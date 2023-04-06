Share the joy

Hackers Can Remotely Open Nexx Garage Door

Image

Do you have a Nexx smart garage opener installed in your garage? Someone could just remotely open it. Thanks to a series of security flaws in this brand.

The flaws pose a serious risk to Nexx users. This brand offers Wi-Fi-enabled garage door opener controllers. Sam Sabetan, the security researcher, who discovered the issue states that the company has not responded to attempts to report the flaws for months.

Nexx sells a lot of products that can work with the items you already own in your house. Its garage product can connect to your existing garage door opener. This will give you a way to activate it remotely through an app.

The functionalities of the product will no longer let you worry whether or not you left your garage door open. With the product, you can get the peace of mind that you need for your mental health. That is at least the campaign of Nexx.

Proof

The researcher made proof of the hack. First, he shows how to open his own garage door using the app. Then, he logged into a tool to view any messages sent by the device. He closed the door with the app and captures the data the device sent to Nexx’s server during the process.

The problem is that he did not just receive details about his own device. Rather, he also received messages from other devices that he does not own. He could see the device ID, email address, and name associated with the device.

He replayed the command back to the garage using the software, instead of the app. He could open the door. Although he only tested it on his own door, he could have chosen to open the doors for any customer.

This is a real security threat for customers of this product. When a hacker knows the technique, he/she could just open Nexx doors and expose their contents to thieves. If they have pets in their garage, they could escape.

Customers might have no idea why it is happening to their doors.

Sabetan has tried to contact the company about the flaws. But no word from the company. He also said that the CISA had attempted to contact it but to no avail.

“Nexx has not replied to any correspondence from myself, DHS (CISA and US-CERT) or VICE Media Group. I have independently verified Nexx has purposefully ignored all our attempts to assist with remediation and has let these critical flaws continue to affect their customers.”

Even CISA has published its own advisory.

The company has not fixed the vulnerabilities that have been around for months. In that case, hackers could just use them to perform heinous crimes.

A smart garage door opener can be beneficial. It is convenient because you can open and close it from anywhere you are using your smartphone. You can control it without having to be physically there. It makes it easier to enter and exit your home.

Unfortunately, it has some flaws. It is prone to hacking. If Nexx will not do anything about it, customers will be greatly impacted.

Share this: Reddit

Email

Facebook

Tumblr

Pinterest

Skype

Twitter

LinkedIn

