Imagine being able to play a video instantly on hundreds of thousands of devices across the globe. It's totally possible, as long as all of those devices have a Chromecast plugged in. When Chromecasts are left exposed to the internet, hackers can use add them to a botnet that can play YouTube videos at will. The "attack" is made even easier thanks to a simple Python program called CrashCast.
In general, the Internet of Things market faces the conundrum between convenience and security. Often times, IoT companies fall on the side of convenience because the customer needs to like the product enough to buy it before they need to worry about its security — if they even care at all. That's exactly why Google compromised security for convenience with the Chromecast.
With a Google Chromecast plugged into a TV or display, any device on the same network can easily broadcast (or "cast") videos and other forms of media to that TV or display. To enable that, it has a simple unauthenticated API (application programming interface) which is generally fine, assuming there aren't any malicious actors on the local network. However, the major problem comes about when these devices unwittingly get exposed to the internet.
When so many devices are left exposed, hackers like TheHackerGiraffe and j3ws3r inevitably come along and take advantage. You may know them as to perpetrators of the PewDiePie propaganda videos in ea ..
Support the originator by clicking the read the rest link below.
