During this attack were compromised thousands of devices such as Chromecast and Google Home, in addition to smart TVs
Two hackers claim to have hijacked thousands of intelligent devices, such as the streaming device Chromecast, Google Home smart speakers, even smart TVs, exposed on the Internet to play a video in which the victims of the attack were requested subscribe to PewDiePie YouTube channel, as reported by cybersecurity experts from the International Institute of Cyber Security.
The hacker identified as TheHackerGiraffe is behind this campaign of attacks, dubbed on Twitter as #CastHack. Through a thread of tweets, the hacker announced that this campaign takes advantage of users of smart devices that use incorrectly configured routers that use the UPnP (Universal Plug’n’Play) service that forwards specific ports from an internal network.
The ports are 8008, 8009 and 8443, which normally use devices such as smart TVs, Chromecast or Google Home to manage some of their functions.
The devices expose these ports to internal networks, where anyone can send commands from their smartphones or computers for remote management. But a router with UPnP erroneous configurations makes these ports available on the Internet, as mentioned specialists in cybersecurity.
This allowed the hacker FriendlyH4xx0r to configure a script that analyzes the Internet to find devices with these exposed ports. When these devices are found, the hacker changes their name (HACKED_SUB2PEWDS _ #) and finally tries to automatically play the video in question.
The video is part of a marketing campaign that began a few weeks ago when fans of PewDiePie tried to help the content creator to consolidate as the YouTuber with the most subscribers in the world. Because of this, TheHackerGiraffe has become famous because of its decision to intervene in thousands of printers around the world, forcing them to print a support message for PewDiePie.
In addition, TheHackerGiraffe has enabled a website with statistics on this campaign of attacks against smart devices (called CastHack). According to the latest updates on the site, more than 5k devices had already been compromised.
According to experts in cybersecurity, hackers are not exploiting any vulnerability present in any device, but are taking advantage of the flaws in the configuration of thousands of routers.
Users could ensure that their router does not transfer ports 8008, 8009, and 8443 to stay safe from this kind of attack, as well as disabling UPnP services on their devices.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.