Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The "Rickmote Controller" Can Hijack Any Google Chromecast

samzenpus posted about 2 months ago | from the never-going-to-give-you-up dept.

Google 131

redletterdave writes Dan Petro, a security analyst for the Bishop Fox IT consulting firm, built a proof of concept device that's able to hack into any Google Chromecasts nearby to project Rick Astley's "Never Gonna Give You Up," or any other video a prankster might choose. The "Rickmote," which is built on top of the $35 Raspberry Pi single board computer, finds a local Chromecast device, boots it off the network, and then takes over the screen with multimedia of one's choosing. But it gets worse for the victims: If the hacker leaves the range of the device, there's no way to regain control of the Chromecast. Unfortunately for Google, this is a rather serious issue with the Chromecast device that's not too easy to fix, as the configuration process is an essential part of the Chromecast experience.

cancel ×

131 comments

Sorry! There are no comments related to the filter you selected.

Maybe it's just me ... (2)

caferace (442) | about 2 months ago | (#47503463)

But I find that kind of awesome. :)

Kind of.

Soylent News: By white people for white people. (-1)

Anonymous Coward | about 2 months ago | (#47503491)

Do you hate minorities and gay people? Do you think we should bring back nigger lynching? Do you pine for the days of Jim Crow?

If so, join SoylentNews.org [soylentnews.org] and show us your support! Heil Hitler!

- NCommander

Re:Soylent News: By white people for white people. (-1)

Anonymous Coward | about 2 months ago | (#47503583)

As if slashdot isn't a privileged white male monoculture either.
Well, a graying white male monoculture at least.

Re:Soylent News: By white people for white people. (0)

Anonymous Coward | about 3 months ago | (#47504747)

As if slashdot isn't a privileged white male monoculture either.
Well, a graying white male monoculture at least.

You should check a few social media analysis sites - in fact, most of Slashdot's demographic are from India and Pakistan, under 35 and working in call centers and/or SMM teams.

Re:Soylent News: By white people for white people. (-1)

Anonymous Coward | about 3 months ago | (#47505203)

Beta is sooo gay

Re:Soylent News: By white people for white people. (1)

ArcadeMan (2766669) | about 2 months ago | (#47504059)

I was waiting for an ironic "Pepperidge Farm Remembers" ending.

Re:Maybe it's just me ... (1)

Isca (550291) | about 2 months ago | (#47503497)

It's awesome except for the 35 dollars someone is out.

Hopefully it has a tool in it that deauth's it again when you are done to make it just inconvenient.

Re:Maybe it's just me ... (2)

caferace (442) | about 2 months ago | (#47503529)

There is always a fix. I doubt people are going to be wardriving for Chromecasts. Does it suck from a security standpoint? Yes. But the guys at least have a sense of humour. Better than goatse, right?

Re:Maybe it's just me ... (4, Funny)

CanHasDIY (1672858) | about 2 months ago | (#47503545)

Per TFA - you can totally point it to goatse rather than Rick Astley.

Although for some people, there's little actionable difference between the two.

Re:Maybe it's just me ... (2)

caferace (442) | about 2 months ago | (#47503573)

But think of the children! Oh. Wait. Yeah. They'd be scarred for life either way.

Re:Maybe it's just me ... (2)

JDeane (1402533) | about 2 months ago | (#47504235)

We could combine the two... maybe a Rick Roll Goatse mega combo?

Re:Maybe it's just me ... (0)

Anonymous Coward | about 2 months ago | (#47504077)

> Better than goatse, right?

You mean the final goal of the world cup? (by Mario Goetze)

What's wrong with that?

Mario Goatse (2)

tepples (727027) | about 3 months ago | (#47504689)

I'm not sure kids should be exposed to Mario Goatse [nocookie.net] .

Re:Maybe it's just me ... (1)

exomondo (1725132) | about 3 months ago | (#47505131)

Unlikely sir. They spell and pronounce their name differently.

Re:Maybe it's just me ... (0)

Guspaz (556486) | about 2 months ago | (#47503559)

They're not out $35, it's basically a jammer, and only works while in range of the chromecast's wifi.

A wifi jammer would make the chromecast just as inoperable.

Re:Maybe it's just me ... (4, Informative)

2muchcoffeeman (573484) | about 2 months ago | (#47503597)

That's not what it says in the post: "The 'Rickmote,' which is built on top of the $35 Raspberry Pi single board computer, finds a local Chromecast device, boots it off the network, and then takes over the screen with multimedia of one's choosing. ... But it gets worse for the victims: If the hacker leaves the range of the device, there's no way to regain control of the Chromecast."

So ... yeah, it's never gonna give you up.

Re:Maybe it's just me ... (2)

Altus (1034) | about 2 months ago | (#47503761)

Once you have set a chrome cast playing some media it is doing it all on its own and it requires commands from another device to get it to stop... or it comes to the end of the media but it could be set up to repeat over and over. If you can't control the chromecast anymore its pretty useless.... I'm guessing there is a way to factory reset the device and start over.

Re:Maybe it's just me ... (5, Informative)

Anonymous Coward | about 2 months ago | (#47503809)

25 seconds of holding a button, and your device is yours again. It's annoying, but it's not like an attacker is stealing your identity and financial information with this.

https://support.google.com/chr... [google.com]

There are two ways to Factory Data Reset (FDR) your Chromecast:
- Factory Data Reset your Chromecast from the Chromecast app. You will find the option to FDR under ‘Settings’ or ‘Menu’ or
- Physically hold down the button on your Chromecast for at least 25 seconds or until the solid light begins flashing.

Re:Maybe it's just me ... (4, Informative)

viperidaenz (2515578) | about 2 months ago | (#47504391)

... there's no way to regain control of the Chromecast unless you RTFM and press the reset button

Re:Maybe it's just me ... (0)

fullmetal55 (698310) | about 2 months ago | (#47503609)

Actually, from TFS

"But it gets worse for the victims: If the hacker leaves the range of the device, there's no way to regain control of the Chromecast. "

so no, it doesn't only work while in range of the chromecast's wifi... It bricks the device...

Re:Maybe it's just me ... (2, Informative)

Anonymous Coward | about 2 months ago | (#47503685)

I wondering if that part of the article is correct. There is a hard reset button on the chromecast that you can use to force it into initialization mode. I'm wondering if that could be used to gain back control of it.

EARN TODAY (-1)

Anonymous Coward | about 2 months ago | (#47503799)

You can Make 300 Dollars free Today
Login & Earn
http://JobandPay.com/?id=68942

Re:EARN TODAY (-1, Offtopic)

ArcadeMan (2766669) | about 2 months ago | (#47504071)

I got an even better deal: you can earn 300+ satoshi every hour [freebitco.in] , every day, starting right now!

Re:Maybe it's just me ... (1)

chuckugly (2030942) | about 2 months ago | (#47503765)

I doubt it - I suspect the CC merely has no way to reenter deauth without outside intervention; you'd probably need a non-malicious version of Rickmote to re-deauth it and have it ready to set up again.

Re:Maybe it's just me ... (0)

Anonymous Coward | about 2 months ago | (#47503639)

They're not out $35, it's basically a jammer, and only works while in range of the chromecast's wifi.

A wifi jammer would make the chromecast just as inoperable.

Either your reading comprehension is the same as my dog's or we've devolved from RTFA to RTFS (summary). From the summary "If the hacker leaves the range of the device, there's no way to regain control of the Chromecast." So, no, it isn't just a jammer. It's more like EMP.

Re:Maybe it's just me ... (5, Funny)

Anonymous Coward | about 2 months ago | (#47503733)

Holy shit! I was pretty surprised to hear about a security hole in Chromecast, but I was really flabbergasted to hear about your DOG THAT CAN FUCKING READ!

Re:Maybe it's just me ... (0)

Anonymous Coward | about 2 months ago | (#47503857)

lol ... i think he was suggesting that the posters reading comprehension was zero ... not that his dog could read. but if i had mod points i would so +1 that as Funny

Re:Maybe it's just me ... (1)

gbjbaanb (229885) | about 2 months ago | (#47503711)

Did you even read the summary?!

But it gets worse for the victims: If the hacker leaves the range of the device, there's no way to regain control of the Chromecast

Re:Maybe it's just me ... (1)

khellendros1984 (792761) | about 2 months ago | (#47504287)

I suspect that the article and summary are inaccurate. There's a factory reset button on the Chromecast, and it from the description of the device, it's just de-authing the CC from the network it's connected to, configuring it to connect to the Pi, and sending a command to display a link. I've used that button to delete the config and set up the CC at a friend's house, and none of the text descriptions on this story make it sound like the Rickmote is doing anything else.

Re:Maybe it's just me ... (0)

Anonymous Coward | about 2 months ago | (#47503803)

According to TFA and as quoted in the summary your Chromecast is lost to you as soon as the prankster ends his/hers wifi connection to your Chromecast, so yes you are out the $35. Unless you know the name of the of wifi net created by the prankster you can't send a new DEAUTH to your Chromecast to reset it back to factory default.

Re:Maybe it's just me ... (2)

profplump (309017) | about 2 months ago | (#47504047)

But you can just hard-reset the Chromecast and reconfigure it for the network you want it to use. If the article says otherwise it's wrong.
https://support.google.com/chr... [google.com]

To quote the manual:
"There are two ways to Factory Data Reset (FDR) your Chromecast: Factory Data Reset your Chromecast from the Chromecast app. You will find the option to FDR under ‘Settings’ or ‘Menu’ or Physically hold down the button on your Chromecast for at least 25 seconds or until the solid light begins flashing."

Re:Maybe it's just me ... (1)

Anonymous Coward | about 2 months ago | (#47503601)

The story is sort of bullshit though; Chromecasts have a factory reset function. So getting control back is not as simple as fire up Netflix and tell it to cast - but it IS as simple as firing up the Chromecast app itself and resetting the Chromecast and configuring it back to your network. Not that big of a deal really. No, my mom wouldn't get through it until she called me for help first. But my kids would get through it on their own.

Re: Maybe it's just me ... (0)

Anonymous Coward | about 2 months ago | (#47503531)

I can see it now (unfortunately) : Drive By Goatse

Re:Maybe it's just me ... (0)

Anonymous Coward | about 2 months ago | (#47503591)

But I find that kind of awesome. :)

Kind of.

Rickrolling was soooo 2008...all the cool hackers these days are going retro with goatse lemon parties.

Yeah, explain that kind of awesome to your kid when they want to watch Spongebob...

Re: Maybe it's just me ... (-1)

Anonymous Coward | about 2 months ago | (#47503793)

I had a little Muslim no bigger than my thumb I put him in a pint pit and there I let him drum. He had a little bomb belt and blasted me to hell. Of you have a Muslim just fill the pit as well.

Re:Maybe it's just me ... (0)

Anonymous Coward | about 2 months ago | (#47504483)

It was really awesome six months ago when the video was posted.

But the internet of thiiiiiiings! (0)

Anonymous Coward | about 2 months ago | (#47503477)

Truly we have seen the future: Now you can Rickroll people without any effort on their part. Can't wait to do this on fridge TVs.

Security in an app-based device? (-1)

Anonymous Coward | about 2 months ago | (#47503493)

Did you *really* expect an app-based device to have any security whatsoever? You should be thankful they don't try charging you $0.99 every time you play a video.

Have a feeling (-1)

Anonymous Coward | about 2 months ago | (#47503547)

Snowden is somehow involved.

Goatse (1)

tippe (1136385) | about 2 months ago | (#47503563)

Couldn't he have just displayed a Goatse and have been done with it? What he did was in poor taste; don't security researchers have any professionalism any more? Seriously, there should be a law against this sort of thing... [techsmartly.net]

Re:Goatse (1)

gmagill (105538) | about 2 months ago | (#47503917)

With most web-email showing previews of enclosed links, it's much harder to accomplish the rolling of Rick via email. This guy deserves our praise for seeking out creative alternatives.

Re:Goatse (1)

viperidaenz (2515578) | about 2 months ago | (#47504369)

I just get a message saying "You've been rickrolled! EPIC EPIC EPIC" followed by "This plugin is disabled"

Rickfail?

What an awesome security hole! (4, Funny)

NoNonAlphaCharsHere (2201864) | about 2 months ago | (#47503567)

That's right up there with the Windows Explorrer thing that executed arbitrary code from a bitmap file when you visited the directory it lived in. Kudos to Google for keeping up.

Doesn't this require access to your network (0)

m00sh (2538182) | about 2 months ago | (#47503579)

Doesn't this first require that you can get into the chromecast's wireless network first?

If you can get on someone's wireless network, there is a lot of things you can do.

Can't this be easily solved by making the process of jumping to a different wireless router in the configuration mode more secure.

After the hacker leaves the range, then the chromecast will not connect to the original network. I don't know if the chormecast installation tool can reconnect to it and reconfigure the network it connects to.

Re:Doesn't this require access to your network (5, Informative)

Anonymous Coward | about 2 months ago | (#47503653)

Quote the article: "When the Chromecast receives the “deauth” command, it returns to its configuration mode, leaving it open for a device — in this case, the Rickmote — to configure it. At that point, the Rickmote tells the Chromecast to connect to its own WiFi network, at which point, Google’s streaming stick is effectively hacked."

Imagine Dr. Evil making air quotes: "Security."

Re:Doesn't this require access to your network (2)

Xylantiel (177496) | about 2 months ago | (#47504041)

Seems like this is trivial to fix by requiring a physical button press to return to the configuration mode after the Chromecast is successfully configured onto a wifi network.

Re:Doesn't this require access to your network (2)

m00sh (2538182) | about 2 months ago | (#47504259)

Quote the article: "When the Chromecast receives the “deauth” command, it returns to its configuration mode, leaving it open for a device — in this case, the Rickmote — to configure it. At that point, the Rickmote tells the Chromecast to connect to its own WiFi network, at which point, Google’s streaming stick is effectively hacked."

Imagine Dr. Evil making air quotes: "Security."

In order to give the deauth command, you have to be in the same network as the Chromecast.

So, you can't rick roll a chromecast unless you find a way to get into the network that has the chromecast.

I can see this being a problem in offices and other places where a large number of people connect to the same wifi hotspot but this is not a problem at home.

An easier way to rick roll would be to just pull out your youtube app and then start rick roll on the chromecast. This will stop whatever it is playing before and play the rick roll video.

Re:Doesn't this require access to your network (1)

Anonymous Coward | about 3 months ago | (#47504665)

You do not have to be on the network to broadcast deauth commands.

Re:Doesn't this require access to your network (0)

Anonymous Coward | about 3 months ago | (#47504785)

Technically correct, the best kind of correct -- you don't have to be on any network to broadcast deauth commands (just like you don't need a toilet to shit). Except in this case, what exactly is receiving those commands? Certainly not the Chromecast.

Re:Doesn't this require access to your network (1)

Anonymous Coward | about 3 months ago | (#47505209)

wtf are you talking about? at what point did you get the impression that you have to be on the network?

The process is to use a deauth attack (you don't have to be on the network to do that) to knock the chromecast off the network at which point you can connect to the chromecast's own wifi network that is used for setup and take control of it.

Re:Doesn't this require access to your network (0)

Anonymous Coward | about 2 months ago | (#47504275)

Heh... You'd have thought they'd have thought about this one, but nooo...

You can nuke nearby Glassholes the same way (though it doesn't seem to hijack them...).

Re:Doesn't this require access to your network (0)

Anonymous Coward | about 3 months ago | (#47504843)

As far as I understand it, the whole idea behind chromecast is, that anyone on the same network can fully use it.
There is not even any kind of password. If you are on the network, you get full access. That's part of what makes it so useful.

Maybe they should put a password in front off the admin functionality (like deauth), which you set at the initial setup and just keep media options open for all.

But really,if you want to rickroll, you can do that without any kind of hijack.. Just play the video?

Re:Doesn't this require access to your network (0)

Anonymous Coward | about 2 months ago | (#47503697)

If the Chromecast can actually be made to load a different OS from the network, then that OS need not be as trusting as the original OS, which allows basically anyone to reconfigure it remotely after a deauth packet, which is always unencrypted and thus can also be sent by anyone. Assuming that the Chromecast does not always need to be reconfigured after being powered up, the saved "hacked" configuration could make it difficult for ordinary users to return the device to normal operation.

Pardon for clearification (0)

ADRA (37398) | about 2 months ago | (#47503599)

"boots it off the network"

How exactly is that accomplished? I'd assume that anyone inside a network has basically unfettered access to the device, but how would a 'drive by' attacker be able to accomplish this?

Re:Pardon for clearification (0)

Anonymous Coward | about 2 months ago | (#47503791)

My understanding is that the rickmote has a wifijammer in it. When the network isn't found by the chrome cast it opens it's own access point for configuration.

Re:Pardon for clearification (0)

Anonymous Coward | about 2 months ago | (#47503819)

ah, thanks for clarifying. The chromecast was extremely easy to set up, I remember being surprised at how smooth it was. Now they'll have to "fix" that.

Re:Pardon for clearification (1)

sjames (1099) | about 2 months ago | (#47503855)

With a Pringles can.

Re:Pardon for clearification (1)

Lehk228 (705449) | about 3 months ago | (#47504987)

because google potato'd the security

Better version of TFA (5, Informative)

fph il quozientatore (971015) | about 2 months ago | (#47503631)

Article in original content format, without ads: here [youtube.com]

Re:Better version of TFA (2, Insightful)

NoNonAlphaCharsHere (2201864) | about 2 months ago | (#47503725)

Gosh, I wonder what item on YouTube THAT could point to...

BROWqjuTM0g is a Rickroll. This isn't. (1)

tepples (727027) | about 3 months ago | (#47504725)

That's a looped Rickroll. Instead, have this video about music on android [youtube.com] .

Re:Better version of TFA (2)

paiute (550198) | about 3 months ago | (#47504717)

Article in original content format, without ads:

It just isn't the same with a 15 second ad tacked on the front.

Secure pairing is hard (4, Interesting)

Animats (122034) | about 2 months ago | (#47503637)

This is a general problem with devices that are "paired". How do you securely establish the initial connection, when neither side knows anything about the other?

The secure solutions involve some shared secret between the two devices. This requires a secure transmission path between the devices, such as typing in a generated key (like a WPA2 key) or physically carrying a crypto key carrier to each device (this is how serious cryptosystems work).

Semi-secure systems involve things like creating a short period of temporary vulnerability (as with Bluetooth pairing). There's a scheme for sharing between cellphones where you bump the phones together, and they both sense the deceleration at close to the same time.

Re:Secure pairing is hard (1)

Anonymous Coward | about 2 months ago | (#47503759)

"The secure solution involve some shared secret between the two devices." You mean like the TV displaying a code and the user entering it on the device he's pairing with?
 
  Of course that's probably incredibly difficult to implement and places such a huge burden on the user. /sarcasim

Re:Secure pairing is hard (0)

Anonymous Coward | about 2 months ago | (#47504009)

And again Windows become a security hole!

Re:Secure pairing is hard (0)

Anonymous Coward | about 2 months ago | (#47503777)

If you can physical see both devices then surely Diffie-Hellman solves this problem?

Secure pairing is hard (1)

QuantumReality (3756741) | about 2 months ago | (#47503789)

If you would know anything about cryptography possibilities then you would know that you can exchange data even using unsecured channel... Use standard with asymmetric key encryption. Even simple DiffieÃ"Hellman key exchange solves all your problems.

Re:Secure pairing is hard (1)

viperidaenz (2515578) | about 2 months ago | (#47504355)

How does Diffie-Hellman key exchange provide identification of the other party?
It allows the exchange of secret data (keys) over an insecure link.
It is not possible to determine who the other party is. That's where PKI comes in, which doesn't require Diffie-Hellman key exchange at all.

Re:Secure pairing is hard (3, Insightful)

Miamicanes (730264) | about 3 months ago | (#47504861)

Canonical Diffie-Hellman is vulnerable to MITM attacks when both parties are mutually-anonymous. There are ways to reduce the risk, but at the end of the day, unless at least one party knows who it's supposed to be talking to & can independently verify the other party's identity and the integrity of key-exchange traffic supposedly taking place with it, you can never know for sure that you aren't having a securely-encrypted conversation with an attacker.

AFAIK, there's no currently known way to achieve 100% mutually-anonymous key exchange that isn't also vulnerable to MITM. Every few months, someone proposes one, and someone like Schiener usually takes one look at it and casually mentions a half-dozen ways it can be defeated in between sips of coffee.

Re:Secure pairing is hard (2)

tlhIngan (30335) | about 2 months ago | (#47503963)

This is a general problem with devices that are "paired". How do you securely establish the initial connection, when neither side knows anything about the other?

The secure solutions involve some shared secret between the two devices. This requires a secure transmission path between the devices, such as typing in a generated key (like a WPA2 key) or physically carrying a crypto key carrier to each device (this is how serious cryptosystems work).

Semi-secure systems involve things like creating a short period of temporary vulnerability (as with Bluetooth pairing). There's a scheme for sharing between cellphones where you bump the phones together, and they both sense the deceleration at close to the same time.

Or, given the nature of the device as it's physical, it can be a sticker on the device itself. Or given that it has to be connected to a TV, the security pairing code can be displayed on the TV as well and the user enters that code in.

The nature of the Chromecast means there is a secure physical channel to allow such communications to take place.

Re:Secure pairing is hard (1)

bill_mcgonigle (4333) | about 2 months ago | (#47504289)

Or given that it has to be connected to a TV, the security pairing code can be displayed on the TV as well and the user enters that code in.

Anything the Chromecast can connect to is at least 720p - plenty for a QR code with a fairly beefy key.

Re:Secure pairing is hard (1)

tepples (727027) | about 3 months ago | (#47504749)

Good luck taking a picture of a QR code with a desktop computer. A 40-bit key fingerprint using eight base32 characters should be enough for home use.

Re:Secure pairing is hard (1)

discord5 (798235) | about 2 months ago | (#47504003)

This is a general problem with devices that are "paired". How do you securely establish the initial connection, when neither side knows anything about the other?

The problem isn't the initial connection really. Sure, there's an attack window there, but if it weren't for the actual problem it wouldn't have been as easily exploitable as it appears to be. The problem is that it is trivial once the Chromecast is connected to the WLAN to force it to reconfigure.

The Youtube video of his presentation [youtube.com] (no transcript, sorry, go listen to it in the background while doing something else) makes it clear that it's trivially simple to get the device looking for a suitable partner again. If I understand it correctly the attacker sends one (or several) deauth frame(s) to the network and within 5 seconds the Chromecast will start looking for a new network at which point the attacker can take over control of the device.

The thing is, this was a userfriendly feature for when you're using your Chromecast device on other networks. If the developers had required a physical button press (on that nice reset button would've been fine), the attack window would've been just during the pairing, which is a much smaller attack window. While it doesn't take away the pairing issues you mentioned, but the beauty of this attack really lies in how easy it is to make Chromecast hop onto another network.

Semi-secure systems involve things like creating a short period of temporary vulnerability (as with Bluetooth pairing).

Which is the case as far as I understand it. The chromecast is vulnerable until it is configured. The attack just makes reconfiguration trivial because there's no physical intervention required.

Nowhere in TFA (3, Insightful)

OverlordQ (264228) | about 2 months ago | (#47503651)

If the hacker leaves the range of the device, there’s no way to regain control of the Chromecast

Nowhere in TFA does it say why a Factory Data Reset wont fix that.

Re:Nowhere in TFA (1)

Anonymous Coward | about 2 months ago | (#47503737)

So Rick is only going to give you up after a Factory Data Reset?

Re:Nowhere in TFA (1)

rsborg (111459) | about 2 months ago | (#47503773)

So Rick is only going to give you up after a Factory Data Reset?

The lyrics take on a whole new meaning with this exploit :)

Re:Nowhere in TFA (-1)

Anonymous Coward | about 2 months ago | (#47503891)

Problem is there isn't a reset button on chromecast.

Re:Nowhere in TFA (1)

Anonymous Coward | about 2 months ago | (#47503961)

It's not really much of a fix if the attacker can just do the same attack again immediately.

Re:Nowhere in TFA (-1, Flamebait)

Anonymous Coward | about 2 months ago | (#47504155)

Who gives a fuck. Learn to love watching whatever faggot pr0n someone puts on your screen, dick smoker.

Re:Nowhere in TFA (2)

rreay (50160) | about 3 months ago | (#47504679)

Because the summary is wrong. The article says exactly the opposite of the summary. (bold mine)

But it gets worse for the victims: If the hacker's Rickmote stays within the range of the device, even if you turn the Chromecast off and on again, it will constantly reconnect to the Rickmote â" "thus the Rickroll keeps going indefinitely," Petro told BI.

Where's the factory-reset button? (2, Interesting)

davidwr (791652) | about 2 months ago | (#47503691)

If the hacker leaves the range of the device, there's no way to regain control of the Chromecast.

Where's the factory-reset button when you need it?

Consumer-electronics that aren't so cheap they are "disposable" should have a "reset to last known good state" hardware button and for some types of devices, a "save current state as known good state" hardware button. If the second button is missing, the "factory fresh state" will forever be the only "last known good state."

The second button is needed for installing "bios-level" anti-theft software and the like that can't be undone by the first button, if the customer wants to make that software non-uninstallable by a security-savvy thief should it be stolen.

For some products, one or both of these buttons may require opening the case and breaking tamper-evident seals, but they should exist, and they should be true hardware buttons, not defeat-able by software.

They need to be hardware buttons so a virus or malware doesn't "press" them, defeating the purpose of being able to "roll back" the machine to a previous state.

Re:Where's the factory-reset button? (5, Informative)

Anonymous Coward | about 2 months ago | (#47503727)

http://www.tnet.com/products/devices/chromecast/resetbutton

it does.

Re:Where's the factory-reset button? (0)

Anonymous Coward | about 2 months ago | (#47503813)

"If the hacker leaves the range of the device, there's no way to regain control of the Chromecast."

Unforunately is just someones crappy summary, The actual video which discusses the problem is that the chromecast is under control whist the attacking network is still there. i.e. On a portable device (as described) it'll likely be limited life. More of a problem would be if I accidentally (or otherwise) did this to a neighbour and connected them up to my wifi, which will be pretty long lived.

However it will still accept the same deauth as got us here in the first place, and disconnecting and going somewhere else out of range of the attacker does likewise.

Re: Where's the factory-reset button? (0)

Anonymous Coward | about 2 months ago | (#47503883)

The second button is for installing a ransomware trojan or other pleasantry onto the majority of unsecured devices out in the wild. In other words, fuck no. Skip the second button.

Re:Where's the factory-reset button? (5, Informative)

Threni (635302) | about 2 months ago | (#47504461)

> Where's the factory-reset button when you need it?

It's on the Chromecast.

> They need to be hardware buttons

It's a hardware button.

No way to regain control? (0)

Anonymous Coward | about 2 months ago | (#47503699)

Chromecasts have a reset button next to the USB port.

Note to Google Users: (1, Insightful)

Jane Q. Public (1010737) | about 2 months ago | (#47503731)

If Google can "remotely configure" your device, then so can someone else if they're determined enough.

Duh.

Re:Note to Google Users: (0)

Anonymous Coward | about 2 months ago | (#47504241)

If Google can "remotely configure" your device, then so can someone else if they're determined enough.

What would be really fun is if you could, somehow, turn the tables on this would-be hacker and use it to take over his network. Think about it: you detect that someone is trying to deauth and hack in to your network and, in response, chromecast blocks the deauth while simultaneously your paired device hacks into his network. Now that I think about it, this could be a fun project to work on.

All your network are belong to us now!

Could be worse (-1)

Anonymous Coward | about 2 months ago | (#47503751)

He could of linked to goats or two girls one cup.... etc...

What the hell is a "Chromecast"? (-1)

Anonymous Coward | about 2 months ago | (#47503771)

And isn't it just as easy to hack into your average cell phone and put whatever you want on there?

Wardriving + Rickmoting = ?? (1)

Baby Duck (176251) | about 2 months ago | (#47504255)

Cruisin' down the street
Real slow
While the Chromecasters be yellin'
RICKROLLED!

Rick mote (0)

Anonymous Coward | about 2 months ago | (#47504263)

CORL........ NEXT TRACK.

News just in (1)

viperidaenz (2515578) | about 2 months ago | (#47504307)

Person with access to your local network can configure network configurable device.

Where is the Raspberry Pi subsection? (0)

Anonymous Coward | about 2 months ago | (#47504345)

>built on top of the $35 Raspberry Pi

If it was built around a $200 Dell Laptop with an Intel Atom Processor, would you list all of that, too?

Raspberry Pi fetishists are truly the scum of the earth.

The point is the 35 USD (1)

tepples (727027) | about 3 months ago | (#47504759)

If it was built around a $200 Dell Laptop with an Intel Atom Processor, would you list all of that, too?

No. And the reason is that a $200 netbook costs a lot more than $35. Part of the perceived embarrassment is how cheap it is to build a rig that remotely 0wns someone's Chromecast device. If mentioning the Raspberry Pi brand is too much of a Slashvertisement to you, would "a $35 single-board computer" sound more honest?

Google is eternally "Beta" by default (1)

Bob_Who (926234) | about 2 months ago | (#47504445)

I think I read that in a EULA somewhere....

Anti-glasshole version (4, Interesting)

Stickerboy (61554) | about 3 months ago | (#47504701)

Waiting for the Google Glass version Rickmote. That one has endless possibilities...

Sparticus! (0)

Anonymous Coward | about 3 months ago | (#47504865)

We're gonna shange the world with Sparticus... Sparticus!!!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?