ONE OF THE REASONS that Chromecasts are so popular is that people don't like dealing with unsolicited messages interrupting their programs. While it may not be an advert in the conventional sense, a message is currently being broadcast to televisions around the world, warning viewers that Chromecast let them do it.
The screenshot below, captured by TechCrunch, shows you what you're missing out on if your TV hasn't been affected.
As you can see, it's more PowerPoint presentation than high-budget movie complete with explosions and car-chase scenes. Rather than the expected rickroll, the attached link actually includes some useful information, like the number of exposed devices (72,341) and a guide of how to make your Chromecast safe (disable UPnP on your router.)
Yes, this isn't a Chromecast bug as such, more an inherent weakness in Universal Plug and Play, which is designed to make devices work easily with each other. In this case, it makes it a bit too easy when exposed to the wider internet. As a Google spokesperson told TechCrunch: "This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable."
So if you have a Chromecast and a router with enabled UPnP, what's the worst that can happen here? Well, obviously you can be made to watch tedious videos against your will which isn't a great start, and it theoretically gives hackers a bit of an incentive too, as it could bump up YouTube viewing numbers (albeit in quite a roundabout way.)
More risky, though, is the ability for smart home mayhem. If your sound is on, then the Chromecast could read out commands to Alexa or Google Home for pranks ("Alexa, order 1,500 live ladybugs") or worse ("Ok Google: turn off my home alarm").
While it's hard to imagine a targeted enough attack to make the latter plausible, it's still probably worth taking five minutes to turn off UPnP on your router. Better safe than with 1,500 live ladybugs delivered to your home, as the old adage says. µ
In-the-wild handset also packs an in-display fingerprint scanner
News comes in week that its owner denies spying
Tappety-tappety-tap; another tiny nail in AI assistant's coffin
Flip-phone will likely cost a hefty $1,500