Recently, a hack called “CastHack” has taken advantage of an internet router setting that makes some smart devices - including access to more than 70 thousand Chromecast streaming video players - viewable on the public internet.

The attackers, going by the name of HackerGiraffe and j3ws3r, exploited the Universal Plug and Play networking standard in routers to force Chromecasts to stream content on users' devices. The saboteurs made them view a YouTube video encouraging their owners to subscribe PewDiePie.

5c2d3432e04d622bbb608cfc 750 375
Swedish vlogger PewDiePie (real name Felix Kjellberg), for those who don't already know, has been running YouTube's channel since 2013. He is known for his Let's Play game commentaries and pranks on his channel and currently has about 79 million followers on the platform.

Reportedly, the “attention” message allowed by a design weakness in Chromecast, hijack their streaming media to show a video warning on affected smart television screens without authentication.

Google Chromecast Hack

The message displayed to tell users that their devices had been taken over, warn them their WiFi information was at risk and broadcasting videos on the television. It suggested finding more information by visiting https://bit.ly/CastHack leading to boost PewDiePie channel.

This is not the first time HackerGiraffe and j3ws3r have drawn their swords in their battle, these hackers are the same ones hijacking more than 50 thousand internet-affected printers worldwide late last year by exploiting the vulnerability.

Interestingly, when the streaming equipment was dispatched, Google has recognized the Chromecast’s error many occasions since 2014 and also accepted the crack but that company didn’t take into account. Many people have believed their devices to be broken into and that they can find the solution for this problem by changing their routes setting as well as the hackers add users who are "forwarding ports 8008/8443/8009” should stop doing so. Besides that, only using Universal Plug and Play (UPnP) in case it is necessary.

UpnP set as default on all devices that were connected with the internet to create the hole in the router's security to allow malicious-logic software to be able to compromise each part of the local network.