Wowee Chip, a robot dog, also sported the same Bluetooth vulnerability, but the researchers were not able to use it to speak to a child, though they were able to remotely control it.
Furby Connect, the i-Que robot, Cloudpets and Toy-fi Teddy.
The I-Que Intelligent Robot, has previously featured on Hamleys top toys Christmas list and is available from Argos and Hamleys.
Tests carried out by Which? with the German consumer group Stiftung Warentest, and other security research experts, found flaws in Bluetooth and Wi-fi-enabled toys that could enable a stranger to talk to a child. The toy is made by Genesis, which also manufactures the My Friend Cayla doll, recently banned in Germany owing to security and hacking concerns.
Which? found there was no authentication required between the toys and the devices they could link with via Bluetooth and Wi-Fi. Which? found the Bluetooth connection lacked any authentication protections, meaning hackers could send voice messages to a child and receive answers.
Alex Neill, managing director of home products at Which?, said: "You wouldn't let a young child play with a smartphone unsupervised and our investigation shows parents need to apply the same level of caution if considering giving a child a connect toy".
'Safety and security should be the absolute priority with any toy.
Which? has called for all connected toys with known privacy or security issues to be taken off sale before parents begin their Christmas shopping.
Tsonga et Pouille pour la finale — Coupe Davis
Néanmoins, le capitaine de l'équipe de France a précisé que " l'équipe définitive, je la prendrai le plus tard possible, le stage sera important ". "Il y a eu pas mal d'émulation ces dernières semaines avec des joueurs qui ont bien bossé parce qu'ils avaient à cœur de jouer cette finale".
I-Que maker Vivid Imagination said there had been "no reports of these products being used in a malicious way" but added that it would review Which?'s recommendations.
Furby manufacturer Hasbro told Which? that it takes the report "very seriously", although it claimed that the discovered exploits would require someone to re-configure the device's firmware, something that would take expert knowledge.
It said: 'While the researchers at Which? identified ways to manipulate the Furby Connect toy, we believe that doing so would require close proximity to the toy.
"A tremendous amount of engineering would be required to reverse-engineer the product as well as to create new firmware", it said.
Hasbro said: "We feel confident in the way we have designed both the toy and the app to deliver a secure play experience". "While it may be technically possible for a third party (someone other than the intended user) to connect to the toys, it requires certain sequence of events to happen in order to pair a Bluetooth device to the toy, all of which make it hard for the third party to remotely connect to the toy".
Cloud Pets & Toy Fi - Spiral Toys declined to comment.
It said: 'The circumstances in which these investigations have taken place rely on a ideal set of circumstances and manipulation of the toys and the software, that make the outcome highly unlikely in reality'.
- The Gaslamp Killer I Never Drugged and Raped You!!! Sues His Accusers
- Potential Fourth Victim of Tampa Serial Killer Found, Police Say
- S&P says Venezuela has defaulted on its debt
- Spider-Man : Morbius le Vampire bientôt à l'écran
- Cristiano Ronaldo reportedly plans to leave Real Madrid
- Plus de 66.000 vieux téléphones bientôt inutilisables — Orange
- Syrie: 53 morts dans dans des raids aériens
- LREM en crise : 100 "frondeurs" annoncent leur départ du mouvement
- Shakira contrainte d'annuler son concert jeudi à l'Arena de Montpellier
- La liste noire des spécialités à éviter — Médicaments sans ordonnance