A survey of 15 devices by the consumer group Which? found that eight were vulnerable to hacking via the internet, wi-fi or Bluetooth connections. Picture: Pixababy

From devices that order our groceries to smart toys that speak to our children, high-tech home gadgets are no longer the stuff of science fiction.

But even as they transform our lives, they put families at risk from criminal hackers taking advantage of security flaws to gain virtual access to homes, a report warns.

A survey of 15 devices by the consumer group Which? found that eight were vulnerable to hacking via the internet, wi-fi or Bluetooth connections.

It comes as manufacturers routinely install technology into new household products that allows them to connect to the "internet of things", an umbrella term for devices that can go online.

This lets them work with smartphones and "home hubs" such as Amazon’s Echo and its virtual assistant Alexa, as well as the Google Home device.

For a report called The Hackable Home, Which? set up a home with a host of gadgets and hired a team of ethical security researchers, SureCloud, to hack it.

One of its most disturbing discoveries involved CloudPets smart toys such as cats, unicorns and bears that play back messages sent to a child from family and friends.

Which? said: "Building on a recently published flaw, SureCloud hacked the toy and made it play its own voice messages. Scarily, anyone could use the same method to speak to children from outside in the street."

The team then used the toy pets to send commands to the Amazon Echo home hub, using its "voice purchasing" system to order cat food from the online retailer.

Which? also found a flaw in home CCTV camera systems, increasingly popular with families who use to them to keep an eye on their property when they are out. The consumer group’s researchers found the Fredi Megapix system operates over the internet using a default administrator account without a password.

It said: "This a real privacy concern and we found thousands of similar cameras available for anyone to watch the live feed over the internet. Worse still, the hacker can even pan and tilt the cameras to monitor activity in the house."

The Which? team also found it was easy to crack the password on the Virgin Media Super Hub 2 router, letting it on to the Wi-Fi network.

The consumer group said: "After SureCloud gained access to our Wi-Fi network, it could easily control any devices that didn’t require a password."

Alex Neill, of Which?, said: "There is no denying the huge benefits that smart home gadgets and devices bring to our lives. However, consumers should be aware that some of these appliances are vulnerable and offer little or no security.

"There are a number of steps that people can take to better protect their home, but hackers are growing increasingly more sophisticated.

"Manufacturers need to ensure that any smart product sold is secure by design."