The "Rickmote Controller" Can Hijack Any Google Chromecast 131
redletterdave writes Dan Petro, a security analyst for the Bishop Fox IT consulting firm, built a proof of concept device that's able to hack into any Google Chromecasts nearby to project Rick Astley's "Never Gonna Give You Up," or any other video a prankster might choose. The "Rickmote," which is built on top of the $35 Raspberry Pi single board computer, finds a local Chromecast device, boots it off the network, and then takes over the screen with multimedia of one's choosing. But it gets worse for the victims: If the hacker leaves the range of the device, there's no way to regain control of the Chromecast. Unfortunately for Google, this is a rather serious issue with the Chromecast device that's not too easy to fix, as the configuration process is an essential part of the Chromecast experience.
Re:Maybe it's just me ... (Score:5, Informative)
That's not what it says in the post: "The 'Rickmote,' which is built on top of the $35 Raspberry Pi single board computer, finds a local Chromecast device, boots it off the network, and then takes over the screen with multimedia of one's choosing. ... But it gets worse for the victims: If the hacker leaves the range of the device, there's no way to regain control of the Chromecast."
So ... yeah, it's never gonna give you up.
Better version of TFA (Score:5, Informative)
Re:Doesn't this require access to your network (Score:5, Informative)
Quote the article: "When the Chromecast receives the “deauth” command, it returns to its configuration mode, leaving it open for a device — in this case, the Rickmote — to configure it. At that point, the Rickmote tells the Chromecast to connect to its own WiFi network, at which point, Google’s streaming stick is effectively hacked."
Imagine Dr. Evil making air quotes: "Security."
Re:Maybe it's just me ... (Score:2, Informative)
I wondering if that part of the article is correct. There is a hard reset button on the chromecast that you can use to force it into initialization mode. I'm wondering if that could be used to gain back control of it.
Re:Where's the factory-reset button? (Score:5, Informative)
http://www.tnet.com/products/devices/chromecast/resetbutton
it does.
Re:Maybe it's just me ... (Score:5, Informative)
25 seconds of holding a button, and your device is yours again. It's annoying, but it's not like an attacker is stealing your identity and financial information with this.
https://support.google.com/chr... [google.com]
Re:Nowhere in TFA (Score:2, Informative)
http://allaboutchromecast.com/chromecast-how-to-guide/reset-chromecast-factory-data-reset-fdr/ [allaboutchromecast.com]
Re:Maybe it's just me ... (Score:5, Informative)
... there's no way to regain control of the Chromecast unless you RTFM and press the reset button
Re:Where's the factory-reset button? (Score:5, Informative)
> Where's the factory-reset button when you need it?
It's on the Chromecast.
> They need to be hardware buttons
It's a hardware button.