Hackers behind the hacking spree are urging users to change their router settings and subscribe to PewDiePie’s YouTube.
Last month, it was reported that a group of hackers compromised thousands of printers around the world to send printouts urging users to subscribe to Felix Kjellberg aka PewDiePie’s official YouTube channel and unsubscribe from T-Series’s channel. In total over 150,000 printers were affected by the hacking spree.
In another hack, the Wall Street Journal (WSJ) website was defaced to display pro-PewDiePie messages. Now, the same hackers have moved forward towards bigger targets after claiming to hack thousands of Google Homes, Chromecasts and Smart TVs to run a video asking users to subscribe to PewDiePie’s official YouTube channel.
The hack attack has been conducted under the banner of “CastHack” and in total over 10,000 devices have come under attack. The main hacker behind the hacking saga goes by the online handle of Hacker Giraffe on Twitter. The hacker explained that they took advantage of routers with settings which expose the Internet of Things (IoT) devices including Google Homes and Chromecasts to public view. This allowed the group to play videos on Smart TVs without the owner’s consent.
“YOUR Chromecast/Smart TV is exposed to the public Internet and is exposing sensitive information about you! You should also subscribe to PewDiePie,” the video message said.
In a Tweet on January 1st, Hacker Giraffe had already discussed ports used by Chromecasts, Google Homes, and TVs being exposed to the Internet.
Turns out all those devices aren't only chromecasts, it's a mix of Chromecasts, Google Homes, and TVs with built in chromecasts. All listening on port 8008/8443 and exposed to the internet. Aweeeesomeeeee.
— TheHackerGiraffe 🖨 (@HackerGiraffe) January 1, 2019
Moreover, in another tweet, Hacker Giraffe claimed that there are more than 50,000 LG Smart TVs that are currently exposed and accessible via port 3001 which they are “stacking” for more targets.
There are several Reddit users who have confirmed that their devices were compromised. Google, on the other hand, has also acknowledged the hack and urged users to change their router settings by turning off its Universal Plug and Play (UPnP) feature and stop forwarding ports 8008, 8443 or 8009.
The group has also set up a website with a live counter showing how many devices have been exposed and how many of them have been forced to play video in support of PewDiePie. In the FAQ section of the website, the group explained that the incorrect router settings are also exposing the WiFi a victim’s Chromecast/Google Home is connected to, what Bluetooth devices it has paired to, how long it has been on, what WiFi networks a device remembers and what alarms have been set, etc.
Watch the video Hacker Giraffe uploaded on their YouTube channel:
Furthermore, they have explained that by using the exposed devices, a malicious threat actor can remotely play media on your device, rename your device, factory reset or reboot the device, force it to forget all WiFi networks, force it to pair to a new Bluetooth speaker/WiFi point, etc.
If you are using Google Homes, Chromecasts and LG Smart TV or if the aforementioned ports are open, make sure to fix them right now and do not forget to turn off UPnP feature. At the time of publishing this article, the live counter stat was claiming to have compromised more than 10,000 devices.