The consumer body, whose resident hackers found they could easily send text and audio messages through the toys, notes that while Bluetooth is typically limited to a distance of 10 metres, the range could be extended and picked up by hackers further away.
This generation of so-called "smart" toys often have Bluetooth or wi-fi built into them, so a crazed lunatic could hack the toys and get them, for example, to speak directly to a child.
It said tests had revealed "worrying security failures" with the Furby Connect, I-Que Intelligent Robot and other toys sold on high streets and online.
In each case, the Bluetooth connection had not been secured, meaning that person didn't need a password, pin code or any other authentication to gain access.
Toy-fi Teddy allows a child to send and receive personal recorded messages over Bluetooth via a smartphone or tablet app. It was found that hackers could send their own voice messages to the toy, and receive the replies from the child.
"These toys, especially dolls, may give the appearance of having a personality and human-like quality that appeals to children".
The DPC said any interactions a child might have with these kinds of toys are a potentially sensitive matter.
Bank of England reveals deadline day for swapping old £10 notes
As of October this year, 55% of the £10 notes in circulation were made from polymer, while 359 million were paper. Old pound coins can no longer be spent, but can be donated to charity or deposited into customer bank accounts.
The talking robot uses Bluetooth to pair with a phone or tablet through an app. It advised that people read the packaging and manuals that come with toys to see how these sensors work and what you can do to control them.
"Connected toys are becoming increasingly popular, but as our investigation shows, anyone considering buying one should apply a level of caution".
"The connected toys distributed by Vivid fully comply with essential requirements of the Toy Safety Directive and harmonised European standards, and (we) consider these products to be safe for consumers to use when following the user instructions", the firm said in a statement, adding that it would take the firm's recommendation about adding Bluetooth authentication to Genesis Toys.
'Safety and security should be the absolute priority with any toy. "If that can't be guaranteed, then the products should not be sold".
"While it may be technically possible for a third party to connect to the toys, it requires a certain sequence of events to happen in order to pair a Bluetooth device to the toy, all of which make it hard for the third party to remotely connect to the toy".
IT Pro has asked for comment from Spiral Toys, which makes the Toy-fi Teddy, and CloudPets, but the companies have yet to issue a comment on Which?'s report.
- AWS sells local Chinese infrastructure to local partner Sinnet
- China is now the supercomputer capital of the world
- OnePlus Security Troubles Mount As Root Access Backdoor Discovered In Preinstalled App
- Focus on women and diabetes
- 4th slaying in Tampa could be linked to serial killer
- Not having meat reduces risk of heart disease by half, says study
- Jimmy Fallon breaks down while paying emotional tribute to his late mother
- White Florida Transgender Native Also Transracial, Identifies As Filipino
- Cristiano Ronaldo Reportedly Rejects Real Madrid Contract, Asks for Transfer
- Commissioner says Conor McGregor off UFC 219 card after 3 Arena incident