Two hackers who go by the names Hacker Giraffe and J3ws3r recently hacked into thousands of Chromecast streaming devices. While CastHack didn’t really do anything malicious, the hackers did end up exposing a common router vulnerability and a Chromecast bug that hasn’t been fixed since 2014. Read on for the full story.
What is CastHack?
CastHack is the name that Hacker Giraffe and J3ws3r gave their latest hack. They took over the Chromecast stream of over 65,000 devices and exposed vulnerabilities in a total of 72,341 devices. They streamed a pop-up that informed the user that they’re being hacked and that their device is vulnerable while also asking people to subscribe to the infamous YouTuber, PewDiePie.
The pop-up also instructed the targets to go to CastHack’s very own website to understand what the hack was about and how to stop it from happening again.
CastHack wasn’t really a malicious attack on anyone. It also wasn’t the first time Hacker Giraffe decided to expose a vulnerability by using it to hack into something. Just the last time, the hackers stated that they wanted people to understand just how vulnerable they really are.
CastHack – Latest #PewDiePie Hack Exposes Chromecast and Router bug
Whether or not the sentiment is true doesn’t really matter, since they did bring to light a few key vulnerabilities. The first is the dangers of enabling UPnP on your router, the second is a security bug the Google simply didn’t fix.
The good news is that if you fix the vulnerability on your router, Chromecast is much less likely to be hacked. Still, the fact is that Bishop Fox, the security consultancy firm, found the bug back in 2014. In 2016, a U.K.-based cybersecurity firm called Pen Test Partners found the bug again.
In other words, this is a security bug that has been around for about 5 years now, and no one has done anything about it. The only difference this hack showed was that they were able to access the networks the devices were on remotely.
How to Secure Your Router
As I alluded to above, we don’t really have control over whether our Chromecast devices have a vulnerability or not. We do, however, have control over our routers. In order to not fall victim to a hack like CastHack, here’s what you should do:
- Disable UPnP.
- Stop port forwarding on ports 8008, 8443, 8009.
- Install a VPN on your router.
The first two points are pretty straightforward and are even suggested by our benevolent hackers. To disable UPnP and stop port forwarding on the selected ports, you need to log into your router’s configuration first. Each router is a little different, but usually, you’ll find them under Misc. or Other. If not, then do check your router’s manual for instructions.
The third point is a little more intense than the first two. See, changing your router’s UPnP settings helps protect you from the attack discussed above. Installing a VPN on your router helps you secure every single device connected to that router, and then some.
Now, the installation process isn’t always easy and does require some technical know-how. We’ve written a whole series of guides for the different VPN installation processes of some of the most used routers, which I do suggest you check out. If you want more of an idea of what this process entails, check out this general guide.
If you don’t want to do that or don’t trust that you can work out the process on your own, you can simply go out and buy a router with a VPN already on it!
Best VPN for Chromecast and Routers
If you want to secure all of your devices and make sure that your internet connection cannot be hacked, then you’re probably already thinking about which VPN you should get.
Both myself and our VPN experts agree that ExpressVPN should be your go-to router VPN provider. This provider offers an impeccable service, has the best customer support team on the market, and has a long list of VPN installation instructional videos covering a diverse set of router makes and models.
You don’t have to take my word for it, try it out for a whole month by benefiting from ExpressVPN’s 30-day money-back guarantee.
If you don’t feel like this is the VPN for you, feel free to check out these top recommended VPNs for Chromecast instead:
CastHack – Final Thoughts
There you have it, ladies and gents, the story behind CastHack and how you can stop that from happening to your devices. Remember to always upgrade all of your devices so as not to miss out on any important security updates.
Let me know in the comments what you thought about CastHack and do tell me if you have any more tricks on securing your internet connection!