Again Hacker shows the same type of attack, but this time on Google chromecast and Smart TVs. More than 5,500 exposed smart TVs, Chromecast streamers and Google Home devices have been commandeered to play PewDiePie promotions.
Hackers going with twitter handles @HackerGiraffe and @j3ws3r, remotely scanned the internet for compatible devices, including Chromecasts, exposed to the internet through poorly configured routers that have Universal Plug and Play (UPnP) enabled by default.
Hackers exploit the misconfigured routers and display a security warning message on vulnerable devices with the PewDewPie promotion. The message reads -
"YOUR Chromecast/Smart TV is exposed to the public internet and is exposing sensitive information about you! To find more about what to do and how to fix this, visit https://bit.ly/CastHack for more information,"An interesting thing is that Google was aware of the security bug, as it was reported in 2014 when the streaming device was launched, but Google ignored the issue. With this bug, an attacker can remotely force affected devices into playing media of their choice, rename devices, force factory reset or reboot the device, force it to forget all WiFi networks, or force the affected device to pair with new networks.
Just a hours ago an interesting tool have been released on GitHub with the name CrashCast-Exploit. This tool is something like same with this bug, as tool allows you to mass play any YouTube video with Chromecasts obtained from Shodan.io
[Note:- We are not responsible for any damage caused by this tool, and we don't take any risk caused.]