As Chromecast Outage Drags On, Fix Could Be Days To Weeks Away
The Chromecast outage that began on March 9 has left millions of users without access to their streaming devices, with no clear end in sight for the fix. The issue is attributed to an expired device authentication certificate authority that made older Chromecast and Chromecast Audio devices untrusted by Google's apps.
While unofficial apps like VLC continue to function, Google's official solution requires either updating client apps to bypass the issue or replacing the expired certificates. This process is expected to take weeks, according to Tom Hebb, a former Meta software engineer and Chromecast hacker who has published a detailed analysis of the issue.
"The fix is not simple," Hebb said in an interview. "It's either going to involve a bit of a hack with updated client apps to accept or workaround the situation, or somehow someone will need to replace all the key pairs shipped with the devices with ones that use a new valid certificate authority."
Getting the new keys onto devices is expected to be a challenge, as some have been factory reset and cannot be initialized by a Google application due to the untrusted certificate. This means that client software needs to be updated anyway, adding to the complexity of the issue.
Hebb estimates that the fix could take over a month to prepare and points out that the product family has been discontinued, requiring teams from different departments to come together to address the problem. "Google will either need to put in over a month of effort to build and test a new Chromecast update to renew the expired certificates, or they will have to coordinate internally between what's left of the Chromecast team, the Android team, the Chrome team, the Google Home team, and iOS app developers to push out new releases," he explained.
"I expect them to do the latter. A server-side fix is not possible," Hebb added. So either a week or so to rush out app-side updates to tackle the problem, or much longer to fix the problem with replaced certs.
Pollish security researcher Maciej Mensfeld also believes that the outage is most likely due to an expired device authentication certificate authority. He has proposed a workaround that has helped some users, at least.
What's Next for Chromecast Users?
The Chromecast Ultra and Google Home are expected to run out of their current certificates in March next year, and the Google Home Mini is set to expire its certificate in January 2027. This raises concerns about impending "certificate authority expiry pain" for users.
"We're seeing this issue playing out before our eyes," Hebb warned. "It's a classic case of 'we didn't anticipate this scenario'. It will be interesting to see how Google responds and whether they can get the fix out in time."