Hacker group finds a way to gain root access to Chromecast

Jul 29, 2013 by Bob Yirka weblog
Hacker group finds a way to gain root access to Chromecast

(Phys.org) —GTVHacker has posted a blog entry describing a hack they've done on Google's new streaming stick Chromecast. Because the process is so simple, it appears as if Google intentionally left the "vulnerability" open for hackers and other commercial enterprises to exploit, much as they have done with Android devices.

Chromecast is a small (flash drive sized) device that connects directly to a television's HDMI port. Once installed it allows for wirelessly from a computer or handheld device to the . Principle streaming sources include Netflix and YouTube. The introduction of Chromecast created quite a stir when it was released last week as its price is a mere $35. As has been the case with virtually every other hardware device released to the public, hackers appear to have set to work trying to gain access to control the device in ways not intended by the manufacturer.

GTVHacker notes that the OS on the device is not Chrome (as its name implies) but a stripped down version of the software used to run Google TV. To gain access, a was attached to the device and then the power on/off button was held down (causing it to boot to USB mode) as the device was being powered on. Natural code on the device calls for a signed image to be detected on the USB device. As no verification of the image was required, the hackers were able to execute other code that they had written. Specifically, their hack allows for spawning a root shell on port 23.

That a hacker team was able to find such a vulnerability and exploit it in just four days is likely no surprise to Google. They've been using the services of hacker groups to help test new products since the introduction of Gmail and Android—doing so led to the early development of smartphone apps, and Google is no doubt hoping the same thing happens with Chromecast—early reports suggest its native applications are severely limited. The hack found by the team at GTVHacker means that pretty much anyone that wishes can development custom apps for the device, perhaps making it worth far more than its list price.

Explore further: Seattle Sounders score with SQL Server and fitness-tracking technology

Related Stories

QR code security vulnerability found with Google Glass

Jul 18, 2013

Engineers at Lookout Mobile Security have discovered a previously unknown security vulnerability with Google's project Glass wearable headset. Marc Rogers reports on the company's web site that engineers found that when pictures were taken of pri ...

Google coming out with two new Android phones

May 31, 2013

Google revealed Thursday that it has two new sophisticated Android smartphones in the works, one of which will have the unprecedented distinction of being made in the United States.

Recommended for you

Form Devices team designs Point as a house sitter

3 hours ago

A Scandinavian team "with an international outlook" and good eye for electronics, software and design aims to reach success with what they characterize as "a softer take" on home security. Their device is ...

Amazon offers Washington Post app on Kindle

Nov 20, 2014

Amazon said Thursday it will offer a free Washington Post app to Kindle users for six months, a move highlighting the digital strategy for the newspaper owned by Jeff Bezos.

Gift Guide: Help your selfie with some add-on gear

Nov 20, 2014

Not all selfies are created equal. Some are blurry, are poorly framed or miss the action entirely because you might be scrubbing your thumb fishing for a virtual shutter button as the moment passes you by.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

jwillis84
3.5 / 5 (2) Jul 29, 2013
Clever.. imagine using it as a wireless gateway to cloud services. Even an App launcher.

The fundamental unit of useful devices has always been the framebuffer and input device. With USB they could quite literally accept anything, even store the device drivers in the Cloud.. sort of like the Logitech Harmony remote.

A USB bus or WiFi bus that links to the Home network, could begin to do things like connect anything to anything and Orchestrate home services.

It looks small and simple, but its truly a beach head "server" which could leverage various legacy and future network connected devices like a local premise "swarm" to get you the best benefit for whatever you have on hand in your home.. an iPhone, a Android phone a Roomba, a Desktop, a Laptop.. off hours, on powered off battery or direct connect.. all of these are loaded with sensors and various options for processing on premise.. even manipulating the Envrionment.. NEST anyone?

Everyone will have a different ChromeSwarm

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.