The Chromecast Audio is no more. Google has decided to stop manufacturing the audio dongle that allowed you to add any ‘dumb’ speaker to your Google Cast setup. If you still want one, you’ll have to hurry — and to entice you to buy a discontinued product, Google is now selling its remaining inventory for $15 instead of $35.
“Our product portfolio continues to evolve, and now we have a variety of products for users to enjoy audio,” Google told us in a statement. “We have therefore stopped manufacturing our Chromecast Audio products. We will continue to offer assistance for Chromecast Audio devices, so users can continue to enjoy their music, podcasts and more.”
While the Chromecast turned out to be a major hit for Google, the Chromecast Audio was always more of a niche product.
Google is clearly more interested in getting people to buy its Google Home products and Assistant- or Cast-enabled speakers from its partners. It’s also worth noting that all Google Home devices can connect to Bluetooth enabled speakers, though plenty of people surely have a nice speaker setup at home that doesn’t have built-in Bluetooth support. “Bluetooth adapters suck,” Google told us at the time, though at this point, it seems a Bluetooth adapter may just be the way to go.
The Chromecast Audio first launched back in 2015, in conjunction with the second-generation Chromecast. Over the years, the Chromecast Audio received numerous updates that enabled features like multi-room support. Google says it’ll continue to support Chromcast Audio users for the time being, so if you have already invested in this ecosystem, you should be set for a few more years.
VLC, the hugely popular media playing service, is filling one of its gaps with the addition of AirPlay support as it has just crossed an incredible three billion users.
The new feature was revealed by Jean-Baptiste Kempf, one of the service’s lead developers, in an interview with Variety at CES and it will give users a chance to beam content from their Android or iOS device to an Apple TV. The addition, which is due in the upcoming version 4 of VLC, is the biggest new feature since the service added Chromecast support last summer.
But that’s not all that the dozen or so people on the VLC development team are working on.
In addition, Variety reports that VLC is preparing to enable native support for VR content. Instead of SDKs, the team has reversed engineered popular hardware to offer features that will include the option to watch 2D content in a cinema-style environment. There also are plans to bring the service to more platforms, with VentureBeat reporting that the VLC team is eyeing PlayStation 4, Nintendo Switch and Roku devices.
VLC, which is managed by nonprofit parent VideonLAN, racked up its three millionth download at CES, where it celebrated with the live ticker pictured above. The service reached one billion downloads back in May 2012, which represents incredible growth for a venture that began life as a project from École Centrale Paris students in 1996.
Google was warned of a bug in its Chromecast media streaming stick years ago, but did not fix it. Now, hackers are exploiting the bug — and security researchers say things could get even worse.
A hacker, known as Hacker Giraffe, has become the latest person to figure out how to trick Google’s media streamer into playing any YouTube video they want — including videos that are custom-made. This time around, the hacker hijacked thousands of Chromecasts, forcing them to display a pop-up notice that’s viewable on the connected TV, warning the user that their misconfigured router is exposing their Chromecast and smart TV to hackers like himself.
The bug, dubbed CastHack, exploits a weakness in both Chromecast and the router it connects to. Some home routers have enabled Universal Plug and Play (UPnP), a networking standard that can be exploited in many ways. UPnP forwards ports from the internal network to the internet, making Chromecasts and other devices viewable and accessible from anywhere on the internet.
“We have received reports from users who have had an unauthorized video played on their TVs via a Chromecast device,” a Google spokesperson told TechCrunch. “This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable,” the spokesperson said.
That’s true on one hand, but it doesn’t address the years-old bug that gives anyone with access to a Chromecast the ability to hijack the media stream and display whatever they want, because Chromecast doesn’t check to see if someone is authorized to change the video stream. (Google did not respond to our follow-up question.)
Hacker Giraffe sent this YouTube video to thousands of exposed Chromecast devices, warning that their streams could be easily hijacked. (Screenshot: TechCrunch)
Bishop Fox, a security consultancy firm, first found the bug in 2014, not long after the Chromecast debuted. The researchers found that they could conduct a “deauth” attack that disconnects the Chromecast from the Wi-Fi network it was connected to, causing it to revert back to its out-of-the-box state, waiting for a device to tell it where to connect and what to stream. That’s when it can be hijacked and forced to stream whatever the hijacker wants. All of this can be done in an instant — as they did — with a touch of a button on a custom-built handheld remote.
Ken Munro, who founded Pen Test Partners, says there’s “no surprise that somebody else stumbled on to it,” given both Bishop Fix found it in 2014 and his company tested it in 2016.
“In fairness, we never thought that the service would be exposed on the public internet, so that is a very valid finding of his, full credit to him for that,” Munro told TechCrunch.
He said the way the attack is conducted is different, but the method of exploitation is the same. CastHack can be exploited over the internet, while Bishop Fox and his “deauth” attacks can be carried out within range of the Wi-Fi network — yet, both attacks let the hacker control what’s displayed on the TV from the Chromecast, he said.
Munro said Google should have fixed its bug in 2014 when it first had the chance.
“Allowing control over a local network without authentication is a really silly idea on [Google’s] part,” he said. “Because users do silly things, like expose their TVs on the internet, and hackers find bugs in services that can be exploited.”
Hacker Giraffe is the latest to resort to “Good Samaritan security,” by warning users of the issues and providing advice on how to fix them before malicious hackers take over, where tech companies and device makers have largely failed.
But Munro said that these kinds of attacks — although obnoxious and intrusive on the face of it — could be exploited to have far more malicious consequences.
In a blog post Wednesday, Munro said it was easy to exploit other smart home devices — like an Amazon Echo — by hijacking a Chromecast and forcing it to play commands that are loud enough to be picked up by its microphone. That’s happened before, when smart assistants get confused when they overhear words on the television or radio, and suddenly and without warning purchase items from Amazon. (You can and should turn on a PIN for ordering through Amazon.)
To name a few, Munro said it’s possible to force a Chromecast into loading a YouTube video created by an attacker to trick an Echo to: “Alexa, order an iPad,” or, “Alexa, turn off the house alarm,” or, “Alexa, set an alarm every day at 3am.”
Google’s next-generation Chromecast device launched today – something that came as no surprise, given that Best Buy accidentally sold one to an in-store customer last month. The new streaming dongle doesn’t represent a significant update from the prior version. It’s still a round puck attached to a cable and costs $35, but now it supports faster, 5 GHz 802.11ac Wi-Fi, as had been expected.
The company chose not to focus on the Chromecast at its hardware event this morning, instead simply launching the updated device on the Google Store alongside the event itself.
The new device now sports a Google logo on the center of the puck, instead of the Chrome logo found on the 2015 model, which first introduced the round form factor. That change was meant to help better accommodate Chromecast’s new internals and make it easier to plug into TVs, Google had said.
The third-generation Chromecast also features support for up to 1080p resolution up to 60fps, and plugs into TVs via the HDMI port, as before. It continues to have a micro-USB power connector. And it still doesn’t work with a remote – you use your phone for that through.
Chromecast’s companion app, Google Home, lets users set up and control their Chromecast, Google Home devices, and Google Assistant speakers. This was also given a redesign today with more of a focus on controlling the smart home.
The Chromecast still comes in two versions – this new, 3rd generation device and the 4K-ready Chromecast Ultra, which is $69.
But for just a little more than the $35 basic Chromecast, you can now buy a $40 4K-ready Roku Premiere or a $50 Fire TV Stick 4K. Perhaps Google is waiting for a bigger refresh to its Chromecast product line that makes its devices more competitive, before making any formal announcements here.
The third-gen Chromecast comes in Chalk and Charcoal, and is 51.8mm long and 13.8mm wide. That’s about the same as the second-gen, at 51.9 x 51.9 x 13.49 mm.
It’s been a week since Lenovo’s Google Assistant-powered smart display went on sale and slowly but surely, its competitors are launching their versions, too. Today, JBL announced that its $249.95 JBL Link View is now available for pre-order, with an expected ship date of September 3, 2018.
JBL went for a slightly different design than Lenovo (and the upcoming LG WK9), but in terms of functionality, these devices are pretty much the same. The Link View features an 8-inch HD screen and unlike Lenovo’s Smart Display, JBL is not making a larger 10-inch version. It’s got two 10W speakers and the usual support for Bluetooth, as well as Google’s Chromecast protocol.
JBL says the unit is splash proof (IPX4), so you can safely use to watch YouTube recipe videos in your kitchen. It also offers a 5MP front-facing camera for your video chats and a privacy switch that lets you shut off the camera and microphone.
JBL, Lenovo and LG all announced their Google Assistant smart displays at CES earlier this. Lenovo was the first to actually ship a product and both the hardware as well as Google’s software received a positive reception. There’s no word on when LG’s WK9 will hit the market.