Nexx Garage Doors, Smart Home Systems Vulnerable to Hackers

The Internet of Things (IoT) has become ingrained in our lives in a multitude of ways - from health and fitness trackers helping us to be more knowledgeable and deliberate in our wellness journeys to smart appliances that help us keep food fresh and make cooking a breeze. Its functions in the home go beyond the kitchen; in fact, many folks have more “smart” technology in their homes than dumb. Security systems, smart doorbells, and temperature units can now all be controlled from your phone, often whether you are at your house or not. Another area that has been touched by IoT is the garage door - which can be a good thing to be able to access remotely in case you forgot to close it on your way out to work that day or before a big family road trip. However, one company is finding the security considerations around smart garage doors to be considerably challenging.

Nexx is a smart home automation company which offers consumers many of the home protection features of IoT mentioned above. Among their specialities is the garage door controller, which allows a user to see the status of their garage door from their phone, watch, or  tablet from anywhere in the world. While this convenience is attractive to many consumers, there appears to be a vulnerability in the company’s devices which allows the garage door to be controlled by hackers, also granting them access to the security system and other smart Nexx devices in the home. This is where the realm of cybersecurity overlaps with that of real life - while a cybersecurity threat is daunting and should be taken seriously, it pales significantly in comparison to the fear induced by a physical risk to your family. By exploiting a vulnerability in the system, hackers can use their technology savvy to gain access to your home. 

This vulnerability was unveiled in a recent disclosure from the company about five major security issues; the problem with the vulnerability which hackers are taking advantage of in order to gain access to users’ home devices is that there are universal credentials hardcoded in the firmware of the devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has stepped in and the entity warns owners of the company’s products that malicious actors could exploit the vulnerability to take over and control their Nexx devices and that sensitive information could be accessed as well.

Image by Freepik.

‍