Nearly 1m customers of Virgin Media have been warned to change the passwords on their smart hubs after an investigation found one of its models was vulnerable to hacking.
The study, by Which? found hackers were able to gain access to the Virgin Media Super Hub 2 "within a few days", because the hub was set up with a simple password that most users don't change.
The Super Hub 2 is described as the "gateway to all connected devices within the home", bringing together gadgets including wireless routers, smart TVs and other gadgets.
Virgin Media said 800,000 of its customers use the hubs, and advised them to change their password "immediately".
The Smart Hub 2 wasn't the only Internet of Things device criticised by the investigation.
Which? also highlighted failings in products including a home CCTV system called Fredi Megapix which operates over the internet using a default administrator account without a password, which its tame hackers managed to pan and tilt to monitor activity in the house, and a Cloudpets stuffed toy which enables family, friends and hackers send voice messages to a child via Bluetooth.
The company said more action was needed to close security loopholes in internet-enabled smart products by ensuring the devices used unique passwords and two-factor authentication.
“There is no denying the huge benefits that smart-home gadgets and devices bring to our daily lives. However, as our investigation clearly shows, consumers should be aware that some of these appliances are vulnerable and offer little or no security," said Alex Neill, managing director of home products and services at Which?.
Read more: What is the Internet of Things?