Google patches Chromecast bootloader hole, blocks root access


It hasn’t taken long for Chromecast maker Google to plug up the bootloader hole exploited by hackers to gain root access to the company’s new media player.

An OTA (over the air) update released yesterday applies a patch which blocks up the hole, according to GTVhacker, who only days before had outlined the exploit which, while said to be unlikely useful to general users, allowed researchers and developers to launch a root shell on port 23.

The GTVHacker team also discussed the Chromecast source code’s likely origins and decided its roots lie more with Android than Chrome OS, thanks mostly due to the fact that many of the kernel and binary files are straight from Google’s Android-powered Google TV.

The hope of the team was to one day turn Chromecast into a GoogleTV stick. However, the news of the patch may mean another vulnerability might need to be found in order to gain a reliable root-access to launch other software.

In the meantime, engadget has reported that some members of xda-developers forum have tried to cut-off the firmware upgrade by disabling keys used to sign the updates. However, results have been mixed.¬†However, over the last 24 hours,¬†a method of sorts was found that appears to stop the update from installing by swapping out Chromecast’s update_engine with a dummy script. This apparently stopped the update and still allowed the device to be root-exploited.

Try these similar stories:

Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

Current month ye@r day *