The Chromecast is a digital media player first released by Google in 2013, which is supposed to allow users to access Internet-streamed content on their television through their computer via a simple dongle system.
However, hackers have taken advantage of one known weakness of the system in routers that have Universal Plug and Play (UPnP) enabled, which exposes devices on a network to the broader web, as well as a flaw in Chromecast's design, in order to hack devices and play videos without the owner's consent.
The bug, according to TechCrunch, allows anyone able to access the device to "hijack the media stream and display whatever they want" without authentication, and has reportedly been known for years after it was discovered by security researchers.
TechCrunch reports security consultancy firm Bishop Fox reported the bug in 2014 just after the Chromecast was first released.
The researchers found they could disconnect the Chromecast from the Wi-Fi network it was connected to, which then lets anyone decide where to connect the device and what to stream from it.
In order to avoid exposing Chromecast to hackers, users are being advised to disable UPnP on their router, as this will stop devices from being broadcast to wider networks.