Indeed, someone could potentially open your garage door from the other side of the planet if they wanted to. If someone finds out what it is, either from a list online or by socially engineering the victim, the game is indeed up.Īs Ars Technica notes, this alongside controllers broadcasting unencrypted email addresses along with messages needed to open or close doors all means a fairly easy win for a competent attacker. What this means is that the password shipped with the product can never be changed. What are some of the issues at play here? Well, one of the biggest is that hard coded credentials are used to talk to Nexx servers. Developers keep making the hard coded password mistake As per the advisory, successful exploitation of these vulnerabilities could allow an attacker to receive sensitive information or hijack devices and not a huge amount of technical ability is required to perform the attacks. Working with the US Cybersecurity and Infrastructure Security Agency (CISA), five CVEs were eventually assigned. These issues not only affected garage door openers, but also smart plug switches and alarms too. Ars Technica reports that the $80 devices created by Nexx are suffering from a number of security issues which could compromise the safety of your home.Ī Medium post by researcher Sam Sabetan reveals the details.Īt the tail end of 2022, Sam discovered a “series of critical vulnerabilities” in the Nexx range of smart devices. A popular and reasonably cheap garage door controller is making waves in the news, and not in a good way.
0 kommentar(er)
