[Q] Maxcast

Someone else in your area probably has a Chromecast and named it maxcast.

Sent from my Nexus 7 using Tapatalk

LeftyGR said:

Not possible. It's on my wireless network, which is locked down tight. And if it was someone else's cc, to name it would mean it's set up.

<Note3>

Click to expand...

Click to collapse

Its not on your wireless network. The app detects all Chromecast within range and asks you to set it up on your network.

Sent from my Nexus 7 using Tapatalk

It is correct that's how it works. Believe what you want.

Sent from my Nexus 7 using Tapatalk

LeftyGR said:

Not really helpful, but ok. Explain why it lists the device on my wireless network?

<Note3>

Click to expand...

Click to collapse

Factory reset your Chromecast. It will show up the same way as the "max cast" does until you set it up.

Sent from my Nexus 5 using Tapatalk

LeftyGR said:

Not really helpful, but ok. Explain why it lists the device on my wireless network?

<Note3>

Click to expand...

Click to collapse

Because it detects it via WiFi, It sees the device in AP mode and is telling you you need to connect it to your network!

If you check available wireless networks in Settings on your phone you'll see a unsecured Access Point on Channel 1 called Chromecast which is the 'MaxCast' waiting for something to connect to set up. It's probably your neighbours. Maybe they've gone away, turned of their wifi, but left their Chromecast powered up. A set up and powered up Chromecast that can't find it's preferred network will fire up it's internal Access Point waiting to be set up again. When they switch their wireless back on it will disappear.

LeftyGR said:

1st. @Cuzz1369 . Sorry for arguing.
2nd. So a cc device set up on someone else's wireless network is in proximity to mine and can actually be set up? That just seems...stoopid. I woulda thought once set up it would lock in the settings and be on one network. Hmm. Ok then. Thanks for everyone's input!

<Note3>

Click to expand...

Click to collapse

As someone else said, its not setup on a wireless network. Its looking for a home. Once its setup on a network it won't show up.

Sent from my Nexus 5 using Tapatalk

I remember reading somewhere on this forum that a rooted Chromecast in this condition (looking for a home) can be made to show the SSID and Passphrase of the owner who originally set it up if someone knows where to look. Am I correct in this or am I having a senior moment.

If the above is true will a stock Chromecast do the same thing (show critical information)?

One of my reasons for asking is I am seeing my neighbor's Chromecast and it is apparent he has set it up since it shows his name. Would like to be able to tell him if he is indeed vulnerable.

Actually it's showing to be set up because his wifi router is off, out of range or he changed its password. Since it's not ChromecastXXXX it was already configured.

extrem0 said:

Actually it's showing to be set up because his wifi router is off, out of range or he changed its password. Since it's not ChromecastXXXX it was already configured.

Click to expand...

Click to collapse

Yes, I realize it has been set up but it is now broadcasting as an open network for someone to setup.

In the above condition, is the SSID and Passphrase of the original person's wifi network vulnerable to being seen by a third party?

Nothing to do with Chromecast but there are wifi thermostats that do the same thing (broadcast as an open network even though they have been setup but have lost connection to the original wifi network for some reason). I had one and never really felt comfortable with the thing doing this.

Even if not a security risk per se is does allow for some potentially damaging practical jokes. Strategic highjack of your neighbours Chromecast and then cast some particularly unsavoury NSFW content on a loop. Marriage breaker........

Sent from my Cyclone Voyager using XDA Premium 4 mobile app

I found my answer at this post http://xdaforums.com/showthread.php?t=2632288

Chromecast acts as open AP if is not connected to, in case of rooted it allows to steal your ESSID and PASSPHRASE

Click to expand...

Click to collapse

It appears to only be a rooted Chromecast that gives the farm away in the ' looking for a home ' situation. My neighbor should be OK unless his is rooted.

chateau1 said:

Yes, I realize it has been set up but it is now broadcasting as an open network for someone to setup.

In the above condition, is the SSID and Passphrase of the original person's wifi network vulnerable to being seen by a third party?

Nothing to do with Chromecast but there are wifi thermostats that do the same thing (broadcast as an open network even though they have been setup but have lost connection to the original wifi network for some reason). I had one and never really felt comfortable with the thing doing this.

Click to expand...

Click to collapse

I'm almost sure it was already discussed in Eureka-ROM thread. If I recall correctly, someone said it's indeed possible to get the wifi passphrase by accessing an open Chromecast already set up. It'll be protected when the next webpanel is out.
I just tried to get my wifi passphrase accessing my chromecast, but it was encrypted. It looks like they already solved this issue.

neu - smurph said:

Even if not a security risk per se is does allow for some potentially damaging practical jokes. Strategic highjack of your neighbours Chromecast and then cast some particularly unsavoury NSFW content on a loop. Marriage breaker........

Sent from my Cyclone Voyager using XDA Premium 4 mobile app

Click to expand...

Click to collapse

lol! Dangerous mind! Now we'll have to take care when moving..

I think it's high unlikely you have an a*****e geek neighbour who is seeking for an unsecured chromecast (which need to be already set up and lost its connection) and will do any harm. The most probably to happen is someone setup it mistakenly thinking it's his/her's own chromecast and will cast a proper video (unless you also have a disturbed neighbour, which is quite unlikely too). But then he/she will eventually notice that did it by mistake, or yourself will notice something is wrong..

Well as I said in the other discussion....

Even if you got the Login Info you needed to connect to whatever network it was set up on....
If the CCast couldn't use the credentials to connect and stay out of AP Mode, how the hell can anyone else connect, What good is that Info? LOL

Can it be exploited by a really smart Hacker? Of Course but then again that same person s smart enough to hack the router without the need for a CCast in AP mode.

chateau1 said:

I remember reading somewhere on this forum that a rooted Chromecast in this condition (looking for a home) can be made to show the SSID and Passphrase of the owner who originally set it up if someone knows where to look. Am I correct in this or am I having a senior moment

Click to expand...

Click to collapse

Yes, this is true and Team-Eureka has it on their radar - once the web panel is secured, it will be as much of an issue as it is with other rooted Android devices.
FWIW, you can get the WiFi credentials in plaintext from the same file on my rooted Android phone, so likely the core problem of the credentials being stored in plaintext is inherent in Android itself.
The trouble with Chromecast is that it automatically makes itself available as an unsecured WiFi AP for setup.
Which is OK except for the fact that rooted firmware enable ADB/SSH/Telnet by default.
Which is also OK except for the fact that those can be (re)enabled via the Eureka web panel.
Which is OK except for the fact that anybody can get to the web panel, because anybody can connect to the Chromecast's unsecure AP.
So any break in the chain would fix things. Functionality-wise securing the web panel is the best solution - it doesn't break any stock functionality and doesn't remove any added functionality.

chateau1 said:

If the above is true will a stock Chromecast do the same thing (show critical information)?

Click to expand...

Click to collapse

No, because there isn't ADB, SSH or Telnet access to browse the filesystem.
Even if there was ADB/SSH/Telnet or some other way to browse the filesystem, without root you can't access the supplicant file.

chateau1 said:

One of my reasons for asking is I am seeing my neighbor's Chromecast and it is apparent he has set it up since it shows his name. Would like to be able to tell him if he is indeed vulnerable.

Click to expand...

Click to collapse

Your neighbor isn't vulnerable to his/her wireless credentials being let out (unless someone finds another way to hack Chromecast's setup mode). However, someone could easily "hijack" their Chromecast, associate with another network and push random content to it.
If they have HDMI-CEC enabled the hijacker could turn on their and play whatever they wanted to.
It's not really a huge security risk, but it's an annoyance, as the hijacker would be taking over your neighbor's TV, and they could push undesired content. Overall, the hijacker would probably get bored quickly as they wouldn't see any of the result, unless they're an immediate neighbor or spying on their in some other way.