Some of the coolest gifts on the shelves this year have security flaws that leave themand could put children at risk.
Consumer safety group Which? researched connected toys for 12 months, and found vulnerabilities in the Furby Connect, I-Que Intelligent Robot, CloudPets and Toy-fi Teddy. It found that these toys use unsecured Bluetooth connections and it would be "too easy" for someone to .
"That person would need hardly any technical know-how to 'hack' your child's toy," the report warned.
Which? noted that Bluetooth range is usually limited to about 10 metres, so the main concern would be people nearby with malicious intent. However, it wouldn't be impossible to extend Bluetooth range.
As more toys add Wi-Fi and Bluetooth connections to pack in new skills and features, regulators have kept a wary eye on them for.
Earlier this year, German regulators removed the My Friend Cayla smart doll from the market after classifying it as an "espionage device." And CloudPets was criticized for leaving account information and voice recordings exposed online.
Hasbro, creators of the Furby Connect, says it takes the report seriously and that children's privacy a top priority for the company.
"While the researchers at Which? identified ways to manipulate the Furby Connect toy, we believe that doing so would require close proximity to the toy, and that there are a number of very specific conditions that would all need to be satisfied in order to achieve the result described by the researchers at Which?, including reengineering the Furby Connect toy, creating new firmware and then updating the firmware, which requires being within Bluetooth range while the Furby Connet toy is in a 'woke' state," said senior vice president of global communications Julie Duffy. "A tremendous amount of engineering would be required to reverse engineer the product as well as to create new firmware."
CNET also contacted Spiral Toys, which makes CloudPets and Toy-fi Teddy), and Genesis Toys, which makes the I-Que Robot. They did not immediately respond to a request for comment.
You can see the results of the study in the video from Which?, below:
This article originally appeared on CNET.