It hasn’t taken long for Chromecast maker Google to plug up the bootloader hole exploited by hackers to gain root access to the company’s new media player.
An OTA (over the air) update released yesterday applies a patch which blocks up the hole, according to GTVhacker, who only days before had outlined the exploit which, while said to be unlikely useful to general users, allowed researchers and developers to launch a root shell on port 23.
The GTVHacker team also discussed the Chromecast source code’s likely origins and decided its roots lie more with Android than Chrome OS, thanks mostly due to the fact that many of the kernel and binary files are straight from Google’s Android-powered Google TV.
The hope of the team was to one day turn Chromecast into a GoogleTV stick. However, the news of the patch may mean another vulnerability might need to be found in order to gain a reliable root-access to launch other software.
In the meantime, engadget has reported that some members of xda-developers forum have tried to cut-off the firmware upgrade by disabling keys used to sign the updates. However, results have been mixed. However, over the last 24 hours, a method of sorts was found that appears to stop the update from installing by swapping out Chromecast’s update_engine with a dummy script. This apparently stopped the update and still allowed the device to be root-exploited.
Try these similar stories:
- Google kills off Chromecast local streaming apps – for now
- Chromecast CPU gets new name – Marvell Armada 1500-mini
- Google Chromecast code goes open-source
- Google releases stock 4.2 keyboard to Google Play
- [Video] Chromecast Gameboy emulator hack runs ROMs in the cloud
- New official CX-919 ROM update fixes ‘blank internal flash’
- Cydia Impactor uses vulernability to root Android devices including Google Glass
- New Measy U4B firmware fixes Bluetooth issue
- AirCast app gets content from your Android phone to Chromecast dongle
- New MeLE A1000G firmware upgrade now available