Google Chromecast rooted in less than a week

Google launched its Chromecast dongle, a $35 device capable of relaying video content and web-pages from your PC or mobile device to a HDMI-capable display, just last week and a software exploit has been found which opens up a root shell on the device.

Folks over at GTVHacker.com have managed to gain a root shell on the device on port 23 by exploiting a software bug in Chromecast. According to the hackers, the problem is that return code of checks performed by the bootloader are not verified.

The device can be booted into USB boot mode by holding a single button. Once booted the “device looks for a signed image at 0×1000 on the USB drive.” The hackers revealed that after the image is found and forwarded to the internal cypto, the return code is never checked which enabled them to run any arbitrary code. The website reads, “the value stored in ret is never actually verified to ensure that the call to “VerifyImage” succeeded.”

“From that, we are able to execute our own kernel.” the site adds further.

Google has put in the Google TV software stack in Chromecast but, the Dalvik/Bionic code has been stripped off.

For more see the video below: