Google’s online media streaming tool, Chromecast, can be “Rickrolled” with a single click of entertainer Rick Astley’s mug shot.
A security researcher has developed an amusing piece of hardware called the “Rickmote” that takes advantage of Chromecast’s simplified Wi-Fi setup, hijacking a wireless connection to deliver a YouTube video of Astley’s groan-worthy hit.
Dan Petro, a senior security analyst with consultancy Bishop Fox, wrote Thursday on the company’s blog that the Rickmote, which uses a Raspberry Pi mini-computer, automates finding potential Chromecast devices to play the prank and briefly disconnects the device from the Wi-Fi network it is using.
“When this loss of connectivity occurs, the Chromecast tries to reconfigure and accepts commands from anyone within proximity,” Petro wrote. “The Rickmote automatically provides this configuration in the form of everyone’s favorite Rick Astley song on loop.”
He is due to present more details on the tool on Friday at the Hope X conference in New York and at the Black Hat security conference on Aug. 6.
The Rickmote uses Aircrack-ng, a tool for cracking WEP and WPA-PSK encrypted Wi-Fi connections, according to a more technical description on Github where the open-source Python code is available for download.
Rickrolling Chromecast is just a matter of booting up the orange device and pressing a large button with Astley’s photo.
So far the device is only configured to play videos from YouTube, but Petro already has plans for another version: “A new tool will also be released to fully automate the hijacking and playing of arbitrary video to the victim’s TV,” he said.
“Let the prank war commence,” he wrote.
Google could not be immediately reached for comment.