Do you have this smart garage door opener? Disconnect it now

If you have a smart garage door controller from Nexx, consider unplugging it. It has a major security flaw that allows a hacker to remotely open connected doors relatively easily.

“Anyone can open garage doors belonging to others from anywhere in the world,” security researcher Sam Sabetan says of the threat, which Motherboard first reported.(Opens in a new window).

Sabetan discovered the vulnerability in the garage door controller’s mobile app, Nexx Home. The app will exchange a password with Nexx cloud services while establishing a connection with the garage door controller.

The Nexx Smart Wi-Fi NXG-200 Garage Door Controller

(Credit: Nexx)

Ideally, a unique password would be generated for each garage door controller, but Sabetan says Nexx’s system relies on a “universal password” that applies to all devices.

Passwords leaked through the API

Leaked passwords (Credit: Sam Sabetan)

The other issue is that the Universal Shared Password will leak through Nexx’s API and into the firmware that ships with the devices. Sabetan was able to use the password to access the Nexx “MQTT” server which manages remote connections to garage door controllers.

“Upon accessing it, I discovered that all MQTT messages were broadcast universally, including those destined for other clients and devices,” he wrote in a report.(Opens in a new window).

Sabetan posted a video(Opens in a new window) demonstrating the threat. He shows that he is logging into Nexx’s smart home app for the first time and using it to normally open a garage door controller. During this process, Sabetan uses a tool to capture over 500 messages sent through Nexx’s MQTT server, including details of garage controllers owned by other customers.

“User emails, device IDs and first names with last initials are broadcast in the ‘garageDoorOpener’ message,” he added. “This meant it was possible to identify customers based on unique information shared in these messages.”

Examples of captured MQTT commands.

(Credit: Sam Sabetan)

The same user data can also be misused to remotely open or close a user’s garage door controller. In the video, Sabetan simply copies a string of data and replays it on Nexx’s MQTT server to remotely open a garage door.

Recommended by our editors

But the problems don’t end there. Sabetan also discovered four other related vulnerabilities that may involve the hijacking of Nexx’s smart plugs and smart alarm products. Worse still, the vendor remained silent on fixing the issue. Sabetan and Motherboard attempted to contact the company several times, but Nexx did not respond.

As a result, Sabetan says, “If you are a Nexx customer, I strongly recommend that you disconnect your devices and contact Nexx to inquire about remediation steps. It is crucial that consumers are aware of the potential risks associated with IoT devices and demand higher safety standards from manufacturers.

Additionally, Sabetan said the US Cybersecurity and Infrastructure Security Agency (CISA) also contacted Nexx, but never received a response. The agency published its own opinion(Opens in a new window) warn the public of the threat.

Nexx did not immediately respond to a request for comment. In its report, Sabetan estimates “that more than 40,000 devices, located in residential and commercial properties, are impacted”.

SecurityWatch<\/strong> newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs”>

Do you like what you read ?

Sign up for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.

This newsletter may contain advertisements, offers or affiliate links. Signing up for a newsletter indicates your consent to our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.

Leave a Reply

Your email address will not be published. Required fields are marked *