Hacker group finds a way to gain root access to Chromecast

Jul 29, 2013 by Bob Yirka weblog
Hacker group finds a way to gain root access to Chromecast

(Phys.org) —GTVHacker has posted a blog entry describing a hack they've done on Google's new streaming stick Chromecast. Because the process is so simple, it appears as if Google intentionally left the "vulnerability" open for hackers and other commercial enterprises to exploit, much as they have done with Android devices.

Chromecast is a small (flash drive sized) device that connects directly to a television's HDMI port. Once installed it allows for wirelessly from a computer or handheld device to the . Principle streaming sources include Netflix and YouTube. The introduction of Chromecast created quite a stir when it was released last week as its price is a mere $35. As has been the case with virtually every other hardware device released to the public, hackers appear to have set to work trying to gain access to control the device in ways not intended by the manufacturer.

GTVHacker notes that the OS on the device is not Chrome (as its name implies) but a stripped down version of the software used to run Google TV. To gain access, a was attached to the device and then the power on/off button was held down (causing it to boot to USB mode) as the device was being powered on. Natural code on the device calls for a signed image to be detected on the USB device. As no verification of the image was required, the hackers were able to execute other code that they had written. Specifically, their hack allows for spawning a root shell on port 23.

That a hacker team was able to find such a vulnerability and exploit it in just four days is likely no surprise to Google. They've been using the services of hacker groups to help test new products since the introduction of Gmail and Android—doing so led to the early development of smartphone apps, and Google is no doubt hoping the same thing happens with Chromecast—early reports suggest its native applications are severely limited. The hack found by the team at GTVHacker means that pretty much anyone that wishes can development custom apps for the device, perhaps making it worth far more than its list price.

Explore further: No fumbling, just tap, say Moto X tattoo all-stars (w/ Video)

Related Stories

QR code security vulnerability found with Google Glass

Jul 18, 2013

Engineers at Lookout Mobile Security have discovered a previously unknown security vulnerability with Google's project Glass wearable headset. Marc Rogers reports on the company's web site that engineers found that when pictures were taken of pri ...

Google coming out with two new Android phones

May 31, 2013

Google revealed Thursday that it has two new sophisticated Android smartphones in the works, one of which will have the unprecedented distinction of being made in the United States.

Recommended for you

Xbox One update is big on friends, Blu-ray 3D support

Jul 21, 2014

An Xbox One August update is arriving for early-access users. Microsoft said, "We're looking forward to hearing feedback on features before we roll them out to all Xbox One consoles next month and beyond." ...

How Kindle Unlimited compares with Scribd, Oyster

Jul 18, 2014

Amazon is the latest—and largest—company to offer unlimited e-books for a monthly fee. Here's how Kindle Unlimited, which Amazon announced Friday, compares with rivals Scribd and Oyster.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

jwillis84
3.5 / 5 (2) Jul 29, 2013
Clever.. imagine using it as a wireless gateway to cloud services. Even an App launcher.

The fundamental unit of useful devices has always been the framebuffer and input device. With USB they could quite literally accept anything, even store the device drivers in the Cloud.. sort of like the Logitech Harmony remote.

A USB bus or WiFi bus that links to the Home network, could begin to do things like connect anything to anything and Orchestrate home services.

It looks small and simple, but its truly a beach head "server" which could leverage various legacy and future network connected devices like a local premise "swarm" to get you the best benefit for whatever you have on hand in your home.. an iPhone, a Android phone a Roomba, a Desktop, a Laptop.. off hours, on powered off battery or direct connect.. all of these are loaded with sensors and various options for processing on premise.. even manipulating the Envrionment.. NEST anyone?

Everyone will have a different ChromeSwarm