Critical security flaws in routers could be exposing millions of broadband customers to potential hacks and attacks from cyber-criminals, according to new research from Which?.

The consumer watchdog put 13 router models from major internet service providers to the test to see whether there were any security flaws that could put people at risk.

It found that two-thirds of devices were either outdated, had weak default passwords, or contained local network vulnerabilities.

This means that approximately six million people in the UK could be using routers that would enable malicious third parties to potentially remotely hijack and access their home networks.

Which? found that the Virgin Media Super Hub 2 and Sky SR102 routers were among those to be lacking in updates, and that some models had not received a firmware or security update for five years.

There was better news for BT customers though as different variations of its Home Hub passed every security test.

Default passwords were highlighted as a major problem, and the government is already planning to implement legislation for all smart devices that forces users to pick a new one.

It also wants manufacturers to explicitly state how long they will get support in terms of security and software updates, and to generally make it easier to report vulnerabilities.

“Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to update devices that pose security risks,” Which? Computing editor Kate Bevan noted.

Which? also urged consumers to update passwords and to try to “arrange an upgrade” to a newer router model where possible.