The Nexx garage door vulnerability gives hackers control
Connected garage door openers are a quick and easy way to make a smart addition to the main part of your home, but like any other piece of smart home gear, hackers can spoil the fun. This week, a vulnerability with smart garage doors from Nexx was revealed, showing that hackers can remotely control your garage door.
According to Sam Sabetan, an independent security researcher, vulnerabilities in Nexx garage door openers, alarms, and smart plugs leave the door open to malicious outsiders. This allows those third parties to connect to the products and turn them on or off, which, in the case of a garage door opener, opens or closes the door.
Vulnerability allows these products to be controlled completely remotely, from anywhere in the world, as Sabetan tells. Mother’s board.
The implications of that kind of vulnerability should be obvious, and third parties can control and, if they are around, can access your garage. With alarms, this can also leave homes at increased risk. For garage door controllers, devices can be identified using an email address, deviceIdor first and last name.
Sabetan demonstrates this in action with a proof-of-concept video, where he can control his device, along with more than 500 others.
In a blog post, Sabetan confirmed the timeline for the acquisition, with Nexx first announced in January of this year. The company has been contacted numerous times about the vulnerability, including by CISA and Pinand has never acknowledged any attempted points of contact, leading to today’s public disclosure. Nexx seems to be ignoring all communications from customers about this vulnerability, as when Sabetan reached out about its product for general support, the company responded.
Update 4/7: In an email sent to customers, Nexx is pushing a software update to affected devices to “improve security and performance.” The company does not specifically address the vulnerability, only saying that it will disable the device’s internet connection until an update is released (which appears to be a gross oversimplification of what is actually happening). The email is partially readable.
We will apply a system update to the following product devices to improve their security and performance: Nexx Garage (all models), Nexx Gate (all models), and Nexx Plug. It will be done in outgoing batches starting today with the last batch expected on Monday, 04/10/2023, if not earlier. Your device should come back online once the update has been rolled out to it.
At Nexx, security is very important, and when it comes to our awareness that there may be a security vulnerability on your device, even if it hasn’t happened, we take it seriously. We had to disable the device’s internet connection to address this issue, and we apologize for the inconvenience.
9 on 5 Google reviewed one of the Nexx garage shutters in 2021 as part of our Google Home Essentials series. Given the severity of the risk at play and the lack of communication from Nexx, we will withdraw that recommendation and update our original post accordingly.
More on Smart Home:
FTC: We use auto affiliate links to earn income. More.
