Hackers
a photo of Google Home 1st Gen
Google

Hackers use router vulnerability to take over thousands of Google Home and Chromecast devices

A claimed 72,000 devices, including smart TVs and Google Chromecasts, were hacked to promote Pewdiepie YouTube channel.

Like GearBrain on Facebook

Hackers have used a router vulnerability to remotely control tens of thousands of smart TVs and Google products, including the Home smart speaker and Chromecast streaming device.

Named #CastHack, the stunt began on January 1 and exposed over 72,000 devices to the hack. A website set up by the hackers claimed over 65,000 devices were forced to play a video that included a message telling the victim they had been hacked and asking them to subscribe to Felix Kjekkberg's controversial YouTube channel, better known as Pewdiepie.

Read More:

Although the numbers on the hackers' website may not be accurate - they did not increase in the time it took to write and publish this article - a number of Reddit users have posted to say they are victims of the hack. One person said: "Every 20 minutes or so my TV switches to some crappy YouTube video about Pewdiepie with s****y rap music and a '#ChromeCastHack' hashtag."

A Twitter account seemingly created by the hackers - known as HackerGiraffe and j3ws3r - claimed the hack was taking control of 20 Chromecasts every second on January 1. The account tweeted a day later to reference a patch issued by Google to stop the attack.

Rather than being a hack that broke into the security of Google devices and smart televisions, this stunt was made possible by exploiting vulnerabilities in the home Wi-Fi routers they use to connect to the Internet.

a photo of Google Chromecast devicesThe Chromecast is used to play YouTube, Netflix and other video content on a connected televisionGoogle

The attack took advantage of a common router feature called Universal Plug and Play (UPnP), which helps devices see each other on a Wi-Fi network—devices like printers, smart speakers, and TV streaming sticks like the Chromecast.


The hackers' website claimed they performed a relatively harmless stunt to draw attention to the vulnerability rather than cause genuine damage. The website reads: "We want to help you...We're only trying to protect and inform you of this before someone takes advantage of it."

The site also said: "If you came here because you're a victim of #CastHack, then know that your Chromecast/Smart TV/Google Home is exposed to the public internet and is leaking sensitive information related to your device and home."

The hackers reassured victims that they could not access any personal information related to their Google account or the Google Home's microphone, but they claimed to have access to the noise level in whatever room the device was in. They also said they could remotely play media on the device, rename it, perform a reboot or factory reset, and force it to pair with a new Bluetooth speaker or Wi-Fi network.


Like GearBrain on Facebook
The Conversation (0)

GearBrain Compatibility Find Engine

A pioneering recommendation platform where you can research, discover, buy, and learn how to connect and optimize smart devices.

Join our community! Ask and answer questions about smart devices and save yours in My Gear.

Top Stories

Weekly Deals