A security analyst has discovered a flaw in Chromecast's initial setup process that allows would-be hackers to assume full control over the online streaming device.
Dan Petro, of security consulting firm Bishop Fox, created a handheld device that is capable of hijacking control of any Chromecast within Wi-Fi range. Using nothing more than a $35 Raspberry Pi, a few spare parts, and a bit of programming, Petro fashioned a device meant to showcase a vulnerability that Google is aware of, but doing nothing about.
Petro's exploit causes any Chromecast within range to disconnect from its normal Wi-Fi connection. While the Chromecast reboots, Petro's device offers itself up as a Wi-Fi host, then gains full control of the system.
So far, the device and its exploit have only been used for pranking purposes, streaming endless loops of Rick Astley's 80's hit "Never Gonna Give You Up" to their unsuspecting victim's TV. Such an exploit, however, could be used for streaming more malicious content, or even possibly hacking the Wi-Fi network that Chromecast was originally connected to.
As such, Petro alerted Google to the loophole that he discovered, but Google has no plans to issue a fix. The loophole has been intentionally included in Chromecast's firmware to make the setup process easier, and Google intends on keeping it in place.