Tag

Nexx

All articles tagged with #nexx

cybersecurity2 years ago•3 min saved

Smart Garage Doors Vulnerable to Remote Hijacking Due to Unpatched Security Flaws

Hackers have discovered a vulnerability in Nexx's wi-fi controllers that allows them to remotely open and close garage doors, as well as access sensitive user information. Cybersecurity researcher Sam Sabetan was able to intercept data sent from the Nexx wi-fi controller to the company's servers, and even control other users' garage doors. The flaw also applies to other devices sold by Nexx, including wi-fi enabled alarms and smart plugs. Despite attempts to reach out to Nexx, the company has been unresponsive and has not released a patch for the vulnerability.

via Jalopnik|

#cyberattack #cybersecurity #garage-doors

cybersecurity2 years ago•2 min saved

Nexx Smart Garage Doors Vulnerable to Remote Hacking

Multiple vulnerabilities have been discovered in Nexx smart devices that can be exploited to control garage doors, disable home alarms, or smart plugs. The most significant discovery is the use of universal credentials that are hardcoded in the firmware and also easy to obtain from the client communication with Nexx's API. The vendor has yet to acknowledge and fix the five security issues disclosed publicly, with severity scores ranging from medium to critical. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a relevant alert, warning owners of Nexx products that attackers could access sensitive information, execute API requests, or hijack their devices.

via BleepingComputer|

#cisa #cybersecurity #garage-doors

technology2 years ago•5 min saved

Nexx Smart Garage Door Openers Vulnerable to Remote Hacking

Security researcher Sam Sabetan has discovered software vulnerabilities in Nexx's suite of smart home devices, including internet-connected garage doors, alarms, and wall plugs, that could allow a hacker to hijack them completely. The bugs could allow a bad actor to access the personal information of all Nexx account holders and manipulate any Nexx-connected devices, including opening and closing garage doors, turning alarms on and off, and deactivating wall plugs. The vulnerabilities stem from a problematic password that was freely available in the app's API, which was used for every single device that connected to Nexx's cloud environment. Despite multiple attempts to contact Nexx, the company has not acknowledged the problem, and users are advised to unplug all Nexx devices and create support tickets with the company requesting them to remediate the issue.

via Gizmodo|

#cybersecurity #iot #nexx

cybersecurity2 years ago•5 min saved

Smart Garage Door Openers Vulnerable to Remote Hacking

A researcher has discovered severe security and privacy vulnerabilities in Nexx's garage door controller, which is used to open and close garage doors and control home security alarms and smart power plugs. The device uses a universal password to communicate with Nexx servers, and broadcasts unencrypted user data and commands, making it easy for anyone with a moderate technical background to search Nexx servers for a given email address, device ID, or name and issue commands to the associated controller. The researcher advises anyone using the device to immediately disconnect it until the vulnerabilities are fixed.

via Ars Technica|

#cybersecurity #garage-door-controller #iot

cybersecurity2 years ago•2 min saved

Smart Garage Door Opener Vulnerability Allows Remote Hacking

Security researcher Sam Sabetan has discovered a major security hole in the mobile app for Nexx's smart garage door controller, which allows hackers to remotely open connected doors. The vulnerability is due to a shared universal password that applies across all devices and leaks via Nexx's API and firmware. Sabetan also uncovered four other related vulnerabilities that can involve hijacking Nexx's smart plugs and smart alarm products. Despite attempts to contact the company, Nexx has been silent on fixing the issue. Sabetan estimates that over 40,000 devices are impacted and recommends disconnecting the devices and contacting Nexx for remediation steps.

via PCMag|

#cybersecurity #iot-devices #nexx