Tencent Technologies News, according to foreign media reports, a few years ago, Google was warned that its Chromecast streaming TV stick had a loophole, but it has been ignored. Now hackers are exploiting this vulnerability. Security researchers say the situation could get worse if the vulnerability is not fixed quickly.
This vulnerability, called CastHack, takes advantage of Chromecast and the routers it connects to. Some home routers have enabled the Universal Plug and Play (UPnP) protocol, a network standard that can be used in many ways. UPnP forwards ports from the internal network to the Internet, enabling hackers to view and access Chromecast and other devices on the Internet.
Google is right, but it hasn't solved a bug that has existed for many years, causing anyone to access Chromecast, hijack streaming videos and display anything they want to see, because Chromecast doesn't confirm whether someone has the right to change streaming videos.
A loophole discovered a few years ago
In a subsequent e-mail, Google said it was working to fix deauth vulnerabilities.
It is urgent to repair the loopholes
Monroe said that when Google was told about the vulnerability in 2014, it should start to address it.
Before malicious hackers discover and exploit this vulnerability, giraffe hackers warn users to pay attention to these problems and offer suggestions on how to repair them.
But Monroe says hackers can have more serious consequences through such attacks.
In a blog post on Wednesday, Monroe said that by hijacking Chromecast and forcing it to play loud enough instructions, it could easily control other smart home devices, such as Amazon Echo smart speakers. This has happened before, when smart voice assistants inadvertently hear voices on TV or radio, they feel confused and suddenly order goods from Amazon without any warning.
Amazon Echo and other smart devices are widely considered safe, even though they tend to eavesdrop on things they shouldn't have heard. Monroe said in his blog post that the weakest security link is usually human, followed by smart home devices. Recently, Render Man, a Canadian security researcher, demonstrated how sound sensors can be used in windows to trick nearby Amazon Echo into unlocking a networked smart lock on the front door of a house.