We’re happy to announce that fail0verflow, GTVHacker, and Team-Eureka have jointly discovered and exploited a new vulnerability in the Chromecast which allows root access on the current software build (17977) as well as new in box devices (proof). This is not a purely software-based exploit; to take advantage of it, you’ll need to have a Teensy++ 2.0 or a Teensy 2.0 development board as well as the powered USB OTG cable required to use FlashCast.
Although we’re not quite ready to release an exploit package yet, we’re giving you this information early so that you can acquire the needed hardware ahead of time, as we predict you won’t have much time to root your device before Google releases a patch. When we release the exploit package in the near future, we’ll post updates both to this board and to our Twitter feeds (below). Until then, we suggest that you let your device update to build 16664 or above and then disconnect it from the internet to prevent further updates.
Exploit Demo: https://www.youtube.com/watch?v=S2K72qNv1_Q\