Owners of some Chromecasts and smart TVs might see an unusual message on their screens: A message and propaganda video imploring them to subscribe to PewDiePie on YouTube.
A hacker duo known as HackerGiraffe and j3ws3r is claiming responsibility, and explains the process on a website devoted to the hack. They were also behind the hacks that remotely forced 500,000 printers to print pages of PewDiePie propaganda.
The devices are exposed to the internet, which allowed the duo to hack them and play their own media on them.
“If you came here because you're a victim of #CastHack, then know that your Chromecast/SmartTV/GoogleHome is exposed to the public internet, and is leaking sensitive information related to your device and home,” HackerGiraffe/j3ws3r wrote on the site. “We want to help you, and also our favorite YouTubers (mostly PewDiePie). We're only trying to protect you and inform you of this before someone takes real advantage of it. Imagine the consequences of having access to the information above."
The website shows a counter of allegedly exposed devices detected so far, as well as total devices hacked, and devices forced to play a video:
The consequences HackerGiraffe and j3ws3r referred to are ultimately harmless, but pretty annoying: With this access, hackers can remotely play media, rename the device, factory reset or reboot the device, force it to forget all wifi networks, or force it to pair to a new bluetooth speaker or wifi point, according to the site.
Those affected can fix their routers by disabling UPnP on their routers or stop forwarding to ports 8008/8443/8009, according to the website.
Like the printer hack, these pranks do more than promote PewDiePie’s channel or entertain his diehard followers: They expose vulnerabilities in systems and devices that allow these kind of hacks to happen. In June 2018, Google promised to fix an authentication issue on Google Home and Chromecast devices that exposed home addresses of users to hackers.