This smart garage door opener is vulnerable to attack — disconnect yours now
Nexx smart garage door openers vulnerable to remote hacking - disconnect yours now
Nexx, a popular smart garage door opener, has a dangerous flaw that could enable a hacker to easily open your garage door from anywhere in the world.
As first reported by Motherboard, a security researcher discovered a bug in Nexx smart garage door openers that could let a hacker control it from virtually anywhere. It could potentially impact more than 40,000 devices and around 20,000 users.
Like many smart garage door openers, the Nexx is a small box that's wired to your garage door opener and connects wirelessly to your home Wi-Fi network. When you send a command via the Nexx app — say to open the door — it's relayed through the cloud to the device connected to your garage door opener.
In a video posted to YouTube, Sam Sabetan, the security researcher, analyzed the data that was sent from the Nexx to the company's servers, and discovered that he was able to receive information from 558 other devices, including device ID, email addresses, and names associated with each device.
Sabetan was then able to use the software to send a command through Nexx's servers to open his garage door, without using the Nexx app. Sabetan told Motherboard that he could have just as easily controlled other Nexx devices that weren't his.
Sabetan told Tom's Guide that when he moved about a year ago, the previous homeowner had left their Nexx Smart Garage door controller. "Given my background in security and experience with reverse engineering internet-connected devices, I couldn't resist taking it apart to see how it functioned," Sabetan said. "Within just an hour, I managed to gain control over garages belonging to any Nexx customer. Intrigued, I delved deeper into Nexx's Smart Plugs and Alarms and found that there's actually a widespread systemic security issue within the entire Nexx ecosystem."
And, it appears that the hack isn't limited to Nexx's smart garage door opener: According to Sabetan, he could also control Nexx smart plugs and Nexx's smart Alarm system, too.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
When Sabetan first learned about the problem, he contacted Nexx in early January, 2023. After several attempts — including emailing Nexx's founder — Sabetan then contacted the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). That agency told Sabetan that it also tried to reach Nexx, and subsequently posted its own advisory about Nexx's products.
Motherboard attempted to contact Nexx, to no avail. Tom's Guide also reached out to Nexx, but has yet to hear back.
What to do if you have a Nexx smart garage door opener
Suffice to say, if you have a Nexx smart garage door controller, you should disconnect it immediately. The same goes for any other Nexx smart home product; currently, only the smart garage door controller , smart plug and smart alarm are listed for sale on Amazon.
We're removing the Nexx garage door opener from our list of the best smart garage door openers until we get confirmation that the issue has been fixed.
And if you're in the market for a replacement, check out our list of the best smart garage door openers and best smart plugs available.
More from Tom's Guide
Michael A. Prospero is the U.S. Editor-in-Chief for Tom’s Guide. He oversees all evergreen content and oversees the Homes, Smart Home, and Fitness/Wearables categories for the site. In his spare time, he also tests out the latest drones, electric scooters, and smart home gadgets, such as video doorbells. Before his tenure at Tom's Guide, he was the Reviews Editor for Laptop Magazine, a reporter at Fast Company, the Times of Trenton, and, many eons back, an intern at George magazine. He received his undergraduate degree from Boston College, where he worked on the campus newspaper The Heights, and then attended the Columbia University school of Journalism. When he’s not testing out the latest running watch, electric scooter, or skiing or training for a marathon, he’s probably using the latest sous vide machine, smoker, or pizza oven, to the delight — or chagrin — of his family.