Hackers have compromised tens of thousands of Google devices forcing them to play videos urging people to subscribe to YouTube’s top vlogger PewDiePie.
Two hackers, known as HackerGiraffe and J3ws3r, announced the attack Wednesday, which takes advantage of misconfigured routers to access smart TVs and smart speakers, which are exposed to the public internet.
The breach attempts to rename devices before forcing them to play a video urging victims to subscribe to the YouTube channel belonging to Felix “PewDiePie” Kjellberg. YouTube has since removed the video.
The groups claims to have compromised more than 72,000 devices so far, including 1,500 Google Home speakers and 67,000 smart TVs or Chromecasts.
“Chromecasts or devices like them, made by Google, are exposing private information to the public,” one of the hackers told VICE News when asked why he was carrying out the attack.
Google says the breach was only made possible due to misconfigured routers and that its devices were not technically hacked.
The same hacker, who declined to give his real name or location, saying only that he was a student, last year conducted an attack against vulnerable printers, forcing the devices to print out messages again urging victims to subscribe to PewDiePie’s channel.
When asked why he chose to support PewDiePie, the hacker simply said: “I genuinely like PewDiePie, and the whole meme of #SavePewDiePie seemed interesting.”
Wednesday’s attack on vulnerable Google devices came just days after another hacking group, this one based in Greece, conducted a similar attack, claiming they gained access to 20,000 devices.
That attack also forced devices to play a video in support of PewDiePie, with one of the hackers — known as Friendlyh4xx0r — telling VICE News they wanted to help the vlogger maintain his position as YouTube’s top channel, which is under threat from an Indian music channel called T-Series.
“We wanted PewDiePie to win this battle between him and a big corporation,” the hacker said. “PewDiePie was not aware of this campaign.”
Both sets of hackers say they are conducting these attacks not to make money but to highlight the inherent security problems with many of today’s connected devices, and that companies like Google need to do more to secure their devices.
The vulnerabilities allow hackers to force devices to play videos or reboot, and it also lets the hackers collect a huge amount of data about the device and the network it is connected to.
According to HackerGiraffe, devices are leaking information like “what Wi-Fi network your Chromecast/Google Home is connected to, Bluetooth devices it has paired to, how long it's been on, what Wi-Fi networks your device remembers, what alarms you have set, and much more.”
The hackers say the easiest way to prevent these attacks taking place is to go your router’s settings and disable a feature called Universal Plug and Play (uPnP) — though this may also disable some devices such as printers and games consoles.
Cover image: The new Google ChromeCast is connected to the the back of a television during an event in San Francisco, California, U.S., on Wednesday, July 24, 2013. (Tony Avelar/Bloomberg via Getty Images)