Nexx, a brand of smart garage door opener controllers, has declined to fix a series of security vulnerabilities that hackers can exploit to remotely open garage doors, according to a security researcher. Sam Sabetan discovered the vulnerabilities and warned Nexx but did not receive a response. He then made a video proof-of-concept of the hack, showing how the vulnerability can be exploited. Sabetan was able to view messages sent by the Nexx device and replay commands to open other users’ garage doors remotely. Hackers can use these vulnerabilities to open Nexx doors around the world, potentially exposing users’ garage contents and homes to opportunistic thieves, pets could escape, or users might just get annoyed at someone opening and closing their property. A hacker could also use the vulnerabilities in a targeted attack against a particular garage that used Nexx’s security system.
Despite repeated attempts to contact Nexx, Sabetan and Motherboard have not received a response. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has also attempted to contact Nexx without success. The vulnerabilities remain unpatched, and for that reason, Motherboard is not describing them in detail but focusing on their impact on consumers. CISA issued its own advisory about the security issues on Tuesday.
Nexx’s garage product connects to a person's existing garage door opener and allows them to activate it remotely through a smartphone app. The company has run campaigns on Kickstarter and advertises that its products are “easy-to-use” and “work with things you already own.” The vulnerabilities pose a serious risk to users of Nexx’s wi-fi enabled garage door opener controllers and other products. The consequences of someone weaponizing these vulnerabilities are wide-ranging and potentially a real security threat to Nexx’s customers.
It is unclear why Nexx has not responded or fixed the vulnerabilities. Sabetan contacted Nexx’s support twice, with only the second email being answered. He expressed his frustration with Nexx’s support team, stating that he had been ignored for two months.
Brian Contos, CSO, Sevco Security shared the danger of fundamental security issues and the danger unsecured IoT devices can pose:
“Smart garage door openers, like any IoT device used in the home or office, suffer from common security issues. The most fundamental security issue is visibility, and the simple fact is that most organization don’t know what devices are accessing their network, up to and including IoT devices. Most IoT devices run standard operating systems, like Linux, that are network-connected and operate with the same ports, protocols, and hardware components found in a laptop. However, they work with old, end-of-life, and vulnerable operating systems and default credentials. In most cases, these devices are unmanaged, under-managed, or unknown. Compromising IoT devices can be as simple as logging in with a default password, and many have critical vulnerabilities allowing multiple paths to exploitation.
Once an IoT device is compromised, it can be used for various attacks, such as spying with audio and video through security cameras, unlocking doors, shutting down power, and attacking on-premise IT devices and cloud-based assets. Many IoT attacks today are nothing more than a mechanism to maintain persistence and evade detection while exfiltrating sensitive data of those IT and cloud assets. Unless you want to be the CISO that explains to your board that the crown jewels were breached because of a garage door opener, you must have an accurate and near-real-time inventory of all your critical assets, including IoT.”
###