Around 800,000 Virgin Media customers in the UK have been urged to change their passwords to help protect themselves against hackers.
The consumer group Which? carried out an investigation which found a vulnerability that hackers could potentially exploit, with eight out of 15 devices having security flaws.
Security researchers were able to gain access to Virgin Media’s Super Hub 2 router, due to insecure default passwords being used. These passwords only consisted of eight lower-case letters, which the security researchers were able to hack, giving them access to some customers’ smart devices, such as domestic CCTV cameras and children’s toys. The hackers were able to watch live pictures and even move cameras around in some instances.
Virgin Media said that other routers of the same age also experienced the issue, rather than it being exclusive to its model.
While the company considers the risk to be small, and there is no indication that any routers have already been compromised, the company is still strongly urging its customers update their passwords, especially anyone who is still using the default network and router passwords.
“The security of our network and of our customers is of paramount importance to us,” said a Virgin Media spokesperson.
“We continually upgrade our systems and equipment to ensure that we meet all current industry standards. We regularly support our customers through advice and updates and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions.”
Alex Neill, managing director of home products and services at Which?, said: “There is no denying the huge benefits that smart home gadgets and devices bring to our daily lives. However, as our investigation clearly shows, consumers should be aware that some of these appliances are vulnerable and offer little or no security.
“There are a number of steps people can take to better protect their home, but hackers are growing increasingly more sophisticated. Manufacturers need to ensure that any smart product sold is secure by design.”