Chromecast

Aslowe writes in the Android Central forums,

Is anyone aware if there are any plans to add security to this? Either by Google or maybe a developer working something? I am using some of these for information monitor purposes at a restaurant I do IT work for. One of the employees "accidentally" started broadcasting YouTube videos to the TV overriding the computer feed. Even something as simple as requiring a pin before transmitting would be perfect.

My only other idea would be to put the Chromecast and computer on a different subnet to reduce the likelihood of accidental broadcast.

Anyone, let me know your thoughts. Thanks!

Of course we can't be sure of Google's plans (nobody ever is), but we think the Chromecast was designed for this sort of behavior. Anyone on the same network has access to cast right to the TV using it, and in Google's eyes this makes it social and fun. Because of this, it's inherently insecure.

Now, in all fairness, the Chromecast is posed as a pure consumer entertainment device. We're not surprised that Google has not built-in checks to lock it down. That doesn't mean third party developers won't find a way to make that happen (have you seen what those guys can do?), but for now I think we had better get used to the idea that anyone you put on the same network as the Chromecast is going to be able to send stuff to the television.

The only suggestion we could have would be to secure the network it's on, and be very prudent about who and why you give out the credentials. Or just don't put a Chromecast in a space where it could become an issue.

Discuss this, and all things Chromecast in the Chromecast forums!

Have a question you need answered? (Preferably about Android, but we're flexible.) Hit up our Contact Page to get in touch!

 

Reader comments

The Chromecast is for sharing and isn't secure by design

49 Comments

I'm not sure where else "First" would go. It seems like the exact place you would expect to find this immaturity! ;)

so according to your logic 2nd comment should say "Second" and not be related to the article posted above. Oh yeah, its not immature /s

Seems like there has been a resurgence.
I'll never understand why people squander the opportunity to set a good pace for discussion by merely posting the word "first." Its sad to think that is all they have to contribute.

I can't figure out why they don't just filter out such comments. Or take the woot! approach and filter the word to something ridiculous like PAAAaannncaKes!

I've wondered that too. If the post number = 1 and post contains text "first" or "1st" then delete post or replace text "first" with "poster is an idiot".

Joe you're a prince, you sucked in 14 comments of the 40 before people started to think about the article again. Makes you wonder who really are the immature.

My plan is hooking it up in my college dorm. I love it in my home, and while I look forward to the fun of someone sending something random to my TV, I would like some exclusivity now and then

Posted via Android Central App

I'll be using it in my dorm too and I'm a little concerned about this security issue, not that anyone would use it for malicious intents but just as a joke or something. It could be amusing the first few times but I can see it getting old fast...

How good would it work in a doom? I'm sure yours will not be the only one on the network. So if you have a half dozen or more hooked up to the same network how good will it work?

Posted via Android Central App

Ding ding.. we have a winner.

Although in an environment where everyone shares a connection like a university or something, it could persist to be an issue.

Though it would be fairly trivial (technologically speaking - maybe not when it comes to the human element) to set up a separate SSID and subnet for Chromecast(s) and people who have access to them.

I'm curious as to what kind of information monitoring work the poster is using the Chromecast for. Sounds like an interesting application.

The place is casting information on monitors... TV's. like information about specials going on that kind of stuff.

Connect your chrome fast to built in wifi hotspot then connect your computer to the same hotspot. Easy fix. You can add or remove devices unwanted on your own personal network

Posted via Android Central App

The security comes from the barrier of a password to get on your wifi network. Accidentally transmitting something requires at minimum two willful taps on any device. If you have allowed someone on your network you have allowed them access to the Chromecast. If you would like some more control than a basic Belkin router for $19.99 for a dedicated wifi network via a Y-topology network setup would easily secure the device if you do not trust everyone you give access to your network.

Simple pin would solve this issue. Request the Pin once anyone tries to Chromecast to your device. Having this on a campus wide wifi sounds troubling.

If you can see the device it is insecure if you do not trust everyone on your network. A pin is a false sense of security. The Chromecast's security comes from your wifi password.

You sound foolish. All we are talking about is a distinct situation where the set up is ideal. Nobody is bashing Google. We are just saying a workaround would be nice. Is a pin on your phone a false sense of security? Who knows why you pulled that phrase out. I don't care but it sure prevents the average person from accessing your phone.

Most colleges/universities will have user isolation and force users to enter userid/password so Chromecast won't work anyway.

Posted via Android Central App

Not a problem for me at home but it rules this out for work, college, coffee shops, and other places with unsecured networks. Google needs to allow optional password control so a coffee shop or a college kid can use a device like this should they want to

Unsecured networks in public places should not exist. Even if the network name is the same as the SSID that is better. WPA2 breaks the hole made public from Firesheep. If the Chromecast is on the same network it is not the best solution for security. A simple Y-topology network setup to have the Chromecast on its own network would be better and wouldn't even show up to other devices on the other network.

The security for the Chromecast is your wifi password. If you can not trust devices on your network then you need to move the Chromecast to another network. A pin is not sufficient if you have people on your network that you do not trust.

A pin or a network password differ only in length.
They amount to the same thing.

AirSnort will get you both, so any use of a VLAN offers at bes illusionary security.

I think you're missing the point entirely. If an entire floor of a college campus dorm is sharing WiFi, what do you propose to keep people from beaming their shit to your shit?

I understand the openness of the device and like this aspect of it personally, but I could see it being ridiculously frustrating to use in an environment with a secure WiFi network shared among a lot of people.

Ever hear of user isolation? That's what keeps it from working. Same thing that doesn't allow you to see every other computer on your dorm floor.

Of you can see every other computer, they can see you and you have a lot more to worry about that someone casting "shit to your shit".

I'm amazed at the lack of knowledge by all the people here at college that have no clue how this stuff works. Sad day for our computing future.

Posted via Android Central App

I work for the fire department and we have coined the term Chrome-Jacking for when somebody else takes over the chrome. Our network is secure, but everyone is behind it. When I brought it in to the station I said, "let the games begin". It would be nice to be able to pin protect it.

Same situation here,I brought mine to the firehouse and plugged it in at weekend breakfast and kaboom videos were getting rolled over left and right. Its cool and all but when you are in your cube trying to watch a movie and Netflix and a random cat video pops up it kind of sucks.....but still funny. I would like a way to lock it to my devices only when I feel like it.

I dropped mine in the toilet! :( I couldn't wait to unbox it so I could see it and this is what happens —_–.

Posted via Android Central App

My question is why would you use it in a commercial setting when it clearly is not designed for that. With or without security, to me ChromeCast is more marketed as a personal device and not for use in a commercial setting. Can it be used in an commercial setting, sure. But I wouldn't knowing it could not be secured and "accidently" hijacked by the public or some other employee.

It seem a bit like putting a consumer grade printer on a wifi network and complaining that any device on the network can print to it.

Aslowe here's my security tip for you, keep Chromecast at home. If your work can't handle the cast keep it away. Quit B.S.ing everyone with a need for "security" something that's pretty straight forward. If your company lets your coworker use a computer that can download Chrome and the Googlecast extension then that should be enough lack of security on your company's part.

There's not even a simple password to access a Chromecast?

I can imagine a situation where someone runs around accessing porn sites, and whenever they find a Chromecast, they throw it on there. Hope there's no little kids in the room.

Does that mean if there are two chromecasts in the same home on the same network, they will both show the same thing brodcasted from one phone. I was thinking of having one in the bedroom and one in the living room where two different things can be seen on each.