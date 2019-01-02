Screenshot by Alfred Ng / CNET

More than 5,500 exposed smart TVs, Chromecast streamers and Google Home devices have been commandeered in the name of YouTube mega-star PewDiePie.

Hacker Giraffe, the same anonymous person who forced thousands of exposed printers last year to print out pages saying "Subscribe to PewDiePie," has his set sights on smart devices to promote PewDiePie's YouTube channel. Not that PewDiePie needs much help. He has the top-ranked channel with nearly 79.5 million subscribers.

Smart devices have seen a boom in popularity for adding tech to everyday objects but also raise major security concerns over how vulnerable many of them are. Lawmakers are just starting to regulate security for internet of things devices. For example, California signed the nation's first cybersecurity bill in September that governs connected devices.

If you're one of the victims with an exposed device, the Chromecast hack will push a video message to your television that reads, "Your Chromecast/Smart TV is exposed to the public internet and is exposing sensitive information about you!"

The message then provides link explaining how users can secure their devices, with a line at the end, "You should also Subscribe to PewDiePie."

"Subscribe to Pewdiepie" became a meme after T-Series, a Bollywood music label, got close to gaining more subscribers than Felix Kjellberg, which is PewDiePie's given name. PewDiePie, who is Swedish, has maintained a steady lead over T-Series as fans continue to pull stunts like a recent hack on the Wall Street Journal's website.

The hacker said he's a fan of PewDiePie and thought that promoting his channel would be funny.



"Honestly, it's just for the memes," Hacker Giraffe said in a direct message to CNET. "I like PewDiePie, and so why not?"

Despite the meme-inspired nature of the hack, he said the "true aim of this hack" is to raise awareness about how many connected devices are exposed online.

He believes that forcing TVs to play the PewDiePie promotional clip is innocent, as malicious attackers could have done much worse, like remotely resetting devices. On the link in the video, he wrote, "We just want to have a bit of fun while educating and protecting people from open devices like this case."

A Google spokesperson said that Chromecast owners can fix the issue by changing their router settings.

"This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable," the spokesperson said in a statement.

Hacker Giraffe said he was able to take over thousands of exposed Chromecasts and smart TVs using Shodan, a search engine for finding connected devices. He looked for devices that had open ports 8008 and 8443, which is how most smart devices connect to the internet.

He found 123,141 exposed devices in the initial scan.

#CastHack/#ChromecastHack right now on my server, here is what happens:

1. Script checks if the IP is a Google Home, SmartTV, or Chromecast

2. Renames device to HACKED_SUB2PEWDS_#

3. Attempts to play the YouTube video I'm preparing



More info soon. — TheHackerGiraffe 🖨 (@HackerGiraffe) January 2, 2019

The script renamed the exposed devices to HACKED_SUBTOPEWDS. The script then sent the PewDiePie promotional video to all devices with that name. The hacker said that some TVs could not be renamed, but still played the video. The Google Home devices without screens that were hacked cannot play the video.

He said it took about 30 minutes to get his script ready.

The security flaw was first discovered by another hacker on Sunday, he noted.

You can secure your devices by going to your router's settings and preventing it from forwarding your network traffic to ports 8008, 8443 and 8009. He also recommended turning off Universal Plug and Play settings that allow you to add devices to your network without much effort.

The script had been running since about 5 a.m. PT and, in two hours, hijacked more than 5,500 devices.

