home.aspx
 
. https://securityboulevard.com/2019/01/hackers-hijack-chromecast-devices-and-smart-tvs-via-exposed-upnp/
blog article
HACKERS HIJACK CHROMECAST DEVICES AND SMART TVS VIA EXPOSED UPNP
A pair of hackers has launched a campaign that displays rogue messages on people’s smart TVs encouraging them to subscribe to a popular YouTube channel. The attack doesn’t seem to be malicious and is part of a larger campaign to promote PewDiePie, the YouTube channel with the largest number of subscribers that was recently in danger of being dethroned. Some weeks ago supporters started remote printing messages on internet-exposed printers and now it seems that they’ve switched to TVs. The attack takes advantage of ports 8008, 8443, 8009 which are used by Chromecast devices, Google Home and some smart TVs for management on internal networks. These management APIs don’t generally require authentication, but as long as they’re only available on LANs, the risk is not that great. The problem is that many home routers have broken Universal Plug and Play (UPnP) implementations and this feature, which is typically used for service discovery and automated configuration, can automatically expose those ports to the internet. This means hackers can then send commands directly to users’ TVs or attached Chromecast devices. READ MORE