When I spent $35 on the new Chromecast, I expected that it would eventually be hacked. Truth be told, the possibility of tinkering with the device was a big factor in my purchase. However, I never expected it to be exploited so quickly. Today, GTVHacker announces that they have successfully hacked and rooted the media device.
According to the exploit authors, "...Google was kind enough to GPL the bootloader source code for the device. So we can identify the exact flaw that allows us to boot the unsigned kernel. By holding down the single button, while powering the device, the Chromecast boots into USB boot mode. USB boot mode looks for a signed image at 0×1000 on the USB drive. When found, the image is passed to the internal crypto hardware to be verified, but after this process the return code is never checked! Therefore, we can execute any code at will".
In other words, Google locks the front door but leaves a key under the welcome mat. This makes the exploit and execution of code relatively easy. While this is great news for the hacking community, it may be bad news for the future of the Chromecast. The device's success hinders on content providers accepting it for secure delivery of programming -- something this exploit seriously puts in jeopardy. However, according to the exploit authors, Google can patch this at any time with a targeted update.
While the Chromecast has been exploited, there is not yet a benefit to the user for doing so. Currently, it is nothing more than a hack for the sake of hacking. Also, while the hack is reportedly easy to do, it requires a piece of hardware that most users will not have on hand -- a powered USB OTG cable. This cable allows the Chromecast to receive both power as well as mount a USB flash drive through the device's sole micro-USB port. I was able to purchase one on Amazon for $9.99 -- almost 30-percent of the price of the Chromecast itself.
Shockingly, the hackers have revealed that Google possibly misspoke about the device running a stripped down version of ChromeOS: "...We had a lot of internal discussion on this, and have concluded that it’s more Android than ChromeOS. To be specific, it’s actually a modified Google TV release, but with all of the Bionic / Dalvik stripped out and replaced with a single binary for Chromecast. Since the Marvell DE3005 SOC running this is a single core variant of the 88DE3100, most of the Google TV code was reused. So, although it’s not going to let you install an APK or anything, its origins: the bootloader, kernel, init scripts, binaries, are all from the Google TV". This is likely just a miscommunication by Google which should hopefully be cleared up soon.
Are you happy that the device has been hacked? Does it make you want a Chromecast more or less? Tell me in the comments.