Ethical hacking group GNUCitizen.org has warned that the default settings on one of the UK's most widely used wireless routers is leaving customers open to attack.

The group showed in a blog posting that the BT Home Hub, the wireless router supplied to BT Broadband customers, uses algorithms that make the device easy to crack when in default mode.

Using reverse-engineering techniques the group said that the hub's Wired Equivalent Privacy (WEP) keys can be predicted in just 80 guesses, but had decided against making its automated guessing program publicly available.

GNUCitizen's findings appear to confirm long-term concerns about the security of the WEP encryption protocol.

"It is quite likely that the bad guys can break into your network if you are using the default encryption key. Our advice is to use WPA rather than WEP and change the default encryption key now," GNUCitizen said.

Responding to the criticisms, BT denied that real-life users of the device were in any serious danger of hack attacks.

"It is important to realise that, although it has been possible to demonstrate a scenario where the hub may be vulnerable, we do not believe it is something that should affect the majority of BT customers in real life," the company said in a statement.

BT, which has published details on how to more effectively secure the router, said that other operators supplying the Thomson-manufactured device were also affected by the issue.