Hijacking Chromecast With The Rickmote #piday #raspberrypi @Raspberry_Pi

Dan Petro designed the Rickmote, made with Raspberry Pi, that exploits a bug in Chromecast and allows users to take the network over within wifi range. via raspberrypi.org

The Raspberry Pi is a favourite tool of security researchers, and we’ve seen a number of demonstrations of how important it is to secure your devices against attack that use it. (I got stopped in the queue for the cinema last week by someone who recognised me from this blog, and has been working in penetration testing with the Pi for a couple of years; the conversation I had with him was much more fun than the movie turned out to be.)

Bugs in commercial software are open to exploits, and I have yet to see an exploit more enjoyable than this one, which takes advantage of a bug in the way Chromecast recognises wifi.

Under normal use, the Chromecast can be sent a deauth command that disconnects it from wifi. But there’s a bug: when the media player is kicked off the local network it enters a config mode and becomes a wifi hotspot – waiting for machines nearby to connect with it and send it a new configuration.

Which is enough to make you feel let-down, and to make you cry and say goodbye, quite frankly.

This hack is the work of Dan Petro, a whitehat at security consultancy Bishop Fox. He’s using a Pi, a couple of wifi cards and a touchscreen – along with Aircrack (open-source WEP and WPA-PSK-cracking software). It takes the device about thirty seconds to connect, take over the network and get Rickrolling; and, of course, it has to be within wifi range. You can watch a video presentation from Dan that goes into much more depth about the project on YouTube.

Rachel, our Creative Producer, has a Chromecast. I plan on building a Rickmote and hiding on her balcony.

Read more

998Each Friday is PiDay here at Adafruit! Be sure to check out our posts, tutorials and new Raspberry Pi related products. Adafruit has the largest and best selection of Raspberry Pi accessories and all the code & tutorials to get you up and running in no time!


Adafruit publishes a wide range of writing and video content, including interviews and reporting on the maker market and the wider technology world. Our standards page is intended as a guide to best practices that Adafruit uses, as well as an outline of the ethical standards Adafruit aspires to. While Adafruit is not an independent journalistic institution, Adafruit strives to be a fair, informative, and positive voice within the community – check it out here: adafruit.com/editorialstandards

Join Adafruit on Mastodon

Adafruit is on Mastodon, join in! adafruit.com/mastodon

Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, TinyGO, or even use the Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for CircuitPython, MakeCode, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.

Have an amazing project to share? The Electronics Show and Tell is every Wednesday at 7:30pm ET! To join, head over to YouTube and check out the show’s live chat and our Discord!

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Join over 38,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

CircuitPython – The easiest way to program microcontrollers – CircuitPython.org


New Products – Adafruit Industries – Makers, hackers, artists, designers and engineers! — New Products 9/13/2024 Featuring Adafruit Feather RP2350 with HSTX Port! (Video)

Python for Microcontrollers – Adafruit Daily — Python on Microcontrollers Newsletter: CircuitPython Comes to the ESP32-P4, Emulating Arm on RISC-V, and Much More! #CircuitPython #Python #micropython @ThePSF @Raspberry_Pi

EYE on NPI – Adafruit Daily — EYE on NPI Maxim’s Himalaya uSLIC Step-Down Power Module #EyeOnNPI @maximintegrated @digikey

Adafruit IoT Monthly — IoT Vulnerability Disclosure, Decorative Dorm Lights, and more!

Maker Business – Adafruit Daily — A look at Boeing’s supply chain and manufacturing process

Electronics – Adafruit Daily — Autoscale is cheating!

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !



No Comments

No comments yet.

Sorry, the comment form is closed at this time.