Rickmote Controller lets pranksters hijack your Google Chromecast

chromecast case cracked open to show circuit board inside

This takes Rickrolling to a new, terrifying level.

Google’s Chromecast is one of the best media players on the market. Unfortunately for users, it might also be among the absolute easiest to hijack, giving tech-savvy pranksters total control over your television screen.

The Rickmote Controller, a new tool built on a Raspberry Pi, takes over a Chromecast and television in a matter of thirty seconds to play whatever the attacker wants—in this case, of course, it’s vintage Rick Astley.

Security consultant Dan Petro built his evil little toy with a Pi, two Wi-Fi cards, open-source Wi-Fi cracking software called Aircrack, and a touchscreen. That’s an altogether cheap collection of hardware capable of cracking the increasingly ubiquitous Chromecast.

It works by flooding the media player with Wi-Fi disconnection requests. In doing so, the original user is unable to take back control from the hijacker.

The catch is that the Rickmote-equipped attacker has to be in Wi-Fi range. So, in case of an ‘80s-pop emergency for your Chromecast, check your little brother’s room.

Jokes aside, branding this little tool with Rick Astley’s voice is just a way of putting a happy veneer on an major security vulnerability. An attacker can play virtually anything on your television screen once he or she controls your Chromecast, including media that is much less genteel than Rick Astley.

H/T Raspberry Pi | Photo via Google | Remix by Jason Reed

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.