Hackers can remotely tap into the Nexx brand of smart garage door opener controllers and open them across the world by targeting them on the internet, a security researcher says.
Security researcher Sam Sabetan says he found a series of vulnerabilities with Nexx smart garage openers, which allows hackers to remotely open according to a report by Vice.
“Completely remote. Anywhere in the world,” Sabetan told Vice’s Motherboard.
Sabetan further said that Nexx has declined to fix the series of vulnerabilities that contribute to this problem, citing the smart garage door brand not replying to the security researchers’ multiple attempts to report the issue to the company.
Nexx’s garage product connects to a customer’s existing garage door opener, and allows them to activate it remotely through a smartphone app.
Sabetan made a video showing that he can hack the system
Watch Below:
In the video, the security researcher first opens his own garage door as one normally does with the Nexx app, then he logs into a tool to view messages sent by the company’s device. From there, he closes the garage door with the app, and then captures data the device sends to Nexx’s server.
During that action, Sabetan received messages from 558 other devices that aren’t his, allowing him to see other customers’ devices IDs, email addresses, and names.
The security researcher could then replay a command back to the garage through the software — instead of the app — and open his door again. While he only tested this on his own garage door, he says he can perform the same action to remotely open other customers’ garage doors if he wanted to.
Sabetan told Motherboard that he can open garage doors “for any customer.”
“That’s the craziest bug. But the disabling alarm and turning on [and] off smart plugs is pretty neat too,” he added, referring to another Nexx device that lets users control power outlets in their homes.
Nexx has reportedly failed to respond to Sabetan and Motherboard when contacted about the dangerous vulnerabilities with their product.
Sabetan added that the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) told him it has also tried to contact Nexx.
Given that the security vulnerabilities are still available to hackers who may wish to open people’s garage doors, the techniques have not been described in great detail.
Additionally, the CISA published its own advisory about Nexx’s security issues on Tuesday.
You can follow Alana Mastrangelo on Facebook and Twitter at @ARmastrangelo, and on Instagram.