A couple of hackers are having some success exploiting insecure UPnP implementations on home residents and corporate routers to take control of Chromecast devices via a long running bug.
This is what a Google Community Manager had to say:
This is what a Google Community Manager had to say:
GraceFromGoogle Google Community Manager - Hardware 13 points 1 day ago
Hi everybody,
We know how frightening this is. The good news is your Chromecast hasn't actually been “hacked” - rather, someone was able to cast to your Chromecast due to an opening in your home network. This is the result of your router making some smart devices, including Chromecast, publicly reachable, due to a router feature called Universal Plug and Play (UPnP).
To make your network more secure, you can disable UPnP to avoid any unwanted content being played on your devices. The instructions are different from router to router, so we suggest checking with the manufacturer of your particular device. However, this may affect other apps and devices that use UPnP to function.
Sources:Hi everybody,
We know how frightening this is. The good news is your Chromecast hasn't actually been “hacked” - rather, someone was able to cast to your Chromecast due to an opening in your home network. This is the result of your router making some smart devices, including Chromecast, publicly reachable, due to a router feature called Universal Plug and Play (UPnP).
To make your network more secure, you can disable UPnP to avoid any unwanted content being played on your devices. The instructions are different from router to router, so we suggest checking with the manufacturer of your particular device. However, this may affect other apps and devices that use UPnP to function.
