Hacker group finds a way to gain root access to Chromecast

Jul 29, 2013 by Bob Yirka weblog
Hacker group finds a way to gain root access to Chromecast

(Phys.org) —GTVHacker has posted a blog entry describing a hack they've done on Google's new streaming stick Chromecast. Because the process is so simple, it appears as if Google intentionally left the "vulnerability" open for hackers and other commercial enterprises to exploit, much as they have done with Android devices.

Chromecast is a small (flash drive sized) device that connects directly to a television's HDMI port. Once installed it allows for wirelessly from a computer or handheld device to the . Principle streaming sources include Netflix and YouTube. The introduction of Chromecast created quite a stir when it was released last week as its price is a mere $35. As has been the case with virtually every other hardware device released to the public, hackers appear to have set to work trying to gain access to control the device in ways not intended by the manufacturer.

GTVHacker notes that the OS on the device is not Chrome (as its name implies) but a stripped down version of the software used to run Google TV. To gain access, a was attached to the device and then the power on/off button was held down (causing it to boot to USB mode) as the device was being powered on. Natural code on the device calls for a signed image to be detected on the USB device. As no verification of the image was required, the hackers were able to execute other code that they had written. Specifically, their hack allows for spawning a root shell on port 23.

That a hacker team was able to find such a vulnerability and exploit it in just four days is likely no surprise to Google. They've been using the services of hacker groups to help test new products since the introduction of Gmail and Android—doing so led to the early development of smartphone apps, and Google is no doubt hoping the same thing happens with Chromecast—early reports suggest its native applications are severely limited. The hack found by the team at GTVHacker means that pretty much anyone that wishes can development custom apps for the device, perhaps making it worth far more than its list price.

Explore further: BlackBerry sets new phone launch in revival bid

Related Stories

QR code security vulnerability found with Google Glass

Jul 18, 2013

Engineers at Lookout Mobile Security have discovered a previously unknown security vulnerability with Google's project Glass wearable headset. Marc Rogers reports on the company's web site that engineers found that when pictures were taken of pri ...

Google coming out with two new Android phones

May 31, 2013

Google revealed Thursday that it has two new sophisticated Android smartphones in the works, one of which will have the unprecedented distinction of being made in the United States.

Recommended for you

Samsung may launch first Tizen phone in India

Sep 22, 2014

Samsung Electronics Co., which faces a slowdown in emerging market smartphone sales, will release its long-delayed Tizen-powered handset in India before the end of this year, a report said Monday.

Microsoft delays launch of Xbox in China

Sep 22, 2014

Microsoft, which was due to launch the Xbox One in China on Tuesday, has said it will put back the "historic" event to later this year, slowing what was billed as the first game console to enter the market ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

jwillis84
3.5 / 5 (2) Jul 29, 2013
Clever.. imagine using it as a wireless gateway to cloud services. Even an App launcher.

The fundamental unit of useful devices has always been the framebuffer and input device. With USB they could quite literally accept anything, even store the device drivers in the Cloud.. sort of like the Logitech Harmony remote.

A USB bus or WiFi bus that links to the Home network, could begin to do things like connect anything to anything and Orchestrate home services.

It looks small and simple, but its truly a beach head "server" which could leverage various legacy and future network connected devices like a local premise "swarm" to get you the best benefit for whatever you have on hand in your home.. an iPhone, a Android phone a Roomba, a Desktop, a Laptop.. off hours, on powered off battery or direct connect.. all of these are loaded with sensors and various options for processing on premise.. even manipulating the Envrionment.. NEST anyone?

Everyone will have a different ChromeSwarm