Away from the big show floor where vendors exhibit their wares at the Black Hat USA conference is a smaller room called Black Hat Arsenal, where researchers demonstrate their tools and innovations. Among those demonstrating at Black Hat Arsenal was Dan Petro, a security researcher for BishopFox.
Petro demonstrated how, with a small customized Raspberry Pi Linux mini-computer, he could take over a Google Chromecast dongle. The Chromecast is a USB device that enables streaming video for consumer TVs. Petro called his customized Raspberry Pi a Rickmote controller, after the attack payload he delivers to the Chromecast. As part of the Chromecast takeover, Petro’s device streams Rick Astley’s “Never Going to Give You Up” in an attack known as Rickrolling.
The Rickmote is able to Rickroll a Chromecast by abusing functionality on the Chromecast that is intended to make it easier for users to set up the device and get it configured. Petro said that he has informed Google of the issue, but a fix isn’t likely since any additional checks or security measures would make the device more difficult for users to set up and configure.
