Home computer users who leave default passwords on network hardware unchanged could be at risk from attack say security experts. Researchers created an attack that surreptitiously redirects a user to nefarious sites once they have visited a booby-trapped webpage.

The attack works by re-writing the address book in network hardware to point victims to the scam sites. About 50% of users leave default passwords unchanged, suggests research.

The theoretical attack was explored in a paper written by researchers from the University of Indiana and security firm Symantec.