AH Chromecast-2

Google’s Chromecast Flaw Likely To Stay Unpatched

August 6, 2015 - Written By Justin Diaz

Google’s Chromecast is many things, most of all though, it’s an easy way for people to enjoy all kinds of media content (as long as it’s supported) on the big screen just by tapping a tiny button inside of the apps we use most like Play Movies, Play Music, YouTube, Netflix, Hulu, and finally HBO NOW as of today. One thing Chromecast is not is ridden with security issues. That doesn’t mean however that it is completely without any flaws at all. In fact, a recent report highlights a sort of significant flaw the Chromecast is susceptible to that many users may not even know exists.

The flaw in question allows someone to hack into the Chromecast and essentially stream content to it. As an example, an individual by the name of Dan Petro who is a security researcher demonstrated this flaw at the Black Hat USA event in 2014. Utilizing a Raspberry Pi computer, he was able to hack into the Chromecast and stream a video of Rick Asterly’s “Never Gonna Give You Up” which many internet users may fondly remember as a popular prank played on other people known as “rickrolling.” Given someone has the correct equipment which Petro referred to as a Ricmote (named so because of the video chosen to stream to the Chromecast during the hack) someone could easily display virtually any content they wish to the Chromecast they have in their control.

It’s now more than a year later and this particular flaw has yet to be fixed by Google, but as Petro points out he doesn’t see this happening any time soon if at all. The reason being: Doing so would highly likely compromise the way Google intended Chromecast to function, so for the foreseeable future you could have the potential to rickroll your friends in a whole new way. Some good news here though is that to execute such an attack as this one, the user would not only need to be in close proximity to the Chromecast, but it’s not likely the attack would allow them to acquire and personal information such as passwords, so it really isn’t a security issue which puts users at risk. Is the Chromecast exploitable to where you could annoy your friends while bringing the Rickroll back in a new and exciting way? Yes. Is this an issue Chromecast users should be worried about? No, probably not.