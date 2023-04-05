A researcher warns of the dubious security of connected cabinets for Nexx garage doors

Vulnerabilities reported as early as 2022 have still not been corrected by the firm

Result: hackers are able to quite easily open any garage door controlled by a brand accessory

It is strongly recommended to disconnect the garage opener, or even to urgently switch to another solution if the brand persists in doing nothing.

You may be familiar with this affordable garage door smart cabinet if you recently installed a system that allows you to control everything from your smartphone. Nexx garage door openers can be found at unbeatable prices on various import sites such as AliExpress – around just a hundred euros.

However, using the solutions of this brand based in the United States (according to what we found on the net, Nexx is a firm based in Texas) is a very bad idea according to a security researcher. Sam Sabetan explains on Medium that he discovered and reported a series of serious vulnerabilities affecting their products in 2022 – flaws that have never been patched since.

This connected garage door opener is really a godsend for hackers

And the list of security issues is cause for concern. To start, it is quite easy to extract the username and password (to make matters worse common to all devices) which is supposed to secure the connection with the firm’s cloud servers. A small GET request is enough to get everything needed, and to start sending commands to the garage doors controlled by these systems.

Especially since once in the holy of holies, the orders themselves are not encrypted. No certificate is used either in the communication with the servers or the sending of commands. All problems that can be easily exploited by hackers and burglars to enter your home without the slightest trace of tampering – as if you had left the garage door open yourself.

Our colleagues from ArsTechnica explain that more than 40,000 Nexx devices are installed in the United States on residential and commercial sites. The figures making it possible to estimate the penetration of Nexx internationally (particularly in France) are not known. “Nexx systematically ignored my contact attempts, those of the Department of Homeland Security, and the solicitations of the media”laments the researcher.

And to add: “I strongly advise owners to unplug all Nexx devices and urge customer service to do whatever is necessary to fix the problem”. Something to remind you that you have to be vigilant with connected objects – especially those that ensure the security of your property and your home.