These Popular Smart Garage Doors Are Vulnerable to Hackers
Everything comes at a cost. In our modern world, we value convenience above most other things. This is why we allow our phones to remember our faces and fingerprints to skip hitting a button. If it can be done faster and easier, we are into it. However, with cars, it can sometimes be a little easier to see that convenience comes with a price. These days, that price is security. Our garages are sacred, and leaving them vulnerable is unacceptable. Hackers are looking for weaknesses in every new convenience. Well, they found a new one in the Nexx smart garage door opener, and they are exploiting that weakness.
Can hackers open your garage doors?
According to CarScoops, Independent researcher Sam Sabetan noticed some serious security flaws with the Nexx’s garage door opener. He described five weaknesses that could give hackers with nefarious intents access to your garage and even your information.
These weaknesses were even given scores based on the severity of the security risk. The scores range from “medium” to “critical.” The most significant of the threats is that the use of universal credentials hard-coded in the firmware is easily taken from a user’s communication with Nexx’s application programming interface. This could allow a hacker to collect email addresses, device IDs, and first names from the system.
How does this work?
Sabetan demonstrates on his own system showing that opening the garage door is only the beginning. He managed to log into the Nexx app to see recent messages sent by the device. Not only could he see messages from his system but also messages from 558 others that do not belong to him.
The initial security threat is a problem on its own. Most people have stuff in their garages that they would prefer to stay secure, but again, the garage is only the beginning. Sabetan says that this security weakness could also allow hackers into any Nexx user’s home.
“That’s the craziest bug,” Sabetan told Motherboard, referring to the garage door. “But the disabling alarm and turning on [and] off smart plugs are pretty neat too.” So a hacker doesn’t have to stop at stealing your priceless race car; they could also get into your home and into your information.
What do Nexx garage door users do now?
CarScoops reports that since publishing his findings, the federal Cybersecurity & Infrastructure Security Agency also noted the security issue. Both Sabetan and CISA say they’ve reached out to Nexx, warning them about this issue, but neither has received any response.
Considering the seriousness of the security flaw, customers are encouraged to take their own mitigation strategies. Owners might want to consider disconnecting their Nexx devices from the WiFi network, isolating control systems from business networks, and using a VPN if they need to use the garage door.