All Sections

Chromecast Rickroll Hack: Your living room is safe

News of the Chromecast Rickroll Hack spread across the Internet like meme-fire yesterday, but the truth is unless your neighbours are developers, you’re not going to be spammed with Rick Astley videos (or worse – NSFW) anytime soon. 

While the Rickmote is undeniably funny and had us dreaming up revenge scenarios for at least one set of our neighbours – aka the 3:00am Power Tools Massive – they can’t be bought off the shelf. 

You’ve got to make one, be comfortable with Python and have a bit of spare cash, not to mention some spare time.  

Got the time to make one of these? There are easier ways to annoy your neighbours.
Got the time to make one of these? There are easier ways to annoy your neighbours.


How does the Rickmote work? TL:DR version 

In a nutshell, the Rickmote works by forcing nearby Chromecasts to disconnect from their WiFi. When Chromecast loses connectivity, it immediately starts to search for commands from any device in proximity. The Rickmote jumps in and injects a video of Rick Astley’s now-infamous video for Never Gonna Give You Up. Top lolz eh what? 

This is a ‘deauth’ – deauthentication – command, which can be used by hackers to crack encryption on WiFi routers and force other people off of wireless networks, if you’re so inclined. 

The beauty of the Rickmote is that it doesn’t matter how good the encryption on your router is. Even if your Chromecast is connected to a router to which you’ve applied a painstakingly constructed and super-hard to crack passwords, Rickmote ignores all that and goes straight for the Chromecast. It’s a weak spot in the device itself that Rickmore is exploiting, not your network. 

That said, Rickmote maker and security researcher for Bishop Fox Dan Petro believes that his invention could be used to extract WiFi credentials. Wired reports that Petro plans to show off the Rickmote today at the Hackers on Planet Earth meet up, but he won’t be demonstrating this other, potentially devastating vulnerability. 

While Google has been notified of this flaw, it doesn’t look like a fix is coming anytime soon. Part of Chromecast’s appeal is that anyone – friends and family members – can all sit around the TV and share content. Easy access is built into Chromecast’s DNA and so closing the Rick-hole could take a while. Petro isn’t even sure it’s even possible. 

However, there’s one real-life, lo-fi problem that could put paid to anyone’s Rickrolling antics. 

Your neighbour doesn’t know if you’ve got Chromecast

Here’s the rub; how will your neighbour know you’ve got Chromecast? Of course the device has sold by the bucketload and if you’re reading this there’s a good chance that you have a Chromecast. 

Because all devices communicating with it need to be on the same wireless network in the first place, there’s no way of anyone telling if you’ve got a Chromecast or not. Unless of course your network has been compromised, in which case you’ve probably got more important things to worry about. 

Likewise, unless you know that your annoying neighbours have a Chromecast and you want to bum them out with Rickrolls (or worse – NSFW) there’s not much point in making your own Rickmote, unless you’re new to the world of coding and you want a fun project to cut your teeth on. 

Rickmote creator Dan Petro says he’ll release a step by step video telling you exactly how to create your own Rickmote after the BlackHat Tools Arsenal USA conference on August 6. In the meantime, everything you need to get going can be found on Bishop Fox’s Github page

You should also perhaps know that the Government wants to amend the Computer Misuse Act. Currently if you’re found to have compromised somebody’s network you can earn up to five years in prison. The Goverment wants judges to be able to apply sentences which reflect the damage caused by hacking. It’s not known how many years you’d go down for if you were found guilty of Rickrolling your neighbours. 


Leave a Reply

Your email address will not be published. Required fields are marked *