Just when you thought the rickrolling meme might finally be dead, a Google bug has unwittingly allowed the R&B croonings of Rick Astley to migrate from your computer screen to your television.
At the Hackers on Planet Earth conference in New York Friday, security researcher Dan Petro plans to show off a device he built for less than $100 that he calls a “rickmote.” With a single tap on its screen, the device can take over any one of the millions of televisions connected to a Google Chromecast digital media player that happens to be within Wi-Fi range and force it to play Astley's canonical “Never Gonna Give You Up” music video—or any other equally annoying or embarrassing YouTube clip of the prankster’s choosing.
“It can wirelessly, remotely take over someone’s TV against their will,” says Petro, a senior security analyst at the consultancy Bishop Fox. “I built it pretty much as an exercise in pranking my friends, the oldest and most time-honored hacker tradition.”
Petro’s gadget takes advantage of a simple security vulnerability in how Chromecast implements Wi-Fi. Like any Wi-Fi device, the thumbdrive-sized media player attachment can be sent a “deauth” command that disconnects it from the local Wi-Fi network. But when the Chromecast is booted from a local network it falls back into a configuration mode in which it becomes its own Wi-Fi hotspot, waiting for a nearby computer to connect and send it new configurations.
Petro's gadget—a tiny Raspberry Pi computer with a touchscreen, a couple of wireless cards, and a 3D-printed plastic case—uses the open-source software Aircrack to send that disconnection command. Then it immediately reconfigures the Chromecast and tells it to play whichever YouTube, Netflix, HBO Go or other video the rickmote’s user has chosen. In the video below, Petro shows it being used for the default rickroll. But imaginative users will no doubt find other bizarre or cannot-unsee-disturbing videos to force on unsuspecting victims. Petro has made the rickmote code available on Bishop Fox's Github page.
The attack takes about 30 seconds before the video plays, and its range is limited to a Wi-Fi antenna's signal. But Petro nonetheless imagines a rickmote-wielding hacker moving slowly through around a dense residential area and wirelessly rickrolling one hapless Chromecast owner after another. "If you drive around, you’d easily hit dozens of televisions," he says.
While Petro says he intended the hack to be used for pranking purposes only, his work also demonstrates potentially more serious security issues with Chromecast. Petro says he also discovered what he believes is a buffer overflow bug in the DIAL software run on Chromecast and maintained by Netflix and Google. With that bug, he believes his attack could take over a target Chromecast completely and extract its owner's Wifi credentials. "It would be a nice way of scraping out the password to a lot of people's networks," says Petro. But Petro notes he hasn't yet fully tested that bug, and won't present it in his conference talk Friday.
Petro says he's alerted Google to the rickroll hack. The company responded, he says, by admitting that the bug is too fundamental to Chromecast's easy setup for users for the company to fix it. When WIRED reached out to Google, the company declined to comment. "This is actually a really hard problem, and it's not clear that it's ever going to get fixed," says Petro.
Rick Astley's career, in other words, may be extended for years to come.
