More than 5,500 exposed smart TVs, Chromecasts and Google Homes have been commandeered for YouTube’s biggest star.
Hacker Giraffe, the same person who forced thousands of exposed printers to print out pages saying “Subscribe to PewDiePie,” has set sights on smart devices to promote PewDiePie’s YouTube channel.
Smart devices have seen a boom in popularity for adding tech to everyday objects, but also raise major security concerns over how vulnerable many of them are. Lawmakers want to regulate security for internet of things devices, as California signed the nation’s first cybersecurity bill governing the connected devices.
If you’re one of the many victims with an exposed device, the Chromecast hack would push a video message to your television that reads, “Your Chromecast/Smart TV is exposed to the public internet and is exposing sensitive information about you!”
The message then provides a link to explain how users could secure their devices, with a line at the end, “You should also Subscribe to PewDiePie.”
“Subscribe to Pewdiepie” became a meme after T-Series, a Bollywood music label, got close to gaining more subscribers than Swedish YouTuber Felix Kjellberg, also known as PewDiePie. Kjellberg has maintained a steady lead over T-Series as fans continue to pull stunts like a recent hack on the Wall Street Journal’s website.
The hacker said he’s a fan of PewDiePie, and felt that promoting his channel would be funny.
“Honestly, it’s just for the memes,” Hacker Giraffe said in a message. “I like PewDiePie, and so why not?”
Despite the meme-inspired nature of the hack, he said the “true aim of this hack” was to raise awareness about how many connected devices are exposed online.
He believes that forcing TVs to play the PewDiePie promotional clip is innocent, as malicious attackers could have done much worse, like remotely resetting devices. On the link in the video, he wrote, “We just want to have a bit of fun while educating and protecting people from open devices like this case.”
A Google spokesperson said that Chromecast owners could fix the issue by changing their router settings.
“This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable,” the spokesperson said in a statement.
Hacker Giraffe said he was able to take over thousands of exposed Chromecasts and Smart TVs using Shodan, a search engine for finding connected devices. He looked for devices that had open ports 8008 and 8443, which is how most smart devices connect to the internet.
He found 123,141 exposed devices in the initial scan.
The script renamed the exposed devices to HACKED_SUBTOPEWDS. The script then sent the PewDiePie promotional video to all devices with that name. The hacker said that some TVs could not be renamed, but still played the video.
He said it took about 30 minutes to get his script ready.
The security flaw was first discovered by another hacker on Dec. 30, he noted.
You can secure your devices by going to your router settings and preventing it from forwarding your network traffic to ports 8008, 8443 and 8009. He also recommended turning off Universal Plug and Play, settings that allow you to add devices to your network without much effort.
The script had been running since about 8 a.m. ET, and in two hours hijacked more than 5,500 devices.