Wowee Chip, a robot dog, also sported the same Bluetooth vulnerability, but the researchers were not able to use it to speak to a child, though they were able to remotely control it.
Furby Connect, the i-Que robot, Cloudpets and Toy-fi Teddy.
The I-Que Intelligent Robot, has previously featured on Hamleys top toys Christmas list and is available from Argos and Hamleys.
Tests carried out by Which? with the German consumer group Stiftung Warentest, and other security research experts, found flaws in Bluetooth and Wi-fi-enabled toys that could enable a stranger to talk to a child. The toy is made by Genesis, which also manufactures the My Friend Cayla doll, recently banned in Germany owing to security and hacking concerns.
Which? found there was no authentication required between the toys and the devices they could link with via Bluetooth and Wi-Fi. Which? found the Bluetooth connection lacked any authentication protections, meaning hackers could send voice messages to a child and receive answers.
Alex Neill, managing director of home products at Which?, said: "You wouldn't let a young child play with a smartphone unsupervised and our investigation shows parents need to apply the same level of caution if considering giving a child a connect toy".
'Safety and security should be the absolute priority with any toy.
Which? has called for all connected toys with known privacy or security issues to be taken off sale before parents begin their Christmas shopping.
Labour MP Emma Dent Coad labelled black Tory a 'token ghetto boy'
The 2010 blog by Ms Dent Coad, who was elected MP for Kensington in June, surfaced again yesterday on the Guido Fawkes website. The MP said she had been repeating what other people had said and her comments were taken "the wrong way".
I-Que maker Vivid Imagination said there had been "no reports of these products being used in a malicious way" but added that it would review Which?'s recommendations.
Furby manufacturer Hasbro told Which? that it takes the report "very seriously", although it claimed that the discovered exploits would require someone to re-configure the device's firmware, something that would take expert knowledge.
It said: 'While the researchers at Which? identified ways to manipulate the Furby Connect toy, we believe that doing so would require close proximity to the toy.
"A tremendous amount of engineering would be required to reverse-engineer the product as well as to create new firmware", it said.
Hasbro said: "We feel confident in the way we have designed both the toy and the app to deliver a secure play experience". "While it may be technically possible for a third party (someone other than the intended user) to connect to the toys, it requires certain sequence of events to happen in order to pair a Bluetooth device to the toy, all of which make it hard for the third party to remotely connect to the toy".
Cloud Pets & Toy Fi - Spiral Toys declined to comment.
It said: 'The circumstances in which these investigations have taken place rely on a ideal set of circumstances and manipulation of the toys and the software, that make the outcome highly unlikely in reality'.
- S&P says Venezuela has defaulted on its debt
- PM visits Mahaveer Foundation that provides 'Jaipur Foot' to amputees
- Cristiano Ronaldo reportedly plans to leave Real Madrid
- The Gaslamp Killer I Never Drugged and Raped You!!! Sues His Accusers
- Le trafic est très perturbé mardi en raison d'une panne électrique
- Plus de 66.000 vieux téléphones bientôt inutilisables — Orange
- Potential Fourth Victim of Tampa Serial Killer Found, Police Say
- Hundreds of puppies illegally smuggled into United Kingdom to cope with Christmas demand
- LREM en crise : 100 "frondeurs" annoncent leur départ du mouvement
- Nouvelles règles dans "The Voice"