Rooted Chromecast with Web Panel = Problems with security
I was playing with it only for one few hours...
and I am concerned with current level of security of rooted Chromecast.
reboot wireless router(wireless access point)
wireless router is down/malfunction
communication between Chromecast and wireless router is jammed
someone used Aircrack-ng suite to disconnect Chromecast from wireless router
your Chromecast just created open wireless network for configuration purposes...
and Team-Eureka http panel is accessible at most likely default IP address 192.168.255.253,
also provides you with an IP adress via internal dhcp.
look a bit at config:
be sure that telnet, ssh, adb are running.
Just connect with telnet or SSH, privledged user is root, there is no password
ssid="my wifi essid"
psk=my password on a silver plate in WPA PSK HEX(64 characters)
You just owned someone's Chromecast and can abuse his wireless network.
Still got time tinker with Chromecast? Maybe plant some android type of backdoor... NSA style...
How to fix this?
1. be sure that internal web server is not vurnelable.
3. Http panel accessible only after providing password that is by default for instance sha-1 hash of serial number.
(user may take a picture of his own chromecast and use tool/service to generate hash), it should be changed at first login
4. adb, telnet, ssh disabled by default
5. root password