Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

The Rickmote Controller: Hacking One Chromecast at a Time

By: &
Large orange remote controller

Share

Have you ever wanted to be as rich as Tony Stark of “Iron Man” fame? How about as cool as Tony Stark? Have you ever imagined yourself hijacking TVs, just like Stark does in the second film?

Well, you may never be as rich or as cool as Stark, but you can take over Chromecast-enabled TVs. Enter the Rickmote Controller, a tool that allows you to hijack nearby Chromecasts and play – what else? – the irresistible Rick Astley hit, “Never Gonna Give You Up.”

Chromecast Hacking in a Nutshell

How is it possible to hijack unsuspecting Chromecast users’ TVs, turning their “Game of Thrones” marathon into a 1980s flashback? The Rickmote accomplishes this by briefly disconnecting nearby Chromecasts from their Wi-Fi. When this loss of connectivity occurs, the Chromecast tries to reconfigure and accepts commands from anyone within proximity. The Rickmote automatically provides this configuration in the form of everyone’s favorite Rick Astley song on loop.

Steps to Make Your Own Rickmote — Coming Soon

The Rickmote is an open-source program designed to make pranking your friends and neighbors easy. It automates the process of identifying, targeting, and playing video to all Chromecast-attached TVs in Wi-Fi range. You can download the code at the Bishop Fox GitHub and follow the instructions there.

Stay tuned for a breakdown at Black Hat Tools Arsenal USA on August 6, 2014. We’ll release a step-by-step guide on how to create a Rickmote Controller out of a Raspberry Pi like in the video above!

We Know the Game — and We're Gonna Play It

Once it’s ready, using the Rickmote could not be any easier. To start rickrolling, boot it up and press the big Rickroll button. One click is all it takes – and Rick Astley runs wild!

While you may never be like Tony Stark (unfortunately,) you can mimic some of his tricks and hijack nearby Chromecast-enabled TVs. We’re not sure what Stark’s feelings would be on the music of Rick Astley, though.

YouTube - Google Chromecast Hacking Videos

Want more information? Click here to learn more about the Rickmote.

The Rickmote was recently chronicled in a Wired feature, which you can read here.

Rick Astley

Image by hieu from Flickr’s Creative Commons

Subscribe to Bishop Fox's Security Blog

Be first to learn about latest tools, advisories, and findings.

Dan Petro Headshot

About the author, Dan Petro

Senior Security Engineer

As a senior security engineer for the Bishop Fox Capability Development team, Dan builds hacker tools, focusing on attack surface discovery. Dan has extensive experience with application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. He has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.

More by Dan

Recommended Posts

You might be interested in these related posts.

Mar 21, 2024

The iSOON Disclosure: Exploring the Integrated Operations Platform

Mar 19, 2024

Poisoned Pipeline Execution Attacks: A Look at CI-CD Environments

Mar 08, 2024

Further Adventures in Fortinet Decryption

Mar 01, 2024

CVE-2024-21762 Vulnerability Scanner for FortiGate Firewalls

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.