Chromecast

Aslowe writes in the Android Central forums,

Is anyone aware if there are any plans to add security to this? Either by Google or maybe a developer working something? I am using some of these for information monitor purposes at a restaurant I do IT work for. One of the employees "accidentally" started broadcasting YouTube videos to the TV overriding the computer feed. Even something as simple as requiring a pin before transmitting would be perfect.

My only other idea would be to put the Chromecast and computer on a different subnet to reduce the likelihood of accidental broadcast.

Anyone, let me know your thoughts. Thanks!

Of course we can't be sure of Google's plans (nobody ever is), but we think the Chromecast was designed for this sort of behavior. Anyone on the same network has access to cast right to the TV using it, and in Google's eyes this makes it social and fun. Because of this, it's inherently insecure.

Now, in all fairness, the Chromecast is posed as a pure consumer entertainment device. We're not surprised that Google has not built-in checks to lock it down. That doesn't mean third party developers won't find a way to make that happen (have you seen what those guys can do?), but for now I think we had better get used to the idea that anyone you put on the same network as the Chromecast is going to be able to send stuff to the television.

The only suggestion we could have would be to secure the network it's on, and be very prudent about who and why you give out the credentials. Or just don't put a Chromecast in a space where it could become an issue.

Discuss this, and all things Chromecast in the Chromecast forums!

Have a question you need answered? (Preferably about Android, but we're flexible.) Hit up our Contact Page to get in touch!

 
There are 49 comments

Joe Arroyo says:

First

Posted via Android Central App

Glad to see the immaturity of "First" posts hasn't gone anywhere...

mstrblueskys says:

I'm not sure where else "First" would go. It seems like the exact place you would expect to find this immaturity! ;)

still1 says:

so according to your logic 2nd comment should say "Second" and not be related to the article posted above. Oh yeah, its not immature /s

Seems like there has been a resurgence.
I'll never understand why people squander the opportunity to set a good pace for discussion by merely posting the word "first." Its sad to think that is all they have to contribute.

I feel sorry for their girlfriends.

Axeavius says:

It's pretty hard to hurt the feelings of an imaginary girlfriend ;)

neonworm says:

Why do people have to do this. They are useless comments.

glazedfaith says:

I can't figure out why they don't just filter out such comments. Or take the woot! approach and filter the word to something ridiculous like PAAAaannncaKes!

Averix says:

I've wondered that too. If the post number = 1 and post contains text "first" or "1st" then delete post or replace text "first" with "poster is an idiot".

MERCDROID says:

This. Would. Be. Awesome.

Posted via Android Central App

ScottJ says:

That comment, like the phone with the same name, is a fail.

Joe Arroyo says:

I like to watch the world burn.

Posted via Android Central App

MERCDROID says:

Lol

Posted via Android Central App

ticktekk says:

Joe you're a prince, you sucked in 14 comments of the 40 before people started to think about the article again. Makes you wonder who really are the immature.

greg1007 says:

My plan is hooking it up in my college dorm. I love it in my home, and while I look forward to the fun of someone sending something random to my TV, I would like some exclusivity now and then

Posted via Android Central App

I'll be using it in my dorm too and I'm a little concerned about this security issue, not that anyone would use it for malicious intents but just as a joke or something. It could be amusing the first few times but I can see it getting old fast...

tx_tuff says:

How good would it work in a doom? I'm sure yours will not be the only one on the network. So if you have a half dozen or more hooked up to the same network how good will it work?

Posted via Android Central App

You will probably be bombarded with things you'd rather not see.

Posted via Android Central App and my Nexus 4 or 7

If you have Windows you can turn your laptop or desktop into a hotspot. I personally have use Win8. Use this... http://sagarpareek.blogspot.com/2012/11/make-your-windows-8-machine-wifi...
Then connect your chromecast to it and then it will be secure.

Seems like this is only an issue for open wireless networks.

Posted via Android Central App

hoosiercub says:

Ding ding.. we have a winner.

Although in an environment where everyone shares a connection like a university or something, it could persist to be an issue.

sarumont says:

Though it would be fairly trivial (technologically speaking - maybe not when it comes to the human element) to set up a separate SSID and subnet for Chromecast(s) and people who have access to them.

eahinrichsen says:

I'm curious as to what kind of information monitoring work the poster is using the Chromecast for. Sounds like an interesting application.

crazace says:

The place is casting information on monitors... TV's. like information about specials going on that kind of stuff.

Jet300 says:

Via what app? A tab in Chrome?

mrhankey184 says:

Connect your chrome fast to built in wifi hotspot then connect your computer to the same hotspot. Easy fix. You can add or remove devices unwanted on your own personal network

Posted via Android Central App

Aerie says:

The security comes from the barrier of a password to get on your wifi network. Accidentally transmitting something requires at minimum two willful taps on any device. If you have allowed someone on your network you have allowed them access to the Chromecast. If you would like some more control than a basic Belkin router for $19.99 for a dedicated wifi network via a Y-topology network setup would easily secure the device if you do not trust everyone you give access to your network.

Dirty-Bird says:

Simple pin would solve this issue. Request the Pin once anyone tries to Chromecast to your device. Having this on a campus wide wifi sounds troubling.

Aerie says:

If you can see the device it is insecure if you do not trust everyone on your network. A pin is a false sense of security. The Chromecast's security comes from your wifi password.

Dirty-Bird says:

You sound foolish. All we are talking about is a distinct situation where the set up is ideal. Nobody is bashing Google. We are just saying a workaround would be nice. Is a pin on your phone a false sense of security? Who knows why you pulled that phrase out. I don't care but it sure prevents the average person from accessing your phone.

Mikey47 says:

Most colleges/universities will have user isolation and force users to enter userid/password so Chromecast won't work anyway.

Posted via Android Central App

dswatson83 says:

Not a problem for me at home but it rules this out for work, college, coffee shops, and other places with unsecured networks. Google needs to allow optional password control so a coffee shop or a college kid can use a device like this should they want to

Aerie says:

Unsecured networks in public places should not exist. Even if the network name is the same as the SSID that is better. WPA2 breaks the hole made public from Firesheep. If the Chromecast is on the same network it is not the best solution for security. A simple Y-topology network setup to have the Chromecast on its own network would be better and wouldn't even show up to other devices on the other network.

The security for the Chromecast is your wifi password. If you can not trust devices on your network then you need to move the Chromecast to another network. A pin is not sufficient if you have people on your network that you do not trust.

Grahaman27 says:

Aaand what if the network is shared?? Like so many. I'm on the camp that says it needs an option for a PIN.

icebike says:

A pin or a network password differ only in length.
They amount to the same thing.

AirSnort will get you both, so any use of a VLAN offers at bes illusionary security.

hoosiercub says:

I think you're missing the point entirely. If an entire floor of a college campus dorm is sharing WiFi, what do you propose to keep people from beaming their shit to your shit?

I understand the openness of the device and like this aspect of it personally, but I could see it being ridiculously frustrating to use in an environment with a secure WiFi network shared among a lot of people.

Mikey47 says:

Ever hear of user isolation? That's what keeps it from working. Same thing that doesn't allow you to see every other computer on your dorm floor.

Of you can see every other computer, they can see you and you have a lot more to worry about that someone casting "shit to your shit".

I'm amazed at the lack of knowledge by all the people here at college that have no clue how this stuff works. Sad day for our computing future.

Posted via Android Central App

bmolloy says:

I work for the fire department and we have coined the term Chrome-Jacking for when somebody else takes over the chrome. Our network is secure, but everyone is behind it. When I brought it in to the station I said, "let the games begin". It would be nice to be able to pin protect it.

LaMarcus says:

Same situation here,I brought mine to the firehouse and plugged it in at weekend breakfast and kaboom videos were getting rolled over left and right. Its cool and all but when you are in your cube trying to watch a movie and Netflix and a random cat video pops up it kind of sucks.....but still funny. I would like a way to lock it to my devices only when I feel like it.

My question would be is there not a more appropriate tool?
I suppose the answer might be not at that price.

I dropped mine in the toilet! :( I couldn't wait to unbox it so I could see it and this is what happens —_–.

Posted via Android Central App

CountryDevil says:

My question is why would you use it in a commercial setting when it clearly is not designed for that. With or without security, to me ChromeCast is more marketed as a personal device and not for use in a commercial setting. Can it be used in an commercial setting, sure. But I wouldn't knowing it could not be secured and "accidently" hijacked by the public or some other employee.

It seem a bit like putting a consumer grade printer on a wifi network and complaining that any device on the network can print to it.

Where is this restaurant? I have some things to share.

Posted via Android Central App and my Nexus 4 or 7

Waiting for mine to arrive. El Goog still says my order is processing.

Posted via Android Central App

TheDu9du says:

Aslowe here's my security tip for you, keep Chromecast at home. If your work can't handle the cast keep it away. Quit B.S.ing everyone with a need for "security" something that's pretty straight forward. If your company lets your coworker use a computer that can download Chrome and the Googlecast extension then that should be enough lack of security on your company's part.

toddjy says:

There's not even a simple password to access a Chromecast?

I can imagine a situation where someone runs around accessing porn sites, and whenever they find a Chromecast, they throw it on there. Hope there's no little kids in the room.

vjg2000 says:

Does that mean if there are two chromecasts in the same home on the same network, they will both show the same thing brodcasted from one phone. I was thinking of having one in the bedroom and one in the living room where two different things can be seen on each.