January 2019 brought what could become the newest development in device hacking.
Reports surfaced that Chromecasts had been penetrated and hijacked, with the intruder taking remote control over their functions.
While the news met with considerable shock in the community, for many, it was expected. As technology plows forward, its wake is awash with code-junkies, trying to crack security protocols and stand on the frontier of hacking.
The Chromecast hack is an alarming wake-up call for chord-cutters, for whom cybersecurity has never been a frontline issue. As the threat develops, awareness is essential to protect yourself and your data.
A New Generation of Entertainment
It’s estimated that the cable TV industry loses 14,000 subscribers each day. As more and more of us move from traditional television options, the era of chord-cutting has come to a head. This trend refers to the vast amount of us who now choose to get our entertainment via online platforms, such as Netflix, Hulu, and Amazon TV.
While some simply watch on their laptops and phones, a whole industry now exists of products that allow you to stream media onto your TV.
Other than Chromecast, options include:
- Amazon Fire
- SHIELD TV
Like most new technology, all of these products have very little focus on security. Usually, it takes one severe attack to force companies to update their safety protocols.
How ChromeCast Was Hacked
Fortunately, the first ChromeCast hack was in no way nefarious. It came from a user called ‘Hacker Giraffe,’ who appeared to be acting as your friendly neighborhood cybersecurity-watchdog. They found a way to manipulate peoples’ Chromecasts using the CastHack bug. With this hack, they were able to remotely cast a YouTube video, containing a warning about the device’s vulnerability. It read as follows:
“YOUR Chromecast/Smart TV is exposed to the public internet and is exposing sensitive information about you! To find out more about what to do and how to fix this visit, XXXXXX for more information. You should also Subscribe to Pewdiepie. Greetings from @HackerGiraffe and @J3ws3r. Made by rosk2006.”
Whether popular YouTuber, Pewdiepie, had anything to do with the hack is unconfirmed. It’s possible that the creator is just a fan, rather than an affiliate.
Experts have also theorized that the initial problem lies in the router security, rather than the Chromecast itself, which means all SmartHome devices are also under threat.
Why Hack Media Streamers?
So, why does it matter that hackers can gain access to our media streamers? In the greater scheme of things, how is the occasional unrequested YouTube video going to threaten our security? While, it’s true that the reported hack is little more than a small annoyance, it’s the potential the situation brings that is the real cause for concern.
Firstly, it’s worth noting that some users were being plagued with the video every 20 minutes – with no power to shut it off and regain control. Attacks like this fall into the Denial of Service (DoS) category, where hackers can overwhelm your device and make it unusable.
The second real worry is data security. So much of our information is stored on online platforms these days. Think of your Netflix subscription; they know your name, email address, and bank information. Imagine what damage could be done if those details fall into the wrong hands.
A Potential Threat
The next important question is just how imminent is this threat. In 2017, Kodi and other media streaming apps fell victim to rootkit attacks, which used the coding in subtitles to gain backdoor access to the target computer. Since media streamer devices are one-step further detached – i.e., they aren’t always connected to our devices – it’s much harder to use them for ubiquitous access.
However, as is evident by the CastHack attack, harder does not mean impossible. It wouldn’t take much for malicious hackers to use media streamers as a starting point to access more profitable data stores on your devices.
Furthermore, if the hack is initiated from the router, then it also raises questions regarding what other smart devices are at threat. As IoT gadgets increase in popularity, insecure routers mean direct access to our TVs, fridges, security cameras, and even locking systems.
Stay Cautious, Stay Safe
While the threat may not mean instant digital Armageddon, it’s time to start being cautious when using media streaming devices. The following techniques will help optimize your security and reduce the risk of infection or attack. While it’s impossible to ensure complete protection – as threats of this nature are continually developing – taking the necessary steps will improve security considerably.
- Annex your router. Many vulnerabilities occur when the router and modem exist as a single device, usually called a gateway. If your ISP has leased you an internet gateway, ask them to dumb it down to a modem and add your own router. Alternatively, you can get a commercial-grade router for around $200.
- Alter Log-In Details. Default network-names, usernames and passwords are easier to crack than ones you can create yourself. Where possible, make sure these details are updated quickly and regularly.
- Switch to 5-GHz band. 5-GHz band WiFi does not travel as far as the standard 2.4GHz band, so you’ll be less visible to local, opportunist hackers.
- Use a VPN-compatible Router. VPNs encrypt your network by diverting your traffic via the host company’s server. Most home routers can run open-source firmware, which then supports VPNs. Many VPN providers offer instructions on how to do this.
Finally, it’s essential to ensure you’re following all the basics of computer security on all your personal devices – including computers, tablets, and smartphones. Strong passwords, regular virus checks, software updates, and online vigilance are all old news. However, they’re as important as ever for keeping you and your media streaming device safe.
Embrace Chord-Cutting with No Fears or Repercussions
Cybersecurity advice can often seem doom and gloom – as if it’s always focused on the worst-case scenario. The reality is that threats never seem imminent until it’s too late. The best way to enjoy real freedom and security on your devices is to stay ahead of the game.
The Chromecast hack has given us unique insight into the future of cybersecurity for streaming devices. Educating yourself on the potential risks now could save you from severe damage in the future.
Use this advice to implement the necessary security strategies, and stay vigilant as hacks of this nature continue to develop.