Thousands of improperly secured Chromecasts, SmartTVs and Google home assistants are being hacked and forced to play PewDiePie’s YouTube channel by a group that claims its actions are altruistic and merely designed to show the users they have poor cybersecurity.
TheHackerGiraffe group, which took responsibility for an earlier similar attack against thousands of printers, that it is scanning for devices using Universal Plug ‘n Play with forwarding ports 8008/8443/8009. The hackers said some of what they are able to view includes the Wi-Fi network the Chromecast/Google Home is connected to, the Bluetooth devices it has paired with, how long the device been turned on, what Wi-Fi networks your device remembers and the alarms that have been set.
By exposing this information cybercriminal can remotely play media on your device, rename your device, factory reset or reboot the device, force it to forget all Wi-Fi networks, force it to pair to a new Bluetooth speaker/ Wi-Fi point, and so on, the group said on a website created to track the devices they are exposing.
TheHackerGiraffe said it is running this campaign to help people educate people on cybersecurity.
“We want to help you, and also our favorite YouTubers (mostly PewDiePie). We're only trying to protect you and inform you of this before someone takes real advantage of it. Imagine the consequences of having access to the information above,” TheHackerGiraffe said.
“Although I do not condone the actions of these hackers, I do hope that this can serve as a wakeup call for vendors to rethink their authentication models,” said Craig Young, computer security researcher for Tripwire’s Vulnerability and Exposure Research Team.
Young noted the problem lies in the fact that device manufacturers design choice lacks any meaningful authentication checks when handling user requests that do not have a pairing process that requires the end user prove he or she is authorized to use the device.