Hackers can open Nexx garage doors remotely, and there's no fix

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Multiple vulnerabilities discovered Nexx smart devices can be exploited to control garage doors, disable home alarms, or smart plugs.

There are five security issues disclosed publicly, with severity scores ranging from medium to critical that the vendor has yet to acknowledge and fix.

The most significant discovery is the use of universal credentials that are hardcoded in the firmware and also easy to obtain from the client communication with Nexx's API.

The vulnerability can also be exploited to identify Nexx users, allowing an attacker to collect email addresses, device IDs, and first names.

A video showing the impact of the security flaw, tracked as CVE-2023–1748, is available below. It could be used to open any Nexx-controlled garage door.



On January 4, independent security researcher Sam Sabetan published a writeup about the flaws, explaining how an attacker could leverage them in real life.

It is estimated that there are at least 40,000 Nexx devices associated with 20,000 accounts. Due to the severity of the security problem, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also published a relevant alert.

CISA warns owners of Nexx products that attackers could access sensitive information, execute API requests, or hijack their devices.

 

a090

Level 2
Mar 26, 2023
67
Smart devices for… let’s just say “less than smart” folks.

You want to be safe? Get something that can’t be hacked. Like a regular mechanical garage door opener. A regular press-the-button thermostat (as opposed to Nest). A door with a physical key. And so on…

Why people think everything needs to be connected to the net is beyond me. The next thing you know, we’ll have internet access built into your toaster.

If it connects to the net, it can be hacked. Simple concept that most people don’t get.
 

Jonny Quest

Level 15
Verified
Top Poster
Well-known
Mar 2, 2023
726
Smart devices for… let’s just say “less than smart” folks.

You want to be safe? Get something that can’t be hacked. Like a regular mechanical garage door opener. A regular press-the-button thermostat (as opposed to Nest). A door with a physical key. And so on…

Why people think everything needs to be connected to the net is beyond me. The next thing you know, we’ll have internet access built into your toaster.

If it connects to the net, it can be hacked. Simple concept that most people don’t get.
Just as long as you don't take my TV remote control away from me..I'm not getting up to change the channel :) :)
 

a090

Level 2
Mar 26, 2023
67
Just as long as you don't take my TV remote control away from me..I'm not getting up to change the channel :) :)

Ha! Ain’t that the truth, brother? :ROFLMAO:

Apparently, there is already such.

Ha!

Well, that’s a disaster just waiting to happen. Sure I’m a paranoic that doesn’t allow Alexa or other devices in my house (not a fan of Smart TVs either), so I’m off the deep end on some things…but imagine a spy toaster. That’s a perfect trojan horse because no one will suspect it.
 
  • Like
Reactions: Trident

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top