Sometimes, we don’t know our devices are vulnerable to attacks until we finally get hacked. And sometimes, you get hacked by the most unexpected people there is. That’s exactly what a few thousand Google device owners felt when hackers @HackerGiraffe and @j3ws3r while also promoting the biggest YouTuber, gamer and memester PewDiePie.
Aiding PewDiePie’s battle to remain the top independent YouTuber with the most subscribers, these two white hat hackers did their part by hijacking thousands of exposed Chromecast streaming dongles, Google Home speakers, and smart TVs. They didn’t steal account credentials or banking information. Instead, they posted a pop-up warning on the affected device and offered a fix to the exploited bug. Of course, don’t forget to subscribe to PewDiePie’s channel, as the warning page stated.
According to @HackerGiraffe, they exploited a bug that Google has been ignoring for the last five years. All they did was remotely scan for poorly configured routers with enabled Universal Plug and Play (PnP) and done, thousands of devices received the warning. They even included a now defunct website that shows the total number of devices they hijacked with the bug referred to as “CastHack.” When done by a black hat hacker, CastHack can do damage on these devices, ranging from the following:
- Collect sensitive data from the affected devices
- Remotely play offensive and sexual content
- Reboot or erase the contents of the device
- Force the devices to connect with vulnerable networks
Fortunately, the hack is fairly easy to fix. Affected users can change their router settings, turn off the Universal PnP feature, and prevent port 8008, 8443, and 8009 from forwarding. An enabled Universal PnP opens your router to a lot of vulnerabilities online, so it’s important to disable this default feature. The bug was first reported to Google in 2014 but the company has yet to address the issue. Judging by the actions of these hardcore PewDiePie fans, Google might soon offer an official fix.
Others might think that this publicity stunt was uncalled for, but it’s important for the public to know about the vulnerabilities of the devices they use on a daily basis. Thanks to volunteer white hackers @HackerGiraffe and @j3ws3r, we now know that there is a bug out there and all it takes to fix it is a bit of a tweaking to secure our beloved devices. Plus, they get to show their support for their favorite YouTuber by simply spreading the word. Now that is truly epic.
Speaking of vulnerable, your unprotected website could easily get copied by hackers and fraudsters. Authenticate your website today with superior SSL Certificates from GlobalSign. Learn more by visiting our official website.