Own a Nexx “smart” alarm or garage door opener? Get rid of it, or regret it

Own a Nexx "smart" alarm or garage door opener? Get rid of it

Nexx is a manufacturer of “smart” devices – plus, alarms, garage door openers, that kind of thing.

Unfortunately their response to vulnerabilities is not-so-smart. According to a blog post by security researcher Sam Sabetan, Nexx not only ignored his warning about serious security holes in its products, but has ignored attempts by the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) to get the problems fixed too.

So what are the security issues?

According to Sabetan and >CISA, Nexx devices suffer from serious vulnerabilities that could allow an attacker to receive sensitive information, make API requests, or hijack devices.

Meaning a hacker could remotely open or close the garage door, seize control of alarms, and switch on (or switch off) customers’ “smart” plugs.

That’s all pretty bad.

To make matters worse, over 40,000 devices, located in both residential and commercial properties, are said to be vulnerable.

Sign up to our free newsletter.
Security news, advice, and tips.

But what’s utterly reprehensible is that Nexx appears to have completely ignored attempts by the security researcher and the Department of Homeland Security to raise the issue, and has not warned its customers about the problem.

As Sabetan puts it:

“Nexx has consistently ignored communication attempts from myself, the Department of Homeland Security, and the media. Device owners should immediately unplug all Nexx devices and create support tickets with the company requesting them to remediate the issue.”

Any company selling IoT devices needs to take the security and safety of its customers seriously. It’s easy to see that Nexx has failed to do that.

Don’t buy Nexx products. If you’re already a customer, disconnect them, ask for your money back, or chuck them in the trash.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Own a Nexx “smart” alarm or garage door opener? Get rid of it, or regret it”

  1. Ed Reed

    Did you ask NEXX for a comment on this story? What's their position on the issue?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.