Key Highlights
- Security researcher discovers serious vulnerabilities in Nexx smart garage door opener controllers that allow hackers to open doors remotely, but the company has not responded to reports for months.
- Security vulnerabilities pose a significant risk to customers, highlighting the importance of companies taking cybersecurity seriously and customers taking precautions to protect their homes.
A security researcher has discovered serious security vulnerabilities in a brand of smart garage door opener controllers called Nexx that allow hackers to open the doors across the world remotely. Despite attempts to responsibly report the vulnerabilities to Nexx, the company has not responded for months, leaving its customers at risk.
Overview of The Security Vulnerabilities
The vulnerabilities were discovered by security researcher Sam Sabetan, who found that hackers can remotely open Nexx garage doors from anywhere in the world.
- Sabetan made a video proof-of-concept of the hack, showing how he captured the data the Nexx device sends to the company’s server when closing the garage door and then replayed a command back to the garage through the software to open it again.
- The discovered technique could be exploited by hackers to remotely unlock the garage doors of other Nexx users, thereby compromising the security of their garages and potentially their homes.
- This could expose the contents of garages to thieves or even allow hackers to launch a targeted attack against a specific garage that relies on Nexx’s security system.
The consequences of someone weaponizing these vulnerabilities could be wide-ranging, including the loss of pets and property damage.
Nexx’s Response
Despite repeated attempts by Sabetan and Motherboard to contact Nexx about the issues, the company has failed to reply or fix the vulnerabilities, leaving them available to hackers who may wish to abuse them.
According to Sabetan, Nexx was also contacted by the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security regarding the vulnerabilities. The company’s support email did not respond to Sabetan’s vulnerability report, but when he contacted them again, claiming he needed help with his own Nexx product, support staff replied.
Implications for Customers
The security vulnerabilities pose a serious risk to Nexx customers, who rely on the company’s smart garage door opener controllers and other products to secure their homes.
- With the vulnerabilities still available to hackers, customers’ homes remain at risk, making it important for them to take extra precautions to protect their properties.
- CISA has published its own advisory about security issues, and customers should stay up-to-date with any further developments and take appropriate action to secure their garage doors.
The security vulnerabilities discovered in Nexx smart garage door opener controllers highlight the importance of companies taking cybersecurity seriously and responding promptly to vulnerability reports from security researchers. Customers should also take precautions to protect their homes, such as regularly updating their software and ensuring their devices are password-protected.
