This smart garage door opener is vulnerable to attack — disconnect yours now

Nexx smart garage door opener
(Image credit: Nexx)

Nexx, a popular smart garage door opener, has a dangerous flaw that could enable a hacker to easily open your garage door from anywhere in the world. 

As first reported by Motherboard, a security researcher discovered a bug in Nexx smart garage door openers that could let a hacker control it from virtually anywhere. It could potentially impact more than 40,000 devices and around 20,000 users.

Like many smart garage door openers, the Nexx is a small box that's wired to your garage door opener and connects wirelessly to your home Wi-Fi network. When you send a command via the Nexx app — say to open the door — it's relayed through the cloud to the device connected to your garage door opener. 

In a video posted to YouTube, Sam Sabetan, the security researcher, analyzed the data that was sent from the Nexx to the company's servers, and discovered that he was able to receive information from 558 other devices, including device ID, email addresses, and names associated with each device. 

Sabetan was then able to use the software to send a command through Nexx's servers to open his garage door, without using the Nexx app. Sabetan told Motherboard that he could have just as easily controlled other Nexx devices that weren't his. 

Sabetan told Tom's Guide that when he moved about a year ago, the previous homeowner had left their Nexx Smart Garage door controller. "Given my background in security and experience with reverse engineering internet-connected devices, I couldn't resist taking it apart to see how it functioned," Sabetan said. "Within just an hour, I managed to gain control over garages belonging to any Nexx customer. Intrigued, I delved deeper into Nexx's Smart Plugs and Alarms and found that there's actually a widespread systemic security issue within the entire Nexx ecosystem."

And, it appears that the hack isn't limited to Nexx's smart garage door opener: According to Sabetan, he could also control Nexx smart plugs and Nexx's smart Alarm system, too. 

When Sabetan first learned about the problem, he contacted Nexx in early January, 2023. After several attempts — including emailing Nexx's founder — Sabetan then contacted the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). That agency told Sabetan that it also tried to reach Nexx, and subsequently posted its own advisory about Nexx's products.

Motherboard attempted to contact Nexx, to no avail. Tom's Guide also reached out to Nexx, but has yet to hear back.

What to do if you have a Nexx smart garage door opener

Suffice to say, if you have a Nexx smart garage door controller, you should disconnect it immediately. The same goes for any other Nexx smart home product; currently, only the smart garage door controller ,  smart plug and smart alarm are listed for sale on Amazon

We're removing the Nexx garage door opener from our list of the best smart garage door openers until we get confirmation that the issue has been fixed. 

And if you're in the market for a replacement, check out our list of the best smart garage door openers and best smart plugs available.

More from Tom's Guide

TOPICS
Mike Prospero
U.S. Editor-in-Chief, Tom's Guide

Michael A. Prospero is the U.S. Editor-in-Chief for Tom’s Guide. He oversees all evergreen content and oversees the Homes, Smart Home, and Fitness/Wearables categories for the site. In his spare time, he also tests out the latest drones, electric scooters, and smart home gadgets, such as video doorbells. Before his tenure at Tom's Guide, he was the Reviews Editor for Laptop Magazine, a reporter at Fast Company, the Times of Trenton, and, many eons back, an intern at George magazine. He received his undergraduate degree from Boston College, where he worked on the campus newspaper The Heights, and then attended the Columbia University school of Journalism. When he’s not testing out the latest running watch, electric scooter, or skiing or training for a marathon, he’s probably using the latest sous vide machine, smoker, or pizza oven, to the delight — or chagrin — of his family.

Read more
Eight Sleep Pod 4 Ultra with head raised in beige bedroom
Eight Sleep smart beds reportedly have a secret backdoor that can be accessed remotely — everything you need to know
Tight view of Konnected Smart Garage Door Opener blaQ
Konnected Smart Garage Door Opener blaQ review
Cars on the road with blue overlay indicating what data may be contained about the drivers within
Millions at risk due to severe security flaw in license plate readers
Find My iPhone
Apple Find My hack turns any Bluetooth device into a secret AirTag — what we know
Green skull on smartphone screen.
Only 3 of the top 150 Android apps can detect reverse engineering tool Frida — here's why that's bad
Graphic of fibre optic cables attacking code
An estimated 46,000 VPN servers are vulnerable to being hijacked
Latest in Smart Home
HomePod with display concept render
Apple HomePod with display now rumored for late 2025 launch
Schneider Electric Pulse home energy panels.
The Smart Home Upgrade You’ve Been Missing
An Echo Show 10 with the Alexa Plus logo displayed on screen
Alexa+ — I have 4 big questions about Amazon's new AI assistant
An Abode home security menu on a TV screen
Abode now lets you check in on your smart home security system right from your Apple TV
Reolink Altas PT Ultra attached to side of home
Reolink Altas PT Ultra review: Long battery life and crisp 360-degree footage
Apple tvOS 18 new features
New tvOS 18 code hints at Apple's much rumored smart home hub
Latest in News
Sonos logo on a smart speaker
Sonos halts work on rumored super streaming device — what's next?
NYTimes Connections
NYT Connections today hints and answers — Thursday, March 13 (#641)
HomePod with display concept render
Apple HomePod with display now rumored for late 2025 launch
The Apple Watch Series 10 on display at the device's launch in September 2024
Apple Watch sales plummet 19% as smartwatch market declines for first time
Google's Project Astra working on prototype smartglasses in an advertisement
Google just acquired this eye tracking company — hinting at the return of Google glasses
iPhone 17 Air render
iPhone 17 Air could be just 5.5mm thick — but 9.5mm when you throw in the camera bump