The Rickmote Controller: Hacking One Chromecast at a Time

By:
Large orange remote controller

Share

Have you ever wanted to be as rich as Tony Stark of “Iron Man” fame? How about as cool as Tony Stark? Have you ever imagined yourself hijacking TVs, just like Stark does in the second film?

Well, you may never be as rich or as cool as Stark, but you can take over Chromecast-enabled TVs. Enter the Rickmote Controller, a tool that allows you to hijack nearby Chromecasts and play – what else? – the irresistible Rick Astley hit, “Never Gonna Give You Up.”

Chromecast Hacking in a Nutshell

How is it possible to hijack unsuspecting Chromecast users’ TVs, turning their “Game of Thrones” marathon into a 1980s flashback? The Rickmote accomplishes this by briefly disconnecting nearby Chromecasts from their Wi-Fi. When this loss of connectivity occurs, the Chromecast tries to reconfigure and accepts commands from anyone within proximity. The Rickmote automatically provides this configuration in the form of everyone’s favorite Rick Astley song on loop.

Steps to Make Your Own Rickmote — Coming Soon

The Rickmote is an open-source program designed to make pranking your friends and neighbors easy. It automates the process of identifying, targeting, and playing video to all Chromecast-attached TVs in Wi-Fi range. You can download the code at the Bishop Fox GitHub and follow the instructions there.

Stay tuned for a breakdown at Black Hat Tools Arsenal USA on August 6, 2014. We’ll release a step-by-step guide on how to create a Rickmote Controller out of a Raspberry Pi like in the video above!

We Know the Game — and We're Gonna Play It

Once it’s ready, using the Rickmote could not be any easier. To start rickrolling, boot it up and press the big Rickroll button. One click is all it takes – and Rick Astley runs wild!

While you may never be like Tony Stark (unfortunately,) you can mimic some of his tricks and hijack nearby Chromecast-enabled TVs. We’re not sure what Stark’s feelings would be on the music of Rick Astley, though.

YouTube - Google Chromecast Hacking Videos

Want more information? Click here to learn more about the Rickmote.

The Rickmote was recently chronicled in a Wired feature, which you can read here.

Rick Astley

Image by hieu from Flickr’s Creative Commons

Subscribe to Bishop Fox's Security Blog

Be first to learn about latest tools, advisories, and findings.

Dan Petro Headshot

About the author, Dan Petro

Senior Security Engineer

As a senior security engineer for the Bishop Fox Capability Development team, Dan builds hacker tools, focusing on attack surface discovery. Dan has extensive experience with application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. He has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.

More by Dan

Recommended Posts

You might be interested in these related posts.

Nov 01, 2024

A Brief Look at FortiJump (FortiManager CVE-2024-47575)

Sep 24, 2024

Broken Hill: A Productionized Greedy Coordinate Gradient Attack Tool for Use Against Large Language Models

Sep 11, 2024

Exploring Large Language Models: Local LLM CTF & Lab

Jul 02, 2024

Product Security Review Methodology for Traeger Grill Hack

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.