Just days after Google released the Chromecast media streaming device, the company started pushing its first software update for the $35 device. Officially the new software patches some bugs and improves security and reliability.
As a side effect, it also makes the Chromecast a lot tougher to root.
The folks at GTVHacker recently discovered they could load custom firmware and load a root shell on the Chromecast. It’s not surprising that Google removed the vulnerability that made that possible — because it would basically let anyone run custom code on the Chromecast by pressing the single hardware button while booting the device. While that doesn’t necessarily open up your device to the threat of malicious hackers taking over your Chromecast over the internet, it does mean that anyone with physical access to your Chromecast could theoretically do scary things to it. Or something.
Google pushes updated over the internet to the Chromecast automatically, much the same way it rolls out updates for Chromebooks. So if you’ve already rooted your device, odds are you’ll lose root access sometime in the next few days if you don’t do anything to prevent the update.
The folks at xda-developers are discussing possible ways to hang onto root or maybe even to downgrade the Chromecast to an earlier firmware version so it can be re-rooted. If history tells us anything though, it’s that there’s probably more than one security hole in Google’s software that can be exploited. Eventually hackers may find a different way to root the Chromecast even running a newer software build.
At this point there’s not much reason for casual Chromecast users to root the device, since there are no apps or features that require root access. But developers looking to expand the functionality of the device might want root access in order to explore ways to run third party apps or perform other tricks that Google may not have had in mind when it developed the Chromecast.
There’s already a Gameboy emulator that can run on the Chromecast, although it’s more of a demonstration project than a truly useful app.
via Android Police