Hacker hijacks thousands of Chromecasts and smart TVs to play PewDiePie ad

Hacker is targeting smart TVs, Chromecasts, and Google Home devices. Sonos support also coming, hacker said.

A hacker duo claims to have hijacked thousands of internet-exposed Chromecasts, smart TVs, and Google Home devices to play a video urging users to subscribe to PewDiePie's YouTube channel.

The main hacker behind this hacking campaign --codenamed CastHack-- is known online as TheHackerGiraffe. The hacker explained on Twitter that CastHack takes advantage of users who use incorrectly configured routers that have the UPnP (Universal Plug'n'Play) service enabled, service which forwards specific ports from the internal network on the Internet.

The ports are 8008, 8009, and 8443, which are normally used by smart TVs, Chromecasts, and Google Home for various management functions.

The devices expose these ports on internal networks, where users can send commands from their smartphones or computers to the devices for remote management purposes. But routers with incorrectly configured UPnP settings are making these ports available on the internet.

This allowed FriendlyH4xx0r to set up a script that scans the entire internet for devices with these ports exposed. Once devices are identified, the hacker said another script renames the devices to "HACKED_SUB2PEWDS_#" and then tries to autoplay the video below.

The video is part of a guerilla marketing campaign that got underway last month when PewDiePie fans wanted to help their YouTube idol increase his account's subscribers total in battle with Indian channel T-Series for the title of YouTube's most popular channel.

TheHackerGiraffe is already infamous after last month he/she hijacked tens of thousands of printers and made them print a similar message, urging users to subscribe to PewDiePie's channel.

TheHackerGiraffe is also running a web page with stats about the ongoing Chromecast-defacement campaign (named CastHack). The server has been reset a few times today, but at one point the page showed that FriendlyH4xx0r had managed to rename and/or play the pro-PewDiePie YouTube video on more than 5,000 devices already.

As this same page clearly states, the hack doesn't exploit a vulnerability in any smart TVs, Chromecasts, or Google Home devices, but just takes advantage of improperly configured routers.

Users can protect their devices by disabling UPnP services on their router, or by making sure UPnP doesn't port-forward ports 8008, 8009, and 8443.

The following page contains a list of links to UPnP testing services that will tell users if their router's UPnP service is enabled. Users can find instructions on how to disable the UPnP service in the settings panel or manual of their respective router model.

TheHackerGiraffe also hinted earlier today on Twitter that he is looking into expanding the scripts to add support for targeting Sonos devices as well.

Hacking and forcing Chromecast devices to play a desired video or audio is not a new thing. Such hacks have been known since at least 2013.

Related cybersecurity coverage: