Nexx smart garage door openers have be found to have several critical security vulnerabilities that could see hackers able to open up your home from anywhere in the world with a few simple steps, giving unwanted entry into your property and exposing any valuables you may keep inside.
A series of five vulnerabilities were noted by Sam Sabetan, who in collaboration with The United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) disclosed the findings that were first discovered in late 2022.
The vulnerabilities are estimated to affect more than 40,000 devices in residential and commercial properties, accounting for around 20,000 active Nexx account holders.
Nexx smart home vulnerabilities
Beyond the smart garage door opener, Sabetan also found security issues with the company’s smart plugs and, to a certain degree, its smart alarm home security system. Garage door openers can be accessed via email address, first name and last initial, or device ID.
A timeline posted on Sabetan’s blog details a three-month period during which a now closed ticket was submitted to Nexx, followed up by further communications, the opening of a case with CISA, and further attempts from Vice, which is credited with first reporting the news.
Sabetan explains: “Nexx has not replied to any correspondence from myself, DHS (CISA and US-CERT), or VICE Media Group. I have independently verified Nexx has purposefully ignored all our attempts to assist with remediation and has let these critical flaws continue to affect their customers.”
The security researcher has urged all customers to unplug “all Nexx devices” and to create support tickets with the company, in the hope that a mass movement may spur the company into action.
The Nexx Smart Wi-Fi Garage Door Controller NXG-200 currently retails for $79.99 but is currently marked as out of stock. Its Smart Plug NXPG-100W ($16.99) and Smart Alarm ($149.99) are available to purchase. The company also promises 9-9 support, seven days a week, with average wait times around one hour. Nexx didn’t immediately respond to TechRadar Pro’s request for comment.
- Get some peace of mind with the best firewall