Researchers exploit Google Chromecast

Researchers have developed a secure boot exploit that grants root access on the Google Chromecast video device launched last week.

The $US35 media streaming USB stick delivers online music and video to televisions via HDMI.

GTV Hacker security researcher CJ Heres (@cj_000) said he hoped the exploit found during an initial source code audit would help others to investigate the Google platform and build custom software.

"For the normal user, this release will probably be of no use [but] for the rest of the community this is just the first step in opening up what has just been a mysterious stick up to this point," CJ Heres said in a post.

"We hope that following this release the community will have the tools they need to improve on the shortfalls of this device and make better use of the hardware."

Heres, part of a team focused on hacking Google TV, said the device appeared to be "more Android than ChromeOS", specifically modified Google TV with Bionic / Dalvik software replaced with a single binary.

"So, although it’s not going to let you install an APK or anything, its origins: the bootloader, kernel, init scripts [and] binaries are all from the Google TV."

The flaw was accessed by holding down a single button on the device when it was powering up, which booted into USB mode and searched for a signed image.

"When found, the image is passed to the internal crypto hardware to be verified, but after this process the return code is never checked. Therefore, we can execute any code at will," Heres said.

Heres and researchers Dan Rosenberg and Tom Dwenger will showcase Google TV secure boot exploits at DEF CON 21 on 2 August.