Hackers have found a bug that remotely opens smart garage doors

hackers They discovered a bug that gave them access to user information and allowed them to open and close remotely Garage doors From the Internet-of-Things brand nixxlike Motherboard reports. Nexx wi-fi controllers Connect to common garage doors, turning existing devices into networked devices that owners can operate from anywhere in the world.

In case you missed it:

Now, hackers may also power your wi-fi-enabled garage doors because of a flaw discovered by a cybersecurity researcher. Sam Thabetanwho says Motherboard that it was able to intercept sensitive data sent from the Nexx wi-fi console to the company’s servers in the United States:

Sabtean provided a proof-of-concept video of the hack. His fist is shown opening his garage door as expected with the Nexx app. Then he logs into a tool to view messages sent by the Nexx device. Sabetan closes the door with the app and captures the data that the device sends to the Nexx server during this procedure.

With it, Sabetan receives not only information about his device, but also messages from 558 other devices that are not his. He’s now able to see the device ID, email address, and name associated with each, according to the video.

Then Sabetan sends a command back to the garage through the software—instead of the app—and opens its door again. Sabetan only tested this on his own garage door, but he could open other users’ garage doors remotely with this technology.

The specific vulnerability is not described in detail in order to protect users who may still be vulnerable to the application security vulnerability. Even worse, the flaw applies to other devices the company sells, including wi-fi-enabled alarms and smart plugs. Again, all of these devices are integrated into the Nexx app, so it is possible for hackers to intercept and possibly even control their data as seen in the video. Great wheels on it Scion FR-SBy the way.

On top of being able to open and close garage doors and possibly enter someone’s home, hackers can also disable Nexx alarms and even turn off anything connected to networked power outlets via Nexx consoles.

G/O Media may earn a commission

67% off

Steel outdoor fire pit

gathered around the fire.
With a powder-coated steel finish and bronze finish, this fire pit is as beautiful as it is durable.

This particular bug has not been addressed for several months, according to Sabetan, who said he has tried to communicate with Nexx over and over since the vulnerability was discovered. The company has not responded to the white hat reports yet.

Sabetan adds that the company’s support staff finally responded to an inquiry he phrased as a request for “help with his Nexx product.” Technically, this is true because the researcher needed help with his Nexx product – as well as any other product showing the same security flaw. The Nexx support team responded immediately to his request for “help,” but Sabetan said, “It’s great to know your support is alive and well and that I’ve been ignored for two months.”

Messages sent to the helpdesk may be scanned and then sent to different departments. But Nexx also ignored contact attempts from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. This subsection back home Consultant publishing about Nexx devices this week, but Nexx has failed to officially acknowledge the issue.

Nexx has not responded to bug reports from Sabetan, and has not issued a patch in the meantime. That’s just the reality of the constantly connected world we live in, where so-called smart homes can be made insecure with a device that promises to make life more convenient, ostensibly safer.

Nexx talks about the value of garage door controls by saying that they will help you take the worry out of wondering if you left your garage door unlocked. We’ve reached out for comment, and will provide an update if Nexx responds.