Chromecast Remote Root Access Exploit Found

Chromecast-iFixit_Teardown_02

You’ve read that title right folks. Only a few days after the device went on sale do we have an exploit that gives root access to the little HDMI dongle. The folks over at GTVHacker found this exploit.  As you know the Chromecast is supposed to be running a simplified version of the ChromeOS however the folks at GTVHacker believe it to be more of a modified Google TV Release. It appears that the bootloader, binaries, init scripts and kernel are from Google TV. This allowed GTVHackers their access.

They’ve been able to build an exploit that allows people to gain a root shell through port 23 via telnet of the device. While this is interesting in itself, Google could send out an update to the dongle and close this loop hole. The team explains the loop hole:

“By holding down the single button, while powering the device, the Chromecast boots into USB boot mode. USB boot mode looks for a signed image at 0×1000 on the USB drive. When found, the image is passed to the internal crypto hardware to be verified, but after this process the return code is never checked! Therefore, we can execute any code at will.”

The GTVHacker’s Wiki page hosts the file and if you feel like tinkering with it you can download it from there. While this news doesn’t mean much for the average person, it was only a matter of time before someone would attempt to exploit the Chromecast. Hit the source link below for a full detailed explanation of how the exploit works. If you’re interested in seeing it in action you can check out the YouTube video after the break. Enjoy!

YouTube Preview Image

source: GTVHacker
via: Ausdroid

» See more articles by Jack Holt


Google+0Facebook0Twitter40
  • DWdrum

    Cool, but what advantage do we have? Still at the mercy of the developers. We need support for lots before this can compete.