Nexx, a popular smart garage door opener, has a dangerous flaw that could enable a hacker to easily open your garage door from anywhere in the world.
As first reported by Motherboard, a security researcher discovered a bug in Nexx smart garage door openers that could let a hacker control it from virtually anywhere. It could potentially impact more than 40,000 devices and around 20,000 users.
Like many smart garage door openers, the Nexx is a small box that's wired to your garage door opener and connects wirelessly to your home Wi-Fi network. When you send a command via the Nexx app — say to open the door — it's relayed through the cloud to the device connected to your garage door opener.
In a video posted to YouTube, Sam Sabetan, the security researcher, analyzed the data that was sent from the Nexx to the company's servers, and discovered that he was able to receive information from 558 other devices, including device ID, email addresses, and names associated with each device.
Sabetan was then able to use the software to send a command through Nexx's servers to open his garage door, without using the Nexx app. Sabetan told Motherboard that he could have just as easily controlled other Nexx devices that weren't his.
Sabetan told Tom's Guide that when he moved about a year ago, the previous homeowner had left their Nexx Smart Garage door controller. "Given my background in security and experience with reverse engineering internet-connected devices, I couldn't resist taking it apart to see how it functioned," Sabetan said. "Within just an hour, I managed to gain control over garages belonging to any Nexx customer. Intrigued, I delved deeper into Nexx's Smart Plugs and Alarms and found that there's actually a widespread systemic security issue within the entire Nexx ecosystem."
And, it appears that the hack isn't limited to Nexx's smart garage door opener: According to Sabetan, he could also control Nexx smart plugs and Nexx's smart Alarm system, too.
When Sabetan first learned about the problem, he contacted Nexx in early January, 2023. After several attempts — including emailing Nexx's founder — Sabetan then contacted the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). That agency told Sabetan that it also tried to reach Nexx, and subsequently posted its own advisory about Nexx's products.
Motherboard attempted to contact Nexx, to no avail. Tom's Guide also reached out to Nexx, but has yet to hear back.
What to do if you have a Nexx smart garage door opener
Suffice to say, if you have a Nexx smart garage door controller, you should disconnect it immediately. The same goes for any other Nexx smart home product; currently, only the smart garage door controller , smart plug and smart alarm are listed for sale on Amazon.
We're removing the Nexx garage door opener from our list of the best smart garage door openers until we get confirmation that the issue has been fixed.