A WARNING has been issued about the vulnerability of smart home devices after a child's toy, an internet router and CCTV cameras were all hacked into.

Virgin Media is encouraging users to change their passwords after an investigation showed the internet hub is easy to hack.

An investigation by Which? found that the Virgin Media Super Hub 2 router is set up with a simple password that many people don’t change and SureCloud was able to gain access to it in just a few days.

In light of Which?’s investigation, Virgin is advising more than 800,000 customers in possession of the affected hubs to change their password immediately.

A spokesman said: "The security of our network and of our customers is of paramount importance to us.

"We continually upgrade our systems and equipment to ensure that we meet all current industry standards.

"We regularly support our customers through advice and updates and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions."

The investigation, which invovled a team of ethical security researchers, SureCloud, hacking into a house set up with smart gadgets, also found that some wireless cameras are easy to hack.

A home CCTV camera system, branded Fredi Megapix, operates over the internet using a default administrator account without a password.

This is a real privacy concern and Which? found thousands of similar cameras available for anyone to watch the live feed over the internet.

Worse still, the hacker can even pan and tilt the cameras to monitor activity in the house.

CloudPets is a stuffed toy that enables family and friends to send messages to a child via Bluetooth.

Building on a recently published flaw, SureCloud hacked the toy and made it play its own voice messages.

Some of the devices proved harder than others to infiltrate (such as the Amazon Echo, although people should be aware that voice purchasing is activated by default) but eight out of 15 appliances were found to have at least one security flaw.

Despite the popularity of these products and the benefits they bring, Which? believes that wider action is needed to close security loopholes so that the maximum benefits to consumers are realised.

Alex Neill, Which? managing director of home products and services, said: “There is no denying the huge benefits that smart-home gadgets and devices bring to our daily lives.

"However, as our investigation clearly shows, consumers should be aware that some of these appliances are vulnerable and offer little or no security.

“There are a number of steps people can take to better protect their home, but hackers are growing increasingly more sophisticated.

"Manufacturers need to ensure that any smart product sold is secure by design.”

Which? advice:

  • Set strong passwords: Many smart devices come with generic default passwords that are easy for hackers to guess. Set a strong and unique password, ideally with a jumbled mix of letters, numbers and special characters.
     
  • Update your software: Keeping software or firmware updated means that the latest security is installed on the device.
     
  • Complete the set-up: All smart devices should be connected to a secure wi-fi network. This is because many use their own wi-fi during the set-up process which, if left unsecured, is an easy target for attackers located within range of the device.
     
  • Location, location: Be mindful of where devices are located in the home. Those close to windows or behind thin doors can be more easily accessed from outside.