1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

CastHack - aka. what do PewDiePie and UPnP have in common

Discussion in 'General Network Security' started by umarmung, Jan 4, 2019.

  1. umarmung

    umarmung Senior Member

    Joined:
    Apr 21, 2018
    Messages:
    245
    A couple of hackers are having some success exploiting insecure UPnP implementations on home residents and corporate routers to take control of Chromecast devices via a long running bug.

    This is what a Google Community Manager had to say:

    GraceFromGoogle Google Community Manager - Hardware 13 points 1 day ago

    Hi everybody,

    We know how frightening this is. The good news is your Chromecast hasn't actually been “hacked” - rather, someone was able to cast to your Chromecast due to an opening in your home network. This is the result of your router making some smart devices, including Chromecast, publicly reachable, due to a router feature called Universal Plug and Play (UPnP).

    To make your network more secure, you can disable UPnP to avoid any unwanted content being played on your devices. The instructions are different from router to router, so we suggest checking with the manufacturer of your particular device. However, this may affect other apps and devices that use UPnP to function.
    Sources:
     
  2. CriticJay

    CriticJay Regular Contributor

    Joined:
    May 30, 2018
    Messages:
    95
    It's interesting that "Grace from Google" is telling people to turn off UPnP; however the Chromecast support pages are telling people that CC's need UPnP to function and to turn it on.

    HOWEVER, I'm pretty sure that it isn't actually UPnP that the CC needs to function. It's actually Multicast. But there must be quite a few consumer routers which bundle Multicast functionality with UPnP; hence, if you disable UPnP you also disable Multicast. That's my theory at least.