It looks like a very common exploit was found within the Chromecast that can be used to take over the stream, displaying anything the person wants. It’s actually pretty funny, as long as it isn’t happening to you. Security analyst Dan Petro built the device and has called it the Rickmote.
This device, based on a Raspberry Pi, send a “deauth” command that kicks the Chromecast off of your network and into setup mode. Then it connects the Chromecast to its own WiFi network and streams the selected media, in this case a Rick Roll on repeat. And you can’t do anything about it, as it’s no longer on your WiFi.
It may be an exploit, but it’s an exploit Google is unlikely to fix. The easy setup process is part of what makes the Chromecast so appealing to people, and adding complicated security measures would degrade the user experience. Google could add a passcode-type security measure, like a Bluetooth PIN, but we’ll have to see if that will happen. Until then, fear the Rickroll.