{"id":12652,"date":"2023-04-07T12:37:00","date_gmt":"2023-04-07T19:37:00","guid":{"rendered":"https:\/\/www.runwayritz.com\/index.php\/2023\/04\/07\/the-nexx-garage-door-vulnerability-gives-hackers-control\/"},"modified":"2026-04-12T23:26:49","modified_gmt":"2026-04-13T06:26:49","slug":"the-nexx-garage-door-vulnerability-gives-hackers-control","status":"publish","type":"post","link":"https:\/\/www.runwayritz.com\/index.php\/2023\/04\/07\/the-nexx-garage-door-vulnerability-gives-hackers-control\/","title":{"rendered":"The Nexx garage door vulnerability gives hackers control"},"content":{"rendered":"<p><br \/>\n<\/p>\n<div>\n<figure class=\"img-border featured-image wp-block-image--obfuscated\">\n<\/figure>\n<p>Connected garage door openers are a quick and easy way to make a smart addition to the main part of your home, but like any other piece of smart home gear, hackers can spoil the fun. This week, a vulnerability with smart garage doors from Nexx was revealed, showing that hackers can remotely control your garage door.<\/p>\n<p><span id=\"more-562990\"\/><\/p>\n<p>According to Sam Sabetan, an independent security researcher, vulnerabilities in Nexx garage door openers, alarms, and smart plugs leave the door open to malicious outsiders. This allows those third parties to connect to the products and turn them on or off, which, in the case of a garage door opener, opens or closes the door.<\/p>\n<p>Vulnerability allows these products to be controlled completely remotely, from anywhere in the world, as Sabetan tells. <em>Mother&#8217;s board<\/em>.<\/p>\n<p>The implications of that kind of vulnerability should be obvious, and third parties can control and, if they are around, can access your garage. With alarms, this can also leave homes at increased risk. For garage door controllers, devices can be identified using an email address, <em>deviceId<\/em>or first and last name. <\/p>\n<p>\t<span class=\"outbrain-ad-label\">Advertisement &#8211; scroll for more content<\/span><\/p>\n<p>Sabetan demonstrates this in action with a proof-of-concept video, where he can control his device, along with more than 500 others.<\/p>\n<figure class=\"wp-block-embed alignwide is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\">\n<p><div class=\"youtube-embed\" data-video_id=\"kD1cBfv9To8\"><iframe loading=\"lazy\" title=\"NexxHome Smart Garage Vulnerability - CVE-2023-1748\" width=\"696\" height=\"392\" src=\"https:\/\/www.youtube.com\/embed\/kD1cBfv9To8?feature=oembed&#038;enablejsapi=1\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/p>\n<\/figure>\n<p>In a blog post, Sabetan confirmed the timeline for the acquisition, with Nexx first announced in January of this year. The company has been contacted numerous times about the vulnerability, including by CISA and <em>Pin<\/em>and has never acknowledged any attempted points of contact, leading to today&#8217;s public disclosure. Nexx seems to be ignoring all communications from customers about this vulnerability, as when Sabetan reached out about its product for general support, the company responded.<\/p>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<p><strong>Update 4\/7:<\/strong> In an email sent to customers, Nexx is pushing a software update to affected devices to &#8220;improve security and performance.&#8221; The company does not specifically address the vulnerability, only saying that it will disable the device&#8217;s internet connection until an update is released (which appears to be a gross oversimplification of what is actually happening). The email is partially readable.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>We will apply a system update to the following product devices to improve their security and functionality: Nexx Garage (all models), Nexx Gate (all models), and Nexx Plug. It will be done in outgoing batches starting today with the last batch expected on Monday, 04\/10\/2023, if not earlier. Your device should come back online once the update has been rolled out to it.<\/p>\n<p>At Nexx, security is very important, and when it comes to our awareness that there may be a security vulnerability on your device, even if it hasn&#8217;t happened, we take it seriously. We had to disable the device&#8217;s internet connection to address this issue, and we apologize for the inconvenience.<\/p>\n<\/blockquote>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<p><em>9 on 5 Google<\/em> reviewed one of the Nexx garage shutters in 2021 as part of our Google Home Essentials series. Given the severity of the risk at play and the lack of communication from Nexx, we will withdraw that recommendation and update our original post accordingly.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-more-on-smart-home\">More on Smart Home:<\/h2>\n<div class=\"google-preferred-source-badge\">\n<p>\t\t\t<img decoding=\"async\" class=\"google-preferred-source-badge-dark\" src=\"https:\/\/9to5google.com\/wp-content\/themes\/ninetofive\/dist\/images\/google-preferred-source-badge-dark.png\" alt=\"Add 9to5Google as a favorite source on Google\"\/><br \/>\n\t\t\t<img decoding=\"async\" class=\"google-preferred-source-badge-light\" src=\"https:\/\/9to5google.com\/wp-content\/themes\/ninetofive\/dist\/images\/google-preferred-source-badge-light.png\" alt=\"Add 9to5Google as a favorite source on Google\"\/><\/p><\/div>\n<div class=\"ad-disclaimer-container\">\n<p class=\"disclaimer-affiliate\"><em>FTC: We use auto affiliate links to earn income.<\/em> More.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-874212 size-full\" src=\"https:\/\/9to5google.com\/wp-content\/uploads\/sites\/6\/2023\/04\/NEW-AAWireless-x-9to5Google-Native-Banner.jpg?quality=82&amp;strip=all\" alt=\"\" width=\"750\" height=\"150\"\/><\/div>\n<\/p><\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>Connected garage door openers are a quick and easy way to make a smart addition to the main part of your home, but like any other piece of smart home gear, hackers can spoil the fun. This week, a vulnerability with smart garage doors from Nexx was revealed, showing that hackers can remotely control your [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":12653,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":{"0":"post-12652","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-smart-home"},"_links":{"self":[{"href":"https:\/\/www.runwayritz.com\/index.php\/wp-json\/wp\/v2\/posts\/12652","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.runwayritz.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.runwayritz.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.runwayritz.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.runwayritz.com\/index.php\/wp-json\/wp\/v2\/comments?post=12652"}],"version-history":[{"count":0,"href":"https:\/\/www.runwayritz.com\/index.php\/wp-json\/wp\/v2\/posts\/12652\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.runwayritz.com\/index.php\/wp-json\/wp\/v2\/media\/12653"}],"wp:attachment":[{"href":"https:\/\/www.runwayritz.com\/index.php\/wp-json\/wp\/v2\/media?parent=12652"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.runwayritz.com\/index.php\/wp-json\/wp\/v2\/categories?post=12652"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.runwayritz.com\/index.php\/wp-json\/wp\/v2\/tags?post=12652"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}