If you’re the owner of a Nexx smart garage door controller, smart plug, or smart alarm, take heed: Your Nexx devices could be wide open to attack from hackers.
Security researcher Sam Sabetan says (by way of Vice) he discovered several “critical vulnerabilities” in Nexx’s smart devices lineup last year that could allow hackers to open and close the garage doors of any Nexx customer who is using the company’s smart garage door controllers.
Making matters worse, the exploit could allow hackers to take charge of Nexx’s smart plugs and smart alarms as well, meaning bad actors could turn your appliances on and off or even take control of your alarms.
Sabetan says he worked on his research together with the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (or CISA), which has issued an advisory about the Nexx vulnerabilities.
The researcher said he also tried to contact Nexx about the security holes through a variety of channels, but never received a response.
We’ve reached out to Nexx for comment.
In a YouTube video, Sabatan demonstrates how he was able to view the credentials of other Nexx users, including their email addresses, device IDs, first names, and the initial of their last names using non-Nexx software.
He then plucks his own credentials from the software and uses them to open his own garage door, all without using the Nexx app.
Other vulnerabilities in Nexx’s smart device infrastructure could let hackers tamper with the schedules and timers of Nexx users, as well as turn their Nexx smart alarms on and off.
In its advisory, CISA details the Nexx devices that are vulnerable to attack:
- Nexx Garage Door Controller (NXG-100B, NXG-200): Version nxg200v-p3-4-1 and prior
- Nexx Smart Plug (NXPG-100W): Version nxpg100cv4-0-0 and prior
- Nexx Smart Alarm (NXAL-100): Version nxal100v-p1-9-1and prior
CISA advises users of those Nexx devices to contact the company’s customer service department. Better yet, you should disconnect any Nexx smart devices you own right now until Nexx issues a security patch.
We reviewed the Nexx Smart Wi-Fi Garage Door Controller NXG-200 back in January 2020. We called the NXG-200 a “sophisticated control upgrade for your garage door opener,” but also “a very expensive one.”
Given what we know now, you should switch off the NXG-200 immediately, and we’ll amend our review with the news.