by Nexx, the maker behind a smart garage door controller that can be easily hacked, decided to temporarily fix the problem by disabling the core functionality of the product.
As the motherboard reports(Opens in a new window)the supplier has emailed customers regarding the shutdown of the Nexx Smart Garage Controller’s ability to communicate over the internet.
“While we investigate the issue, we are taking proactive action by temporarily disabling remote internet access control for Nexx Garage, Nexx Gate, and Nexx Plug devices,” the brand wrote, according to various users.(Opens in a new window) who received(Opens in a new window) the message.
(Credit: Daniel Szemenyei on Facebook)
In other words, Nexx has unplugged the whole point of owning its product, which is designed to let you open a garage door remotely over the internet via an app. Several customers have reported that they have already lost access to their installed Nexx garage door controllers.
“No wonder mine broke down. I had to open my garage with the remote like a caveman”, a customer(Opens in a new window) said on Reddit.
(Credit: Nexx)
In a Facebook community group dedicated to Nexx products, another user wrote(Opens in a new window): “I have two NXG100 units that both stopped working at the same time last night. I unplugged the power and plugged it back in just to see if that reset it…didn’t work.
That said, not all functions have been closed. In the email, the vendor notes, “Nexx Garage NXG-200, Nexx Garage NXG-300, Nexx Gate and Nexx Plug can continue to be controlled via the products Bluetooth protocol, allowing the devices to work with all the features within a certain range (usually between 30 and 50 feet).
Therefore, you can still remotely access the smart garage controller on a smartphone, but only if you are close enough. This makes the product essentially no different from a traditional remote control for a garage door. Still, the email notes that Nexx is working on resolving the issue, so a permanent fix might be on the way.
In the meantime, Nexx appears to have stopped selling its smart home products. The vendor webpage for Nexx Garage, Plug and Alarm is currently showing a “Page Not Found” error. The site also appears to have halted online sales of the affected products on its online store.
Recommended by our editors
Nexx, which is operated by Texas-based Simpaltek, did not respond to a request for comment. But security researcher Sam Sabetan, who discovered the vulnerabilities, notified the company of the flaws in January. However, he and the US Cybersecurity and Infrastructure Security Agency (CISA) – which also reached out – never received a response.
“I have independently verified that Nexx deliberately ignored all our attempts to assist with remediation and let these critical flaws continue to affect their customers,” he wrote in a blog post.(Opens in a new window) earlier this week.
Sabetan advises customers to disconnect devices from the internet. In total, he found five vulnerabilities(Opens in a new window) in the company’s products, one of which could allow a hacker to easily hijack the smart garage door controller. “Anyone can open garage doors belonging to others from anywhere in the world,” he warns.
Sabetan also says that Nexx Alarm suffers from similar flaws. However, the company’s message to customers claims that Nexx Alarm is unaffected.
Do you like what you read ?
Sign up for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.
This newsletter may contain advertisements, offers or affiliate links. Signing up for a newsletter indicates your consent to our Terms of Service and Privacy Policy. You can unsubscribe from newsletters at any time.
