Rickmote: Rickrolling Chromecast users

The Raspberry Pi is a favourite tool of security researchers, and we’ve seen a number of demonstrations of how important it is to secure your devices against attack that use it. (I got stopped in the queue for the cinema last week by someone who recognised me from this blog, and has been working in penetration testing with the Pi for a couple of years; the conversation I had with him was much more fun than the movie turned out to be.)

Bugs in commercial software are open to exploits, and I have yet to see an exploit more enjoyable than this one, which takes advantage of a bug in the way Chromecast recognises wifi.

Under normal use, the Chromecast can be sent a deauth command that disconnects it from wifi. But there’s a bug: when the media player is kicked off the local network it enters a config mode and becomes a wifi hotspot – waiting for machines nearby to connect with it and send it a new configuration.

Which is enough to make you feel let-down, and to make you cry and say goodbye, quite frankly.

This hack is the work of Dan Petro, a whitehat at security consultancy Bishop Fox. He’s using a Pi, a couple of wifi cards and a touchscreen – along with Aircrack (open-source WEP and WPA-PSK-cracking software). It takes the device about thirty seconds to connect, take over the network and get Rickrolling; and, of course, it has to be within wifi range. You can watch a video presentation from Dan that goes into much more depth about the project on YouTube.

Rachel, our Creative Producer, has a Chromecast. I plan on building a Rickmote and hiding on her balcony.



Matthew Davidson avatar

How devious of you Liz!

Cabbage avatar

A fascinating insight into a novel yet useful way to deploy a Pi, although one important question remains at the end of all this.

What was the movie??

Alex Eames (RasPi.TV) avatar

I think this is really cool. Excellent hack!

Cyegen avatar

Maybe possible for a local file injection work around, Eh?

marked avatar

>I plan on building a Rickmote and hiding on her balcony.

why not a Blue(berry) Thunder(PI) drone in whisper mode…?

Mel avatar

Not evil enough. You need to add an IR LED to set the TV’s volume to full blast.

Simon Walters avatar

Good job people can’t do this to Pi owners… oh wait .. what’s that I hear … sound of an explosive weapon discharge into ambulatory ground contact appendage????


Roger Varley avatar

Rick Astley? Aaarrgh – here, have my bank details. Now please make it stop.

Comments are closed