Own a Nexx “smart” alarm or garage door opener? Get rid of it, or regret it

Own a Nexx "smart" alarm or garage door opener? Get rid of it

Nexx is a manufacturer of “smart” devices – plus, alarms, garage door openers, that kind of thing.

Unfortunately their response to vulnerabilities is not-so-smart. According to a blog post by security researcher Sam Sabetan, Nexx not only ignored his warning about serious security holes in its products, but has ignored attempts by the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) to get the problems fixed too.

So what are the security issues?

According to Sabetan and >CISA, Nexx devices suffer from serious vulnerabilities that could allow an attacker to receive sensitive information, make API requests, or hijack devices.

Meaning a hacker could remotely open or close the garage door, seize control of alarms, and switch on (or switch off) customers’ “smart” plugs.

That’s all pretty bad.

To make matters worse, over 40,000 devices, located in both residential and commercial properties, are said to be vulnerable.

Sign up to our free newsletter.
Security news, advice, and tips.

But what’s utterly reprehensible is that Nexx appears to have completely ignored attempts by the security researcher and the Department of Homeland Security to raise the issue, and has not warned its customers about the problem.

As Sabetan puts it:

“Nexx has consistently ignored communication attempts from myself, the Department of Homeland Security, and the media. Device owners should immediately unplug all Nexx devices and create support tickets with the company requesting them to remediate the issue.”

Any company selling IoT devices needs to take the security and safety of its customers seriously. It’s easy to see that Nexx has failed to do that.

Don’t buy Nexx products. If you’re already a customer, disconnect them, ask for your money back, or chuck them in the trash.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Own a Nexx “smart” alarm or garage door opener? Get rid of it, or regret it”

  1. Ed Reed

    Did you ask NEXX for a comment on this story? What's their position on the issue?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.