NEW YORK (CBSNewYork) — Some of this holiday season’s smart toys that can listen and talk to children are vulnerable to hackers who can take over such devices’ electronics, researchers are warning parents.

According to Pen Test Partners, the “Teksta Toucan Electronic Toy” is the latest device they have found which can have its microphone and speaker connect to a Bluetooth audio device such as a phone or laptop computer.

READ MORE: Police Investigating Second French Bulldog Theft Theft On Long Island In Handful Of Days

While the firm’s demonstration was lighthearted — making the bird-like toy say profanity instead its pre-programmed words — the researchers stressed a greater concern of hackers using the toy to listen in on rooms where the toy is located.

Previously Pen Test was critical of “My Friend Cayla,” a doll which connected to the Internet to answer children’s questions. The company posted code on their website showing how easily the toy’s related mobile app could be changed from simply responses to anything a hacker wanted to make the toy speak aloud.

READ MORE: New York State Trooper Injured After Being Struck By Vehicle On RFK Bridge

Earlier this year a consumer watchdog group in Germany successfully moved to remove “Cayla” dolls from the market there, stating “any toy capable of transmitting signals and surreptitiously recording audio or video without detection is unlawful.”

“My Friend Cayla” and “i-Que,” a connected robot toy previously released, “fail miserably when it comes to safeguarding basic consumer rights, security, and privacy,” said the BEUC, the European Consumer Organization.

For countries where these toys are still being sold, Pen Test urged parents to avoid bringing them home, or at least use them under close parental supervision and switch them off when not being played with.

MORE NEWS: Police: 2 Women Killed In Single-Car Crash In North New Hyde Park

Both “Calya” and “i-Que” are manufactured by Genesis Toys, a company which received complaint in 2016 about such smart toys potentially violating the Children’s Online Privacy Act in the United States.