If you’re the owner of a Nexx smart garage door controller, smart plug, or smart alarm, be warned: your Nexx devices may be open to hacker attacks.
Security researcher Sam Sabetan says (because of the vice) found several “critical vulnerabilities” in Nexx’s range of smart devices last year that could allow hackers to open and close the garage doors of any Nexx customer using the company’s smart garage door controllers.
To make matters worse, the exploit could allow hackers to take over Nexx’s smart plugs and smart alarms as well, meaning bad guys could turn your devices on and off or even take control of your alarms.
Sabetan says he worked on his research with the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (or CISA), which has issued a warning about Nexx vulnerabilities.
The researcher said he also tried contacting Nexx about the security holes through a variety of channels, but never received a response.
We’ve reached out to Nexx for comment.
In a YouTube video, Sabatan demonstrates how he was able to view the credentials of other Nexx users, including their email addresses, device IDs, first names and last initials using non-Nexx software.
He then pulls his credentials from the software and uses them to open his garage door, all without using the Nexx app.
Other vulnerabilities in Nexx’s smart device infrastructure could allow hackers to tamper with Nexx users’ schedules and timers, as well as turn their Nexx smart alarms on and off.
In its advisory, CISA details the Nexx devices that are vulnerable to attack:
Nexx Garage Door Controller (NXG-100B, NXG-200): Version nxg200v-p3-4-1 and earlier Nexx Smart Plug (NXPG-100W): Version nxpg100cv4-0-0 and earlier Nexx Smart Alarm (NXAL-100): Version nxal100v-p1-9-1e earlier
CISA advises users of such Nexx devices to contact the company’s customer service. Better yet, you should unplug any Nexx smart devices you own right now until Nexx releases a security patch.
We reviewed the Nexx Smart Wi-Fi Garage Door Controller NXG-200 in January 2020. We called the NXG-200 a “sophisticated control upgrade for your garage door opener”, but also “very expensive”.
Given what we know now, you should shut down the NXG-200 immediately, and we’ll adjust our review with the news.
Leave a Comment