Connect with us

Gadgets

Google sat on a Chromecast bug for years, now hackers could wreak havoc – TechCrunch

Published

on

Google was warned of a bug in its Chromecast media streaming stick years ago, but did not fix it. Now, hackers are exploiting the bug — and security researchers say things could get even worse.

A hacker, known as Hacker Giraffe, has become the latest person to figure out how to trick Google’s media streamer into playing any YouTube video they want — including videos that are custom-made. This time around, the hacker hijacked thousands of Chromecasts, forcing them to display a pop-up notice that’s viewable on the connected TV, warning the user that their misconfigured router is exposing their Chromecast and smart TV to hackers like himself.

Not one to waste an opportunity, the hacker also asks that you subscribe to PewDiePie, an awful internet person with a popular YouTube following. (He’s the same hacker who tricked thousands of exposed printers into printing support for PewDiePie.)

The bug, dubbed CastHack, exploits a weakness in both Chromecast and the router it connects to. Some home routers have enabled Universal Plug and Play (UPnP), a networking standard that can be exploited in many ways. UPnP forwards ports from the internal network to the internet, making Chromecasts and other devices viewable and accessible from anywhere on the internet.

As Hacker Giraffe says, disabling UPnP should fix the problem.

“We have received reports from users who have had an unauthorized video played on their TVs via a Chromecast device,” a Google spokesperson told TechCrunch. “This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable,” the spokesperson said.

That’s true on one hand, but it doesn’t address the years-old bug that gives anyone with access to a Chromecast the ability to hijack the media stream and display whatever they want, because Chromecast doesn’t check to see if someone is authorized to change the video stream.

Hacker Giraffe sent this YouTube video to thousands of exposed Chromecast devices, warning that their streams could be easily hijacked. (Screenshot: TechCrunch)

Bishop Fox, a security consultancy firm, first found the bug in 2014, not long after the Chromecast debuted. The researchers found that they could conduct a “deauth” attack that disconnects the Chromecast from the Wi-Fi network it was connected to, causing it to revert back to its out-of-the-box state, waiting for a device to tell it where to connect and what to stream. That’s when it can be hijacked and forced to stream whatever the hijacker wants. All of this can be done in an instant — as they did — with a touch of a button on a custom-built handheld remote.

Two years later, U.K. cybersecurity firm Pen Test Partners discovered that the Chromecast was still vulnerable to “deauth” attacks, making it easy to play content on a neighbor’s Chromecasts in just a few minutes.

Ken Munro, who founded Pen Test Partners, says there’s “no surprise that somebody else stumbled on to it,” given both Bishop Fix found it in 2014 and his company tested it in 2016.

“In fairness, we never thought that the service would be exposed on the public internet, so that is a very valid finding of his, full credit to him for that,” Munro told TechCrunch. (Google said in a follow-up email that it’s working to fix the deauth bug.)

He said the way the attack is conducted is different, but the method of exploitation is the same. CastHack can be exploited over the internet, while Bishop Fox and his “deauth” attacks can be carried out within range of the Wi-Fi network — yet, both attacks let the hacker control what’s displayed on the TV from the Chromecast, he said.

Munro said Google should have fixed its bug in 2014 when it first had the chance.

“Allowing control over a local network without authentication is a really silly idea on [Google’s] part,” he said. “Because users do silly things, like expose their TVs on the internet, and hackers find bugs in services that can be exploited.”

Hacker Giraffe is the latest to resort to “Good Samaritan security,” by warning users of the issues and providing advice on how to fix them before malicious hackers take over, where tech companies and device makers have largely failed.

But Munro said that these kinds of attacks — although obnoxious and intrusive on the face of it — could be exploited to have far more malicious consequences.

In a blog post Wednesday, Munro said it was easy to exploit other smart home devices — like an Amazon Echo — by hijacking a Chromecast and forcing it to play commands that are loud enough to be picked up by its microphone. That’s happened before, when smart assistants get confused when they overhear words on the television or radio, and suddenly and without warning purchase items from Amazon. (You can and should turn on a PIN for ordering through Amazon.)

To name a few, Munro said it’s possible to force a Chromecast into loading a YouTube video created by an attacker to trick an Echo to: “Alexa, order an iPad,” or, “Alexa, turn off the house alarm,” or, “Alexa, set an alarm every day at 3am.”

Amazon Echos and other smart devices are widely considered to be secure, even if they’re prone to overhearing things they shouldn’t. Often, the weakest link are humans. Second to that, it’s the other devices around smart home assistants that pose the biggest risk, said Munro in his blog post. That was demonstrated recently when Canadian security researcher Render Man showed how using a sound transducer against a window can trick a nearby Amazon Echo into unlocking a network-connected smart lock on the front door of a house.

“Google needs to properly fix the Chromecast deauth bug that allows casting of YouTube traffic,” said Munro.



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Gadgets

Apple to boost ads business as iPhone changes hurt Facebook

Published

on

Enlarge / Tim Cook, chief executive officer of Apple Inc., speaks about the new iPhone during an event at the Steve Jobs Theater in Cupertino, Calif. on Sept. 10, 2019.

Bloomberg

Apple will expand its advertising business, according to two people familiar with its plans, just as it brings in new privacy rules for iPhones that are likely to cripple the ads offered by its rivals, including Facebook.

The iPhone maker already sells search ads for its App Store that allow developers to pay for the top result. In searches for “Twitter,” for example, the first result is currently TikTok.

Apple now plans to add a second advertising slot, in the “suggested” apps section in its App Store search page. This new slot will be rolled out by the end of the month, according to one of the people, and will allow advertisers to promote their apps across the whole network rather than in response to specific searches.

Apple declined to comment.

The expansion is the first concrete sign that Apple plans to enhance its own advertising business at the same time as it shakes up the broader $350 billion digital ads industry led by Facebook and Google.

Apple’s forthcoming software update, iOS 14.5, will ban apps and advertisers from collecting data about iPhone users without their explicit consent. Most users are expected to decline to be tracked, dealing a huge blow to how the mobile advertising industry works.

Apple has said the changes will improve the privacy of its users, but some critics have accused the company of hoping to boost its own fledgling advertising business. Mark Zuckerberg, the Facebook chief executive, said, “Apple may say they’re doing this to help people, but the moves clearly track with their competitive interests.”

Apple has long wanted to be a big player in mobile advertising. In 2010, it paid $275 million to acquire Quattro Wireless, a mobile advertising company, after being beaten by Google in the bidding for $750 million AdMob.

The same year, it launched iAd, a multiyear effort to build an advertising business.

At launch, iAd had a minimum contract price of $1 million, but within a year it had cut the requirement by half. Apple tried to maintain creative control over ads and was reticent to share user data with marketers, according to analysts at Bernstein. Two years later, Apple cut the minimum contract to just $50 and the whole effort was shut down in early 2016.

Meanwhile, the market for online advertising has boomed, with annual sales of $378 billion, according to the market research group Insider Intelligence.

Google and Facebook are the two biggest players in the market, but Tim Cook, Apple’s chief executive, has repeatedly attacked their business models as unsustainable because of how they accumulate large troves of data to target their ads.

Bernstein estimated that Apple currently earns around $2 billion a year from search ads in the App Store, with 80 percent margins. Apple also sells ads in its Stocks and News apps.

A second advertising slot in the App Store is likely to appeal to advertisers after the iPhone’s privacy changes reduce the effectiveness of targeted ads. But there is more than money at stake, according to Eric Seufert, a mobile advertising expert.

A decade ago, the App Store played a critical role in how consumers discovered new content. Seufert told the tech site Stratechery earlier this year that Apple used to be “king maker—if you got featured, your company valuation might increase by a hundred million dollars.”

He suggested that Apple now wishes to regain this level of control. “If Apple cripples mobile advertising, then the App Store becomes the primary discovery point for apps again, and Apple decides how people use our iPhones. Apple decides which apps are the most popular,” he said.

© 2021 The Financial Times Ltd. All rights reserved. Not to be redistributed, copied, or modified in any way.

Continue Reading

Gadgets

Garmin’s 2 new smartwatches want to make the casual athlete more advanced

Published

on

Garmin

Garmin has just launched its latest pair of smartwatches, the Garmin Venu 2 and Venu 2S, aimed at those who feel Apple Watches and typical Android smartwatches just don’t give enough health and fitness data. Garmin has a seemingly bottomless roster of smartwatches, and most cater to those who train rather than just exercise casually.

The Venu 2 and 2S seem suited best for somewhat serious to moderately serious trainers who want data informed by all of the latest wearable sensors (SpO2, GPS, HR). At the same time, it covers its smartwatch bases quite well with a vibrant AMOLED touchscreen, onboard music storage, smartphone notifications for iPhone and Android devices (including texts you can reply to on Android), and 11-day battery life.

Add in rapid recharging, which gives you a day of smartwatch use from a 10-minute charge (or 1 hour of GPS with music playback) and all of this should add up to quick-and-easy, everyday integration into your life and routines. Garmin wants to help this along with a revamped UI aesthetic to match the sharper, more colorful AMOLED display and a series of new aggregated metrics that explain what all the data it’s gathering actually means for your health.

Features like Fitness Age, Body Battery, stress tracking, and sleep scores aren’t new to Garmin watches (though, Fitness Age is new to the Venu series), but tips to improve your fitness age, as well as sleep tracking and the all-new Health Snapshot are. Using your resting heart rate and BMI (or body fat percentage if you own a Garmin Index Smart Scale), the Venu can approximate your “fitness age” and explain how to impact this within the Garmin Connect companion app.

The Health Snapshot feature takes a more all-encompassing survey of your body’s functions via a two-minute session that records heart rate, heart rate variability (the variation in time between heartbeats, commonly looked at as an indicator of cardiovascular health), blood oxygen levels, respiration, and stress to create a health report, also viewable in the Connect app.

There are also two new activities added to the more than 25 sport-specific tracking modes: HIIT workouts and a more advanced strength-training mode. HIIT tracking will include timers for AMRAP (as many reps as possible), EMOM (every minute on the minute, where a certain number of reps are done in a minute’s time, using leftover time as the only interstitial rest), and Tabata (20 seconds on, 10 seconds off, for four minutes).

Preloaded guided workouts for over 75 workouts can be accessed from your wrist, or create your own from the 1,400+ exercises in the Garmin Connect app.
Enlarge / Preloaded guided workouts for over 75 workouts can be accessed from your wrist, or create your own from the 1,400+ exercises in the Garmin Connect app.

Garmin

Advanced strength training can scale your one-rep max (manually logged) to applicable exercises of your choosing, lat pulldowns to upright rows, for instance, ensuring you’re training efficiently. It also keeps track of your personal records (also manually logged) for barbell back squats, barbell bench presses, barbell deadlifts, barbell upright rows, and overhead barbell presses. When you’re done working out, you can view your PRs, as well as the muscle groups you worked, directly on the watch.

These new modes work with the more than 75 workouts provided by Garmin or any custom workouts you’ve created from the 1,400+ exercises in the Garmin Connect app. Many of the exercises have videos and graphics within the app to explain them, and it displays an image of the activity on the watch while you’re performing it.

From our experience with other Garmin watches, the on-watch graphic hasn’t been the most seamless way to view and complete an exercise—it’s much easier to follow along on a screen detached from your body—but having prompts on your wrist to guide you through the workout, rather than teach you the exercise, proved properly useful. Like most of Garmin’s watches, you can also enable Garmin Coach to help you train for a 5K, 10K, or half marathon with tailored, dynamic coaching to keep you on a safe and effective pace for your goals.

All the basics and then some

As far as your usual broad-range activity tracking, you’re well-covered on the Venu 2/2S with GPS, blood oxygen monitor, and a heart rate sensor, as well as an altimeter, compass, and gyroscope for more outdoors-y adventures. Speaking of which, the Venu 2/2S still has access to the company’s Livetrack feature for friends and family to check up on you during hikes, runs, and other outdoor activities, as well as automatic incident detection (and a manual trigger), which can alert emergency contacts with your real-time location.

And, of course, if all’s going to plan on your adventures, you can pair up some headphones and enjoy the motivating or calming effect of up to 650 songs stored on your wrist, as well as playlists saved from Spotify, Amazon Music, and Deezer. There’s no cellular connection built in, so if you want to stream music then you’ll have to bring your phone.

The Venu 2S is 5ATM water-resistant and comes with a 1.1-inch AMOLED display, surrounded by a stainless-steel bezel in either gold, silver, rose gold, or black, with silicone bands in beige, gray, white, or black, respectively. The Venu 2 is a bit larger at 1.3 inches and either comes with a navy or black silicone band and silver or black bezels for each. They’re both available now for the same $399.99 price, which may seem high, grazing Apple Watch territory, but if you’re serious about your training, Garmin’s watches have proven they’re worth a look.

Continue Reading

Gadgets

Mini-PC review: The Ryzen 5 Pro 2500U-powered Minisforum UM250

Published

on

Enlarge / This tiny PC’s Ryzen 5 Pro 2500U is a couple generations out of date—but it’s inexpensive, and it still packs a serious punch.

Jim Salter

Minisforum’s UM250 is a very small form factor PC with the power and the ports to take on a lot of tasks. And due to its choice of an older CPU, it’s pretty cheap, too.

A couple of months ago, we reviewed Minisforum’s Comet Lake i5-powered U850. The UM250 we’re looking at today is cut largely from the same cloth—it’s got 16GiB RAM, flagship Intel Wi-Fi 6, a 256GB SSD, two wired Ethernet ports, and an attractive VESA-mountable case that’s easy to work on (and in).

The biggest real-world difference between the two models is price: $430 for the fully loaded, AMD-powered UM250 versus $700 for the Intel-powered U850.

Overview

Minisforum UM250 product image

Minisforum UM250

(Ars Technica may earn compensation for sales from links on this post through affiliate programs.)

Like most of Minisforum’s models, the UM250 is an unassuming little silver-and-black brick stuffed with ports—including four USB type-A ports and enough video out to drive three displays via USB-C, DisplayPort, and full-size HDMI.

The UM250 we tested is “fully loaded” with 16GiB of socketed dual-channel RAM, a 256GB Kingston M.2 SSD, and a copy of Windows 10 Professional. If you’re looking to supply your own RAM, SSD, and OS there’s also a bare-bones version on Minisforum’s store at $320.

The reason the UM250 is so relatively inexpensive (not much more than half the cost of the Intel-powered U850) is the Ryzen 5 Pro 2500U powering it. The UM250’s 2500U is almost two years older than the Comet Lake i5 in the U850, but it goes neck-and-neck with the newer, more expensive Intel part in most benchmarks. Heck, the Ryzen even wins in some areas.

Minisforum also shaved off some cost by only providing a single SATA port versus the U850’s two, and by using a slower M.2 SATA model of the Kingston SSD. The UM250 also offers dual RTL8111 Gigabit Ethernet versus the U850’s RTL8111 Gigabit + Intel 2.5Gbps Ethernet. We suspect most of the folks in the market for this sort of mini-PC won’t mind those sacrifices, especially when considering they come at nearly $300 off the retail cost.

Moving past raw specs, the UM250 is pleasant to share an office with. Even in Time Spy and Cinebench R20 multi-threaded testing, its cooling fan stays reasonably quiet. If you’re close to it in a dead silent environment, you’ll be able to hear it—but even then, it’s a steady clean whoosh without any bearing whine. This mini-PC is slow to change RPMs rather than rapidly spinning up and down repeatedly.

Inside the UM250

Specs at a glance: UM250
CPU Ryzen 5 Pro 2500U
OS Windows 10 Pro (pre-installed) / Linux supported
RAM 16GiB DDR4 (2x 8GiB SODIMM)
GPU Vega 6 (integrated)
Wi-Fi M.2 Intel AX200 Wi-Fi 6, dual-band + BlueTooth 5.1
SSD Kingston M.2 256GB SATA SSD
Connectivity
  • one SATA port
  • one full-size HDMI 2.0
  • one full-size DisplayPort
  • one USB-C (full featured)
  • DC barrel jack
  • four USB3.1 Type-A
  • two 1Gbps Ethernet (Realtek 8111H)
  • one 3.5 mm audio
  • integrated mic
Price as tested $430 at Amazon / $470 at Minisforum

Much like the U850, the UM250 is extremely easy to get into and work on/in. The top plate can be removed by gently pushing two corners and letting it pop out (similar to some kitchen cabinet doors). Once inside the UM250, you’re presented with a socketed NVMe SSD on the left, an unpopulated SATA power+data connector in the center, and two socketed DDR DIMMs on the right.

Unlike the more expensive U850, the UM250 only offers a single SATA connector—and no sunken drive bays in the chassis itself. Instead, you can bolt a 2.5″ SATA HDD or SSD to the underside of the top plate. This is functional but a little irritating, since it means your SATA cable is attached to the plate you must remove to get into the box.

But again, considering the massive price disparity between the U850 and UM250, we’re not complaining. We’re just happy there’s a SATA connector and mounting bracket at all, given that the primary drive is NVMe.

Continue Reading

Trending