Chromecast Devices Go Vulnerable As CastHack Bug Exploits UPnP Standard

It seems that almost anything and everything connected to the Internet is at risk. A new security threat has been uncovered which attacks Google’s Chromecast streaming devices forcing users to play any YouTube video the attacker chooses.

Known as CastHack, a pair of ethical hackers managed to spot the exploit and apparently hijacked thousands of Chromecast dongles warning users about the threat. The hackers who go by the name of Giraffe and J3ws3r, went on to display a message warning users about the security flaw along with a link explaining how it can be fixed. As a bonus, they also asked people to subscribe to popular YouTuber PewDiePie.

Now technically it is not Google’s fault as the company says its a flaw that affects routers rather than the Chromecast itself. CastHack exploits a weakness in the Universal Plug and Play (UPnP) networking standard in certain routers, which allows some of the connected devices accessible on the internet. The bug can be easily fixed by disabling UPnP on your Internet router.

Having said that, it is something that is going to startle users knowing that anyone could take control of your video streams whenever they want.

The new security threat related to Chromecast isn’t the first one as there have been similar issues in the past. Back in 2014, when the first Chromecast was launched, security firm Bishop Fox had revealed that it could gain control of a Chromecast by disconnecting it from its current Wi-Fi network and reverting it to a factory state. Later in 2016, another cybersecurity firm called Pen Test Partners confirmed that the device was still vulnerable to similar attacks.― News18