WARNING: Your Chromecast is no longer safe… from hackers with the time and knowledge to build a hacking device out of a Raspberry Pi. As far fetched as that may sound, it is possible. In fact, one man — a security consultant named Den Petro — actually went through the trouble of creating a little proof-of-concept device he calls the “Rickmote.”
The tiny device — built using an affordable Raspberry Pi — takes advantage of an exploit that allows it to easily hack into your Chromecast and play whatever video (or music or pictures) it liked, with no way for you to regain control. Because Rick Astley’s famous music video was the streaming media of choice, that’s how the device found its name.
How it works is the Rickmote floods the Chromecast with de-authenticate packets, a normal function found in the WiFi standard. It’s only because of the unique way the Chromecast handles deauth commands that makes it susceptible to hijacking. When faced with too many deauth commands, Google’s dongle will simply boot into setup mode, making it easy for a very bad person to connect to the dongle and stream whatever they liked.
In fact, the Rickmote doesn’t even need to be connected to your secured WiFi network to hack into the Chromecast, making it all the more threatening (or annoying, rather). Since this is actually how the Chromecast was designed to work, it seems unlikely Google will make an attempt at addressing this newly discovered “exploit” unless they revised the hardware somewhere down the road.
So what are the odds you find your Chromecast hijacked and playing the most exotic adult movies the internet has to offer? Extremely unlikely. First, the prankster would need to be in range of your network — as well as one of their own — in order to stream their own media to your Chromecast. Once they got out of range, the Chromecast would be yours to setup again. For now, we’re sure your Chromecast is (probably) safe.
[Bishop Fox | via Raspberry Pi | TechCrunch]