The pair of hackers – who refer to themselves as HackerGiraffe and J3ws3r – claim to have gained access to more than 70,000 Chromecast devices, with an estimated 8,000 affected. Google’s Chromecast, which was first released in 2015, allows users to play content streamed online on their televisions.

HackerGiraffe and J3ws3r took advantage of an Internet router setting that makes connected devices such as Chromecasts and Smart TVs publicly viewable online. The pair displayed a message on affected television screens warning users that their Wi-Fi information was at risk and their device had been taken over, while broadcasting unwanted YouTube videos.

The ‘CastHack’ was intended to remind users of security vulnerabilities, HackerGiraffe said, including the leaking of sensitive data and the ability to reset Chromecasts. The hackers asserted that CastHack did not collect or save any information from the affected devices and merely displayed unwanted media and changed the devices names to “Hacked_sub2pewds_#”.

Google has confirmed that it is aware of the security issue and has offered guidance on how to handle the infiltration: “We have received reports from users who have had an unauthorised video played on their TVs via a Chromecast device. This is not an issue with Chromecast specifically, but is rather the result of router settings that make media devices, including Chromecast, publicly reachable on the Internet.”

According to Google, users can restrict public access to their connected devices by switching off the Universal Plug and Play (UPnP) feature through a router’s settings web site. The feature allows connected devices to easily identify each other and form data-sharing connections over that network.

Additionally, the pair of hackers also used CastHack as an opportunity to promote YouTube celebrity PewDiePie, whose channel has more subscribers and views than any other on the platform. PewDiePie is best known for his video-game commentaries. On a web site set up to track the incident (which has since been taken down) the pair said that: “We want to help you and also our favourite YouTubers (mostly PewDiePie). We’re only trying to protect you and inform you of this before someone takes real advantage of it. Imagine the consequences of having access to the information above.”

Recently, PewDiePie’s status as the most popular and influential YouTuber has come under perceived threat from the popularity of an Indian music and film production company, T-Series, which is currently the second most-subscribed-to channel on the platform.

Viewers have fabricated a competition between the channels, with PewDiePie fans going to extreme lengths to promote his channel, including reportedly buying a $1m billboard in New York’s Times Square. HackerGiraffe and J3sw3r gained access to approximately 50,000 printers in November 2018 and another 80,000 in December 2018 and printed messages urging people to subscribe to PewDiePie, unsubscribe from T-Series and make their printers secure.

The pair of hackers – who refer to themselves as HackerGiraffe and J3ws3r – claim to have gained access to more than 70,000 Chromecast devices, with an estimated 8,000 affected. Google’s Chromecast, which was first released in 2015, allows users to play content streamed online on their televisions.

HackerGiraffe and J3ws3r took advantage of an Internet router setting that makes connected devices such as Chromecasts and Smart TVs publicly viewable online. The pair displayed a message on affected television screens warning users that their Wi-Fi information was at risk and their device had been taken over, while broadcasting unwanted YouTube videos.

The ‘CastHack’ was intended to remind users of security vulnerabilities, HackerGiraffe said, including the leaking of sensitive data and the ability to reset Chromecasts. The hackers asserted that CastHack did not collect or save any information from the affected devices and merely displayed unwanted media and changed the devices names to “Hacked_sub2pewds_#”.

Google has confirmed that it is aware of the security issue and has offered guidance on how to handle the infiltration: “We have received reports from users who have had an unauthorised video played on their TVs via a Chromecast device. This is not an issue with Chromecast specifically, but is rather the result of router settings that make media devices, including Chromecast, publicly reachable on the Internet.”

According to Google, users can restrict public access to their connected devices by switching off the Universal Plug and Play (UPnP) feature through a router’s settings web site. The feature allows connected devices to easily identify each other and form data-sharing connections over that network.

Additionally, the pair of hackers also used CastHack as an opportunity to promote YouTube celebrity PewDiePie, whose channel has more subscribers and views than any other on the platform. PewDiePie is best known for his video-game commentaries. On a web site set up to track the incident (which has since been taken down) the pair said that: “We want to help you and also our favourite YouTubers (mostly PewDiePie). We’re only trying to protect you and inform you of this before someone takes real advantage of it. Imagine the consequences of having access to the information above.”

Recently, PewDiePie’s status as the most popular and influential YouTuber has come under perceived threat from the popularity of an Indian music and film production company, T-Series, which is currently the second most-subscribed-to channel on the platform.

Viewers have fabricated a competition between the channels, with PewDiePie fans going to extreme lengths to promote his channel, including reportedly buying a $1m billboard in New York’s Times Square. HackerGiraffe and J3sw3r gained access to approximately 50,000 printers in November 2018 and another 80,000 in December 2018 and printed messages urging people to subscribe to PewDiePie, unsubscribe from T-Series and make their printers secure.