14 DAY TRIAL // The Rickmote Controller is nothing but a Raspberry Pi mini-computer modified to act as a remote control for hijacking Google Chromcast’s video streaming and render arbitrary content.
The altered Raspberry Pi searches for nearby Chromecasts and disconnects their WiFi connection. When the Google gadget attempts to reconnect, it automatically accepts commands from the closest WiFi device.
The attack works by sending out a de-authenticate packet to the Chromecast, which causes the device to disconnect and to expose the configuration to a potential attacker. The configuration can then be altered in order to send arbitrary video.
The hardware piece and the code enabling the hack have been developed by Bishop Fox, a security consultancy firm based in the United States.
As the name suggests, the company devised it as a ‘rickrolling’ prank that hijacks the Chromecast video streaming and plays Rick Astley's Never Gonna Give You Up clip.
“The Rickmote accomplishes this by briefly disconnecting nearby Chromecasts from their Wi-Fi. When this loss of connectivity occurs, the Chromecast tries to reconfigure and accepts commands from anyone within proximity.
“The Rickmote automatically provides this configuration in the form of everyone’s favorite Rick Astley song on loop,” says Dan Petro on the Bishop Fox blog.
Although both the Rasperry Pi and the Chromecast are very cheap and the code for conducting the hack is publicly available free of charge, at the moment, the technical details behind creating the Rickmote Controller are not available for everyone.
Bishop Fox provides documentation for all the pieces that need to be put together. Among the software dependencies required is Aircrack-ng, a tool designed for cracking the 802.11 WEP and WPA-PSK wireless encryption keys.
The developer says that because the remote control needs to carry out various actions via WiFi, the best results can be achieved through Kali Linux due to the easy setup of the wireless drivers that support injection.
A known problem with the current version of the Rickmote is that its de-authentication process actually affects all the wireless networks it detects. This is not too much of a problem, though, because the devices reconnect immediately and most of them are not susceptible to this type of hijacking.
Another limitation is that only YouTube videos can be played at the moment. However, Bishop Fox is working on a version that supports video from other resources as well.
They are also planning to provide full documentation for creating the Rickmote Controller on August 6, at this year’s Black Hat conference in the United States.
Check out the demo video below.
