Virgin Media is advising all customers with a Super Hub 2 router to change their password immediately after an investigation found hackers could gain access to it.
Virgin Media advised them to change both their network and router passwords if they were still set as the default shown on the attached sticker.
The advice comes after a Which? consumer magazine investigation found that hackers could access to home networks and connected appliances in as little as four days.
Ethical security researchers SureCloud gained access to the Super Hub 2, although Virgin Media said the issue existed with other routers of the same age, not just their model, but is giving all customers the option to upgrade to a Hub 3.0 which contains additional security provisions.
The Which? study tested whether popular smart gadgets and appliances, including wireless cameras, a smart padlock and a children’s Bluetooth toy, could stand up to a possible hack.
Some of the devices proved harder than others to infiltrate, such as the Amazon Echo, but eight out of 15 appliances were found to have at least one security flaw.
The test found that the Fredi Megapix home CCTV camera system operated over the internet using a default administrator account without a password, and Which? found thousands of similar cameras available for anyone to watch the live feed over the internet.
The watchdog said that a hacker could even pan and tilt the cameras to monitor activity in the house.
SureCloud hacked the CloudPets stuffed toy, which allows family and friends to send messages to a child via Bluetooth and made it play its own voice messages.
Which? said it contacted the manufacturers of eight affected products to alert them to flaws as part of the investigation, with the majority updating their software and security.
It did not receive a response from the manufacturers of either Fredi Megapix or CloudPets.
The Which? consumer group said the industry needed to take the security of internet-enabled and smart products seriously by addressing the basics – such as ensuring devices required a unique password before use, using two-factor authentication, and issuing regular security updates for software.