Security News > 2023 > April > Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know

Hack and enter! The “secure” garage doors that anyone can open from anywhere – what you need to know
2023-04-05 18:49

Cybersecurity researcher Sam Sabetan yesterday went public with insecurity revelations against IoT vendor Nexx, which sells a range of "Smart" devices including door openers, home alarms and remotely switchable power plugs.

Sabetan deliberately didn't publish precise details of the bugs, or provide any proof-of-concept code that would allow just anyone to start hacking away on Nexx devices without already knowing what they were doing.

Attackers who know your device ID can use it to control that device, without providing any sort of password or additional cryptographic evidence that they're authorised to access it.

That's reasonable enough, even though the access credentials buried in the firmware weren't officially published, given that his intention seems to have been to determine how well-secured the data exchanges were between the app on his phone and Nexx, and between Nexx and his garage door.

The network data revealed the traffic of other users who were interacting with their devices at the same time, suggesting that all devices always used the same access key for all their traffic, and thus that anyone could snoop on everyone.

Operate your devices directly, not via the Nexx cloud-based app, until patches are available, assuming that's possible for the devices you own.


News URL

https://nakedsecurity.sophos.com/2023/04/05/us-government-warning-what-if-anyone-could-open-your-garage-door/