- Security researchers have found a chain of exploits that allows the bootloader of the Chromecast with Google TV (HD) to be unlocked.
- Worryingly, this exploit chain allows the device to report a “secure” state to Android, meaning that potentially infected devices will not be recognized by the standard Android security mechanisms.
- Google has patched these exploits in the latest December 2023 update to Chromecast.
The Google Chromecast with Google TV is one of the better Android TV streaming boxes you can buy. Google sells two versions of the device: 4K and HD, and depending on your budget and needs, either is a good option for casting and mirroring. In the past, a bootloader unlock exploit was found for the 4K version that allowed users to run custom ROMs like LineageOS. Now, a chain of exploits allows the HD version’s bootloader to be unlocked, opening the door to custom ROMs. What makes this even more interesting is that the exploits can possibly be applied to the 4K Chromecast with Google TV, all current Google Nest devices, and other smart speakers with an Amlogic SoC.
This new chain of exploits has been found by security researchers Nolen Johnson, Jan Altensen, and Ray Volpe. You can read the technical details of the exploit chain on DirectDefense’s blog. But to sum it up broadly, three major exploits are chained together to provide bootloader-level code execution on the Chromecast with Google TV (HD) while reporting the device as “secure” from all internal checks.