An error called CastHack, existing on Chromecast devices from Google since its launch, has enabled Hacker Giraffe and J3ws3r hackers have been able to hijack thousands of them around the world, exposing on the screens where they are connected a message warning that the bad router configuration allows Internet exposure of Chromecast devices and smart TVs to hackers like them.
This error exploits an existing vulnerability in connections under the UPnP standard, available in some routers. Both hackers point out that disabling UPnP connections on routers should solve the problem.
Some security firms have been able to exploit the error through the same WiFi networks in which the devices were connected, but in this case, exploitation has occurred remotely over the Internet.
It is noted that the error has always been present, since the Chromecast devices were first released to the market in 2014.
This error allows to force the visualization of videos of YouTube to the users of devices Chromecast, although in the article of TechCrunch it is pointed out that this error could produce even more serious situations, being able even to force to the visualization of a personalized video so that other devices , like the intelligent loudspeakers, can carry out operations such as turning off the light, disconnecting the alarm, or even making purchases in Amazon, which must have been corrected from the moment in which it became known.
Google has told TechCrunch that it has received a lot of reports about it and is working to correct it.