A security researcher entered a brave new world of Rickrolling when he discovered how to exploit the Chromecast to force Rick Astley’s “Never Gonna Give You Up” video directly onto any Chromecasts within wireless range.
Dan Petro, who works for the IT consulting firm Bishop Fox, explained yesterday in a post on his company’s blog that his particular tactic, which relies upon a customized Raspberry Pi he’s dubbed the “Rickmote Controller,” takes advantage of a fundamental aspect of the popular dongle’s casting function. The Rickmote can essentially take over unsuspecting Chromecast users’ TVs by forcing any nearby dongles to disconnect from their assigned Wi-Fi routers. When a Chromecast loses its Wi-Fi connection, it then goes into a reconfigure mode and is, shall we say, open to suggestion. The Rickmote then commands the dongle to play everyone’s favorite Rick Astley cut on a loop.
Part of what makes the Chromecast so easy to set up is its ability to create its own standalone Wi-Fi network. As soon as a user powers up a Chromecast, the dongle’s launches its own network is ready for incoming connections. This approach is great for ease of use, but the lack of authentication simultaneously provides a wide opening for exploits.
Petro doesn’t expand on any of the potential implications, but it not a stretch to infer one could simply stroll through a neighborhood with one of these Rickmotes in hand, piping all sorts of lurid material into strangers’ living rooms. The Guardian reports that, despite the joke’s frightening significance, Google claims that it has no plans to repair it, primarily because the bug is so central to the casting process’ easy setup.
You can download the required code via the Bishop Fox Github and follow the instructions given there to create your very own Rickmote.
[image: BishopFox.com]
