Hacker hijacks thousands of Chromecasts and smart TVs to play PewDiePie ad
January 02, 2019 / Catalin Cimpanu
A hacker duo claims to have hijacked thousands of internet-exposed Chromecasts, smart TVs, and Google Home devices to play a video urging users to subscribe to PewDiePie's YouTube channel. The main hacker behind this hacking campaign --codenamed CastHack-- is known online as TheHackerGiraffe. The hacker explained on Twitter that CastHack takes advantage of users who use incorrectly configured routers that have the UPnP (Universal Plug'n'Play) service enabled, service which forwards specific ports from the internal network on the Internet. The ports are 8008, 8009, and 8443, which are normally used by smart TVs, Chromecasts, and Google Home for various management functions. The devices expose these ports on internal networks, where users can send commands from their smartphones or computers to the devices for remote management purposes. But routers with incorrectly configured UPnP settings are making these ports available on the internet.