First, the group found that Nest thermostats were leaking customer zip codes over the internet out in the open. In other words, general user location information and the coordinates of the company's weather stations were not being locked down whatsoever. Thankfully, Nest quickly patched the flaw when CITP notified them of the issue. Of course, the thermostats also recently hit a software snag that sent them offline for a number of customers.

The group also discovered that the Sharx security camera beamed footage over an unencrypted FTP, making it accessible to any prying eyes. What's more, all traffic to the PixStar digital photo frame was unencrypted, so all of a user's activity with the device was there for the taking. On the whole, CITP researchers say that "many devices" don't encrypt "at least some" of the details that they transmit over the internet, but encryption may not be enough. The group explains that even if the info being beamed back and forth is locked down, there still may be a way for hackers to tell if one of the gadgets is in your home.

[Image credit: Ann Hermes/The Christian Science Monitor via Getty Images]