Hackers are taking over Chromecasts to promote PewDiePie’s channel

Two hackers have teamed up to promote Felix “PewDiePie” Kjellberg by forcing TVs to display a message encouraging people to subscribe to his YouTube channel. The hack takes advantage of a router setting that makes smart devices, like Chromecasts and Google Homes, publicly viewable on the internet. The attackers are then able to gain control of the devices and broadcast videos on a connected TV.

The attack, which is being referred to as CastHack, is being conducted by two hackers, HackerGiraffe and j3ws3r. A website for the attack claims to count the number of TVs forced to show the PewDiePie message and currently says more than 3,000 have been affected. While it’s not clear that this is an accurate number (it has reset several times), a number of people posted on Reddit that the video had appeared on their TV.

Google tells The Verge it has received reports from people who had “an unauthorized video played on their TVs via a Chromecast device,” but said the issue was the result of router settings. Both HackerGiraffe and Google told The Verge the best way for affected users to fix the issue is to turn off Universal Plug and Play (UPnP) on their routers.

This is the second time that HackerGiraffe and j3ws3r have teamed up to promote PewDiePie with quirky, if disruptive, hacks. Both said they were behind a hack in November that forced printers around the world to print out sheets of paper telling people to subscribe to PewDiePie.

The hack occurred during the height of Kjellberg’s ongoing battle with another YouTube channel, T-Series, which is close to passing his subscriber count.

HackerGiraffe said their attacks are more about exposing vulnerabilities than promoting Kjellberg’s channel. “We want to help you, and also our favorite YouTubers (mostly PewDiePie),” their website reads. “We’re only trying to protect you and inform you of this [vulnerability] before someone takes real advantage of it.”

CastHack is meant to remind Google of security flaws, HackerGiraffe said. That includes “sensitive data being leaked” and the ability to reset Chromecasts from afar. HackerGiraffe said the attack doesn’t gather or save any information from affected devices; it just renames them and forces them to play their YouTube video.

In December, The Wall Steet Journal’s website was also hacked to promote Kjellberg’s channel, but HackerGiraffe said they weren’t involved.

The Wall Street [Journal] one was harmful and goes against what we stand for,” HackerGiraffe said.