal Smart Hub tricked out with all the trappings of much more expensive models, which would tack on a couple hundred extra for the privilege of streaming Netflix or Youtube from their living room.
Realistically this type of hack can’t be used for much more than a little light harassment and maybe a prank or two on the part of the perpetrator. Even still, when you have a product as prolific as Chromecast all it takes is one resourceful hacker to bring the whole house of cards down and leave millions of systems vulnerable in a single keystroke.
Google needs to take these type of threats seriously, and should also understand that just because Chromecast doesn’t touch laptops or mobile phones doesn’t mean that many of those same devices don’t connect to networks that share a space with a wirelessly connected flat screen TV.
Petro says we can expect the full details of his discovery to be revealed at the upcoming HOPE X conference in New York on this weekend.