0

I'm working on a Chromecast custom receiver that shows private information on the TV. After building a prototype, we realized the client (web, phone, whatever) could connect to a rogue device acting as a Chromecast and intercept anything intended to be sent to our receiver. Is there a way to mitigate this kind of attack? Is there anything built into the platform we can use to get a secure connection between the client and the Chromecast?

psayre23
  • 2,766
  • 2
  • 16
  • 10

1 Answers1

1

First, the connection is secure (as long as it is done by Cast SDK) and secondly, cast SDK checks and validates that it is talking to a genuine Cast device.

Ali Naddaf
  • 16,951
  • 2
  • 21
  • 28
  • Is there any documentation of that? I've assumed that to be the case, but I don't have any proof to show my team. – psayre23 Mar 28 '16 at 17:44
  • You can look at the traffic on the network to verify that the communication is secure. As for the validation of the target device, there is no public documentation to that effect that I know of. – Ali Naddaf Mar 28 '16 at 17:50