Just days after Google released the Chromecast media streaming device, the company started pushing its first software update for the $35 device. Officially the new software patches some bugs and improves security and reliability.

As a side effect, it also makes the Chromecast a lot tougher to root.


The folks at GTVHacker recently discovered they could load custom firmware and load a root shell on the Chromecast. It’s not surprising that Google removed the vulnerability that made that possible — because it would basically let anyone run custom code on the Chromecast by pressing the single hardware button while booting the device. While that doesn’t necessarily open up your device to the threat of malicious hackers taking over your Chromecast over the internet, it does mean that anyone with physical access to your Chromecast could theoretically do scary things to it. Or something.

Google pushes updated over the internet to the Chromecast automatically, much the same way it rolls out updates for Chromebooks. So if you’ve already rooted your device, odds are you’ll lose root access sometime in the next few days if you don’t do anything to prevent the update.

The folks at xda-developers are discussing possible ways to hang onto root or maybe even to downgrade the Chromecast to an earlier firmware version so it can be re-rooted. If history tells us anything though, it’s that there’s probably more than one security hole in Google’s software that can be exploited. Eventually hackers may find a different way to root the Chromecast even running a newer software build.

At this point there’s not much reason for casual Chromecast users to root the device, since there are no apps or features that require root access. But developers looking to expand the functionality of the device might want root access in order to explore ways to run third party apps or perform other tricks that Google may not have had in mind when it developed the Chromecast.

There’s already a Gameboy emulator that can run on the Chromecast, although it’s more of a demonstration project than a truly useful app.

via Android Police

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign


Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,533 other subscribers

4 replies on “Google pushes first Chromecast update, removes root exploit”

    1. Don’t be evil? Plugging a known vulnerability is evil? Are you conceding that EVERY major tech company is evil too? When was the last time a new version of iOS didn’t fix the top vulnerabilities used to jailbreak iPhones? Even as a professed Apple hater, I wouldn’t consider that evil. Sure they have other motives for fixing these vulnerabilities, we all know that, but I hardly see this as evil. They did not sell the device to you under the promise you would be able to run any software you want on it, actually it’s quite the opposite. Perhaps Google’s friendliness to the hacker community has altered your perception of the things they do? Maybe you should be grateful for how cool they have been and not take them to task when they do what literally almost every software company ever has done. Just my 2 cents.

Comments are closed.