Hackers have taken control of smart TVs around the world in another stunt to support YouTuber PewDiePie.
The super-fans claim they successfully took over more than 65,000 Google Chromecast devices.
Google says its product is not to blame but, despite that, the company appears to have found a way to stop the attack.
The hackers, who wish to remain anonymous, say they have located more than 100,000 smart TV devices that are open to this type of cyber-attack.
They created a website to “live track” their stunt. The website also boasts that more than 8,000 Chromecast devices had their name changed to ‘Hacked_sub2pewds_#’.
Victims have taken to social media platforms to report the problem. One Reddit user posted: “Every 20 minutes or so my TV switches to some crappy YouTube video about PewDiePie… Anyone know how to stop this, it’s driving me bonkers.”
The video message displayed on TVs reads: “Your Chromecast/Smart TV is exposed to the public internet and is exposing sensitive information about you!” It then encourages victims to visit a web address before finishing up with, “you should also subscribe to PewDiePie”.
In recent weeks, the two hackers have carried out similar stunts by forcing potentially hundreds of thousands of printers to print similar messages. They say they know what they are doing is illegal, but are determined to highlight cyber-security flaws.
PewDiePie has attracted the highest number of subscribers for a creator on YouTube since 2013. He currently has about 79 million followers on the platform.
Over recent months, the Indian music label and movie studio T-Series has come close to overtaking his lead, which has led some PewDiePie fans to mount stunts to attract new subscribers.
One of the hackers said they are using the PewDiePie rivalry to gain more attention for their work and will not stop their campaign until IP addresses are secured against these types of attacks around the world.
“People, lots of people, including corporate infrastructures seem to think things like this are OK. It’s not. And the only plausible way we can really spread the message is by showing people,” one hacker told the BBC.
It is thought that Google was able to mitigate the attack by removing the YouTube video that the hackers were playing on the infected TVs.
The company responded by saying: “We have received reports from users who have had an unauthorised video played on their TVs via a Chromecast device. This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable.”
The internet giant also issued advice to customers to prevent this from happening: “To restrict the ability for external videos to be played on their devices, users can turn off Universal Plug and Play (UPnP).”
Universal Plug and Play (UPnP) helps devices, such as internet appliances and computers, access the network and connect to other devices as needed.
Vulnerabilities in the system are not uncommon and can be fixed with online guides issued by router manufacturers.
Source BBC News