Home > News content

Google has ignored Chromecast vulnerabilities for years and is now being exploited by hackers

via:博客园     time:2019/1/3 18:01:35     readed:273

orgsrc=//img2018.cnblogs.com/news/66372/201901/66372-20190103174113498-174985958.jpg

Tencent Technologies News, according to foreign media reports, a few years ago, Google was warned that its Chromecast streaming TV stick had a loophole, but it has been ignored. Now hackers are exploiting this vulnerability. Security researchers say the situation could get worse if the vulnerability is not fixed quickly.

This vulnerability, called CastHack, takes advantage of Chromecast and the routers it connects to. Some home routers have enabled the Universal Plug and Play (UPnP) protocol, a network standard that can be used in many ways. UPnP forwards ports from the internal network to the Internet, enabling hackers to view and access Chromecast and other devices on the Internet.

Google is right, but it hasn't solved a bug that has existed for many years, causing anyone to access Chromecast, hijack streaming videos and display anything they want to see, because Chromecast doesn't confirm whether someone has the right to change streaming videos.

A loophole discovered a few years ago

In a subsequent e-mail, Google said it was working to fix deauth vulnerabilities.

It is urgent to repair the loopholes

Monroe said that when Google was told about the vulnerability in 2014, it should start to address it.

Before malicious hackers discover and exploit this vulnerability, giraffe hackers warn users to pay attention to these problems and offer suggestions on how to repair them.

But Monroe says hackers can have more serious consequences through such attacks.

In a blog post on Wednesday, Monroe said that by hijacking Chromecast and forcing it to play loud enough instructions, it could easily control other smart home devices, such as Amazon Echo smart speakers. This has happened before, when smart voice assistants inadvertently hear voices on TV or radio, they feel confused and suddenly order goods from Amazon without any warning.

Amazon Echo and other smart devices are widely considered safe, even though they tend to eavesdrop on things they shouldn't have heard. Monroe said in his blog post that the weakest security link is usually human, followed by smart home devices. Recently, Render Man, a Canadian security researcher, demonstrated how sound sensors can be used in windows to trick nearby Amazon Echo into unlocking a networked smart lock on the front door of a house.

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments