According to findings from a security researcher, hackers can remotely tap into a specific brand of smart garage door opener controllers and open them all over the world due to a number of security weaknesses that the firm, Nexx, has refused to repair.
The flaws represent a major risk to Nexx users, who have access to wi-fi-connected garage door opener controllers among other things. As per a copy of an email obtained with Motherboard, the researcher who discovered the vulnerability claims that Nexx has not reacted to their attempts to responsibly report the vulnerabilities for months.
“Completely remote. Anywhere in the world,” Sam Sabetan, the security researcher, told Motherboard, describing the hack.
Nexx describes its goods as "easy-to-use products that work with things you already own." Its garage product links to a person's existing garage door opener and allows them to remotely activate it via a smartphone app. “Life is complicated enough. Remembering whether or not you left your garage door open should be the least of your worries: Get peace of mind,” the company advertises on its website. Nexx has run campaigns on Kickstarter.
Sabtean demonstrated the hack in a video proof-of-concept. It shows his fist unlocking his own garage door with the Nexx app, as promised. He then accesses a tool that allows him to read communications sent by the Nexx device. Sabetan uses the app to close the door and records the data that the device sends to Nexx's server during this activity.
Sabetan not only receives information on his own device but also messages from 558 other gadgets. According to the video, he can now see the device ID, email address, and name associated with each. He then sends an order to the garage via software rather than the app, and his door opens once more. Sabetan only tested this on his own garage door, but he could have used this technique to open other users' garage doors as well.
Sabetan told Motherboard he could open doors “for any customer.” “That’s the craziest bug. But the disabling alarm and turning on [and] off smart plugs is pretty neat too,” he added, referring to another Nexx product that allows users to control power outlets in their home.
The repercussions of someone weaponizing these vulnerabilities are far-reaching, and might pose a serious security risk to Nexx's clients. A hacker might randomly open Nexx doors all across the world, exposing their garage contents and possibly their homes to opportunistic robbers. Pets could flee. Customers may become irritated if they see someone opening and closing their property without knowing why. In more extreme circumstances, a hacker could exploit the flaws as part of a targeted assault against the particular garage that used Nexx’s security system.
Sabetan and Motherboard have made numerous attempts to contact Nexx about the problems. Sabetan claimed that the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) had tried to contact him. The corporation has not responded or fixed the issues. This means that security flaws are still available to hackers who desire to exploit them. As a result, Motherboard will not go to great lengths on them, instead focusing on their influence on customers. On Tuesday, CISA issued its own advisory regarding security issues.
Nexx appears to be purposefully disregarding at least some inquiries attempting to alert them to the vulnerabilities. Sabetan contacted Nexx's support again because Nexx's support email did not react to his vulnerability report, this time stating that he needed assistance with his own Nexx product. According to a copy of the email Sabetan shared with Motherboard, Nexx's support personnel responded at the time.
“Great to know your support is alive and well and that I’ve been ignored for two months,” Sabetan replied. Please respond to ticket [ticket number,” he wrote, referring to his vulnerability report.