a series of vulnerabilities in its Super Hub 3.0 home broadband router modem , after they were reportedVulnerability-related.DiscoverVulnerabilitymore than 18 months ago . Balazs Bucsay , managing security consultant at NCC Group , says that after receiving one of the devices as a home customer and examining it for a few hours , he was quickly able to findVulnerability-related.DiscoverVulnerabilitya remote command execution bug . He uncovered many others during the following days . Eventually , he says , he was able to create a full chain of exploits that made it possible to perform a remote authentication as an administrator on the router . This could potentially allow a hacker to take control of millions of these devices , installing backdoors in a way that would be extremely hard to find and investigate . “ After hacking into my own Super Hub 3.0 , I was able to findVulnerability-related.DiscoverVulnerabilitymultiple security flaws within the router ’ s firmware and combine these to create an exploit that could have been hidden within webpages and sent to other unsuspecting owners via scam emails or other methods , ” Bucsay tells The Daily Swig . “ If customers had opened the webpages and activated the exploit , hackers could have gained unauthorized access to their modems and other devices on the victim ’ s home network , enabling them to spy on online activity and even execute their own commands on the devices. ” Bucsay reportedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities to Virgin Media in March 2017 , but says they weren't fixedVulnerability-related.PatchVulnerabilityuntil the end of July this year . “ The proposed roll-out date was postponed many times , ” he says . However , a Virgin Media spokeswoman defended the company ’ s actions . “ The online security of our customers is a top priority for Virgin Media and the issues describedVulnerability-related.DiscoverVulnerabilityby NCC have been fixedVulnerability-related.PatchVulnerability, ” she told The Daily Swig . “ We have seen no evidence that these advanced technical exploits , carried out by NCC as a proof of concept , were used maliciously to impact customers. ” With the patch rolled outVulnerability-related.PatchVulnerabilityin August , Super Hub 3.0 users don ’ t need to do anything extra to protect themselves . “ However , this research should remind consumers that no connected device is inherently secure , and that they should consider additional security measures around their home network , such as using password managers and different passwords for each device and service , ” Bucsay warns . He also urged internet service providers to be more proactive in checking the security of any third-party devices they use .