Nexx, the manufacturer behind a smart garage door controller that can be easily hacked, has decided to temporarily solve the problem by nuking the product’s main functionality.
As Motherboard reports(Opens in a new window), the vendor sent an email to customers about shutting down the Nexx smart garage controller’s ability to communicate over the internet.
“As we examine the issue, we are taking proactive action by temporarily disabling internet access remote control for Nexx Garage, Nexx Gate, and Nexx Plug devices,” the brand wrote, according to various users(Opens in a new window) who received(Opens in a new window) the message.
(Credit: Daniel Szemenyei on Facebook)
In other words, Nexx has pulled the plug on the whole point of owning its product, which is designed to let you open a garage door remotely over the internet via an app. Several customers have reported already losing access to their installed Nexx garage door controllers.
“No wonder mine have been down. I’ve had to open my garage with the remote like a caveman,” one customer(Opens in a new window) said on Reddit.
(Credit: Nexx)
In a Facebook community group devoted to Nexx products, another user wrote(Opens in a new window): “I have two NXG100 units that both stopped working at the same time last night. I disconnected power and reconnected just to see if that would reset it…. that didn’t work.”
That said, not every function has been shut down. In the email, the vendor notes: “Nexx Garage NXG-200, Nexx Garage NXG-300, Nexx Gate, and Nexx Plug can continue to be controlled via the products’ Bluetooth protocol, which allows the devices to work with full functionalities within a certain range (usually within 30-50 feet).”
Hence, you can still remotely access the smart garage controller on a smartphone—but only if you’re close enough. That makes the product essentially no different from a traditional remote control for a garage door. Still, the email notes Nexx is working on resolving the issue, so a permanent solution could be on the way.
In the meantime, Nexx appears to have stopped selling its smart home products. The vendor’s web page for Nexx Garage, Plug, and Alarm all currently show a “Page not found” error. The site also appears to have halted e-commerce sales for the affected products on its online store.
Recommended by Our Editors
Nexx, which is operated by Texas-based Simpaltek, didn’t responcd to a request for comment. But security researcher Sam Sabetan, who discovered the vulnerabilities, notified the company about the flaws in January. However, he and the US Cybersecurity and Infrastructure Security Agency (CISA)—which also reached out—never received a response.
“I have independently verified Nexx has purposefully ignored all our attempts to assist with remediation and has let these critical flaws continue to affect their customers,” he wrote in a blog post(Opens in a new window) earlier this week.
Sabetan advises customers to disconnect the devices from the internet. In total, he found five vulnerabilities(Opens in a new window) in the company’s products, one of which could allow a hacker to easily hijack the smart garage door controller. “Anyone can open garage doors belonging to others from anywhere in the world,” he warns.
Sabetan also says Nexx Alarm suffers from similar flaws. However, the company’s message to customers claims Nexx Alarm is not affected.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0
