Certain hackers in recent weeks have exploited tech vulnerabilities to promote internet sensation PewDiePie. The latest attempt involves Casting a video promoting the YouTube creator onto Chromecast devices, including smart TVs, by taking advantage of a vulnerability on some routers.
Over the past few days, some Chromecast owners have reported (via The Verge) that their televisions are playing a specific YouTube video over-and-over. Mimicking a warning sign, it notes how “YOUR Chromecast/Smart TV is exposed to the public internet.”
These hackers are taking advantage of a flaw related to Universal Plug and Play (UPnP) on some routers. Google argues that there is no particular vulnerability with Chromecasts and suggests that affected users turn off UPnP on their routers to stop the unauthorized Casting. This is also the same advice being offered by the hackers.
UPnP is short for Universal Plug and Play. It’s a protocol that lets UPnP-enabled devices on your network automatically discover and communicate with each other, as well as create more direct channels of communication with the internet.
This unauthorized Casting is due to bad UPnP implementations on some routers that expose “every internal port by default.” As a result of this access, the nefarious YouTube video — which has been viewed 4,162 times as of Wednesday evening — can be Casted by an outside party.
On the Google front, there have been some claims in the past that Cast devices are not secure due to an API used by the Google Home companion app for device-to-device communication on the same Wi-Fi network.
The second intent of this almost PSA-like “CastHack” is to promote PewDiePie as part of an ongoing subscriber count battle. Users who see this message are asked to subscribe to the YouTube creator. The hackers behind this particular attack caused printers around the world in November to print similar subscribe messages. Another party was behind the hack of the Wall Street Journal website last month.