A group of hackers has claimed responsibility for hijacking thousands of smart TVs and Google Chromecast devices around the world. The hacked devices were forced to play a YouTube video seeking support for the platform’s most popular star, Felix “PewDiePie” Kjellberg.
So how does hacking random entertainment systems help the YouTube star?
PewDiePie is currently leading a campaign to become the first YouTuber with 80 million followers, as Bollywood channel T-Series threatens to overtake his follower count. The hacked video tells victims that their device is “exposing sensitive information” while also telling them to subscribe to PewDiePie. A link for more information leads to a video of Rick Astley’s “Never Gonna Give You Up,” calling back to an old YouTube joke, the RickRoll.
The hackers said they targeted as many as 5,000 devices, and victims of the hack said their devices would automatically play the video every 20 minutes. Organizing under the social media hashtag #CastHack, a hacker using the Twitter and Youtube handle The Hacker Giraffe claimed responsibility along with two other Twitter users using the handles @friendlyh4xx0r and @j3ws3r (pronounced user.) The group claims the hack was intended to make victims aware of their device’s security flaws and vulnerability, but also to promote PewDiePie and other YouTubers.
In December, @j3ws3r was linked to another PewDiePie-related hack targeting printers. More than 100,000 printers in multiple countries were forced to print a message in support of PewDiePie, with information detailing their network vulnerability. Just days later, The Wall Street Journal’s website was also hacked in support of PewDiePie.
While Kjellberg hasn’t suggested that he is involved with the hacks, he has joked about all three incidents on Twitter, including a tweet commending The Hacker Giraffe for the #CastHack attack.
The #CastHack targets open security ports in the victim’s home network that make certain information public. The hackers said their exploit shows them what WiFi network a Chromecast or Google Home device is connected to, which bluetooth devices have been shared, any smart device alarms that are enabled, and more. This also allows hackers to play media on your device, rename it, perform a factory reset, or force it to pair with other bluetooth or WiFi devices.
To protect your devices, make sure that UPnP is disabled on your router, and that you’re not using unnecessary port forwarding.