Connect with us

Gadgets

Google sat on a Chromecast bug for years, now hackers could wreak havoc – TechCrunch

Published

on

Google was warned of a bug in its Chromecast media streaming stick years ago, but did not fix it. Now, hackers are exploiting the bug — and security researchers say things could get even worse.

A hacker, known as Hacker Giraffe, has become the latest person to figure out how to trick Google’s media streamer into playing any YouTube video they want — including videos that are custom-made. This time around, the hacker hijacked thousands of Chromecasts, forcing them to display a pop-up notice that’s viewable on the connected TV, warning the user that their misconfigured router is exposing their Chromecast and smart TV to hackers like himself.

Not one to waste an opportunity, the hacker also asks that you subscribe to PewDiePie, an awful internet person with a popular YouTube following. (He’s the same hacker who tricked thousands of exposed printers into printing support for PewDiePie.)

The bug, dubbed CastHack, exploits a weakness in both Chromecast and the router it connects to. Some home routers have enabled Universal Plug and Play (UPnP), a networking standard that can be exploited in many ways. UPnP forwards ports from the internal network to the internet, making Chromecasts and other devices viewable and accessible from anywhere on the internet.

As Hacker Giraffe says, disabling UPnP should fix the problem.

“We have received reports from users who have had an unauthorized video played on their TVs via a Chromecast device,” a Google spokesperson told TechCrunch. “This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable,” the spokesperson said.

That’s true on one hand, but it doesn’t address the years-old bug that gives anyone with access to a Chromecast the ability to hijack the media stream and display whatever they want, because Chromecast doesn’t check to see if someone is authorized to change the video stream.

Hacker Giraffe sent this YouTube video to thousands of exposed Chromecast devices, warning that their streams could be easily hijacked. (Screenshot: TechCrunch)

Bishop Fox, a security consultancy firm, first found the bug in 2014, not long after the Chromecast debuted. The researchers found that they could conduct a “deauth” attack that disconnects the Chromecast from the Wi-Fi network it was connected to, causing it to revert back to its out-of-the-box state, waiting for a device to tell it where to connect and what to stream. That’s when it can be hijacked and forced to stream whatever the hijacker wants. All of this can be done in an instant — as they did — with a touch of a button on a custom-built handheld remote.

Two years later, U.K. cybersecurity firm Pen Test Partners discovered that the Chromecast was still vulnerable to “deauth” attacks, making it easy to play content on a neighbor’s Chromecasts in just a few minutes.

Ken Munro, who founded Pen Test Partners, says there’s “no surprise that somebody else stumbled on to it,” given both Bishop Fix found it in 2014 and his company tested it in 2016.

“In fairness, we never thought that the service would be exposed on the public internet, so that is a very valid finding of his, full credit to him for that,” Munro told TechCrunch. (Google said in a follow-up email that it’s working to fix the deauth bug.)

He said the way the attack is conducted is different, but the method of exploitation is the same. CastHack can be exploited over the internet, while Bishop Fox and his “deauth” attacks can be carried out within range of the Wi-Fi network — yet, both attacks let the hacker control what’s displayed on the TV from the Chromecast, he said.

Munro said Google should have fixed its bug in 2014 when it first had the chance.

“Allowing control over a local network without authentication is a really silly idea on [Google’s] part,” he said. “Because users do silly things, like expose their TVs on the internet, and hackers find bugs in services that can be exploited.”

Hacker Giraffe is the latest to resort to “Good Samaritan security,” by warning users of the issues and providing advice on how to fix them before malicious hackers take over, where tech companies and device makers have largely failed.

But Munro said that these kinds of attacks — although obnoxious and intrusive on the face of it — could be exploited to have far more malicious consequences.

In a blog post Wednesday, Munro said it was easy to exploit other smart home devices — like an Amazon Echo — by hijacking a Chromecast and forcing it to play commands that are loud enough to be picked up by its microphone. That’s happened before, when smart assistants get confused when they overhear words on the television or radio, and suddenly and without warning purchase items from Amazon. (You can and should turn on a PIN for ordering through Amazon.)

To name a few, Munro said it’s possible to force a Chromecast into loading a YouTube video created by an attacker to trick an Echo to: “Alexa, order an iPad,” or, “Alexa, turn off the house alarm,” or, “Alexa, set an alarm every day at 3am.”

Amazon Echos and other smart devices are widely considered to be secure, even if they’re prone to overhearing things they shouldn’t. Often, the weakest link are humans. Second to that, it’s the other devices around smart home assistants that pose the biggest risk, said Munro in his blog post. That was demonstrated recently when Canadian security researcher Render Man showed how using a sound transducer against a window can trick a nearby Amazon Echo into unlocking a network-connected smart lock on the front door of a house.

“Google needs to properly fix the Chromecast deauth bug that allows casting of YouTube traffic,” said Munro.



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Gadgets

Australia also wants Google to unbundle search from Android

Published

on

Enlarge / Let’s see, you landed on my “Google Ads” space, and with three houses… that will be $1,400.

Ron Amadeo / Hasbro

The Australian Competition and Consumer Commission (ACCC) is the latest government regulatory body to take issue with how Google does business. As Reuters reports, the ACCC wants Google to show a “choice screen” to Android users, allowing them to pick a default search engine other than Google Search. It also wants to limit Google’s ability to pay Apple and other vendors to be the default search engine on other platforms.

ACCC Chair Rod Sims explained the commission’s reasoning in a statement:

We are concerned that Google’s dominance and its ability to use its financial resources to fund arrangements to be the default search engine on many devices and other means through which consumers access search, such as browsers, is harming competition and consumers. Google pays billions of dollars each year for these placements, which illustrates how being the default search engine is extremely valuable to Google’s business model.

Market research firm Kantar says Android has a 60 percent share of the smartphone market, while on iOS and macOS, Google pays Apple an estimated $15 billion per year to be the default search on Safari. Google also pays Mozilla $400 million per year to remain the default on Firefox. Google has a 94 percent share of the Australian search engine market.

Google’s closest search competitor is Microsoft’s Bing, which has something like 2.5 percent market share worldwide. That’s despite being the default search engine on Windows, the world’s second most popular operating system. Google recently told an EU court that “Google” is the #1 search query on Bing, claiming that stat as evidence that users are choosing Google rather than being forced into using it.

Google has already gone through a similar Android unbundling change in the EU, which saw the company add ballot screens for the default search engine and default browser. The EU also shut down some provisions of Google’s standard “Mobile Application Distribution Agreement” (MADA) that OEMs needed to sign in order to license the Google apps. One change means that Google can’t force an “all-or-nothing” bundling of Google’s apps, so if an OEM wants a single app (like, say, the Play Store), it does not have to include every default Google app on its devices.

Android's EU search ballot.
Enlarge / Android’s EU search ballot.

Google

The EU also said that Google can’t restrict OEMs from forking Android. Previously, using the Android codebase in ways Google didn’t approve of would get an OEM kicked out of the Google Play ecosystem. South Korea also took issue with Google’s Android fork restrictions and fined the company $177 million, one of South Korea’s biggest fines ever.

Android’s business model doesn’t charge OEMs directly; instead, it generates revenue for Google through end-user Play Store purchases, Google Search queries, and Google ad impressions. These three areas are such moneymakers that not only can they completely fund Android development, but Google also offers a revenue-share program for Android OEMs, offering incentives like a kickback for each user’s search revenue.

Google’s response to all these changes was to start charging OEMs for Android if they went along with it. In the EU, OEMs can stick with Google’s preferred terms and the old revenue deals, or they can change things up by paying as much as $40 per device and potentially missing out on revenue-sharing deals.

The ACCC’s move isn’t a requirement yet—for now, it’s a potential measure that the regulator will put out for industry consultation in 2022.

Continue Reading

Gadgets

Raspberry Pi Zero 2 W: 5x faster than the original for $5 more

Published

on

Enlarge / The Raspberry Pi Zero 2 W.

The diminutive Raspberry Pi Zero is getting its first upgrade in nearly five years. Today, Raspberry Pi founder Eben Upton announced the Raspberry Pi Zero 2 W, a new $15 product that puts the processor from the Raspberry Pi 3 into a board the exact same size as the original Zero.

The new board swaps the old Zero’s 1 GHz single-core ARM11 processor for a quad-core Cortex A53-based Broadcom BCM2710A1 processor, also clocked at 1 GHz—the same processor used in the original Raspberry Pi 3 released back in 2016, albeit clocked slightly lower. This is a substantial increase in power and capability for the Pi Zero, going from one core to four and from 32 bits to 64.

Upton said that the performance increase over the original Zero “varies across workloads” but that for multithreaded tasks like those simulated by sysbench, “it is almost exactly five times faster.” Heat dissipation is provided by “thick internal copper layers” in the board, which should help prevent thermal throttling without the use of additional fans or heatsinks.

The Pi Zero 2 W should fit most cases and other accessories designed for the original model.
Enlarge / The Pi Zero 2 W should fit most cases and other accessories designed for the original model.

But the Pi Zero 2 W is still a low-powered, miniature version of the Pi, which means there’s just not a lot of physical space for other upgrades. The Zero 2 W still uses 512MB of RAM, 2.4 GHz 802.11n Wi-Fi with Bluetooth 4.2, and a single HDMI port along with two micro-USB ports (one for power, one for data) and a microSD card slot. Because it still uses the same Zero form factor, it should fit all existing cases and accessories made for the original Pi Zero.

Upton said that the company hopes to ship about 200,000 Pi Zero 2 W boards in the remainder of 2021 and an additional 250,000 in the first half of 2022. These numbers are being limited somewhat by ongoing chip shortages, which prompted a rare price increase for the flagship Raspberry Pi 4 model earlier this month.

The original Pi Zero W and the Wi-Fi-less Pi Zero will continue to be manufactured and sold for their original prices of $10 and $5, respectively.

Continue Reading

Gadgets

Review: Bigger screen and better lighting make for a nearly perfect Kindle Paperwhite

Published

on

Enlarge / The 11th-generation Kindle Paperwhite Signature Edition.

Andrew Cunningham

It’s the most reliable upgrade in tech: take a thing that was already good, and make the screen bigger.

From laptops to TVs to phones to game consoles to tablets to watches, the time-honored tradition of making the screen bigger has resulted in some excellent upgrades, at least as long as making the screen bigger doesn’t screw up anything else.

Amazon Kindle Paperwhite (11th gen, 2021)

(Ars Technica may earn compensation for sales from links on this post through affiliate programs.)

And that’s Amazon’s playbook with the $140 11th-generation Kindle Paperwhite. Next to the 10th-generation model, the designs look nearly identical, but the new one has a larger screen enabled in part by slimmer borders around the top and sides.

But just because the bigger screen is the most noticeable thing about the new Paperwhite doesn’t mean it’s the only thing. It now has a USB-C port for charging, replacing the aging micro-USB port. Performance is improved in small but noticeable ways. Its frontlight adds more LEDs, so the illumination looks smoother and more uniform, and it also picks up the auto-brightness sensor and warm light features from the $250 Kindle Oasis.

All of that comes together in a $140 e-reader that is the best Kindle—and, by extension, the best e-reader—that you can currently buy.

Bigger screen with a better frontlight

The new Paperwhite (left) has a 6.8-inch screen, which looks and feels much larger than the old model's 6-inch display (right).

The new Paperwhite (left) has a 6.8-inch screen, which looks and feels much larger than the old model’s 6-inch display (right).

Andrew Cunningham

The headline feature of the new Paperwhite is its 6.8-inch screen, a big step up from the old Paperwhite’s (and the standard Kindle’s) 6-inch display. It doesn’t change the Kindle’s user interface much, but it does mean a lot more words per page when you’re using the same font sizes, margins, and spacing.

The space for the larger screen mostly comes out of the Kindle’s top and side bezels, which are much slimmer than before (though the bottom bezel is a little thicker than before, likely to ensure that you still have plenty of room for your thumbs while you’re holding the device). Even with the bezel tweaks, the new Kindle is taller and wider than the old one, but not so much that it feels harder to hold for extended periods. The design of the 11th-generation Paperwhite and the 10th-gen Paperwhite are otherwise identical, with bezels that are flush with the display and the same soft-touch plastic back.

The new Paperwhite also gets an upgraded frontlight that makes it a lot more like the more-expensive Kindle Oasis. The frontlight now uses 17 LEDs, up from five in the last-gen Paperwhite and four in the standard Kindle. And it now has a warmlight option that can shift the display’s color temperature from the standard cool blue to a warm orangey-yellow.

Two separate sliders control backlight brightness and the light’s color temperature. Even if you don’t care for the yellow display effect that most phones/tablets/computers offer now, turning the display warmth up a few ticks takes the harsh edge off of the bluish Kindle frontlight and makes the display a lot more pleasant to look at. A built-in auto-brightness sensor also helps with this.

The Kindle Oasis has still-more LEDs in its 7-inch screen—25, instead of 17—but the Paperwhite’s screen is so bright and evenly lit that I doubt I could tell the difference even with the two devices next to each other.

Better performance (with one serious bug)

Amazon claims the new Paperwhite has “20% faster page turns,” and while I didn’t measure anything with a stopwatch, the 11th-gen Paperwhite did feel more consistently responsive than 10th- and 7th-gen models I normally use. That’s true not just for page turns, but also for navigating menus, highlighting passages, and typing out quick notes. The new Paperwhite is still occasionally prone to the kinds of random, inexplicable minor hangups and hitches that all Kindles I’ve used have sometimes suffered from, but those pauses take less time to resolve themselves than they do on the older models.

That said, I can consistently get the new Kindle to totally lock up by rapidly adjusting the backlight and warmth sliders and then opening a book—almost as though giving the screen too many inputs in too short a time makes it stop responding entirely. The frontlight will still turn on and off, but the display won’t refresh or respond to input until the device has been hard rebooted.

I suspect that this is a bug that can be resolved with a software update, and it’s not something you’ll run into if you’re not tweaking the settings a bunch in a short period of time. But it’s something to be aware of—I’ve contacted Amazon to see whether this is a known issue and if a fix is coming.

Continue Reading

Trending