One brand of garage doors has given hackers a home run because of the easily manipulated security features embedded in the door’s security code.
Nexx is the brand behind the faulty doors—which will continue to be remotely opened from locations around the globe so long as the bug goes unfixed.
A security researcher who brought the issue to the company’s attention says they refuse to address the core vulnerabilities keeping people from being safe inside their homes and Department of Homeland Security officials are also waiting on a response about similar safety concerns.
“Completely remote. Anywhere in the world,” Sam Sabetan, the security researcher, told Motherboard, describing the hack.
Sabtean made a video proof-of-concept of the hack. It shows him fist opening his own garage door as expected with the Nexx app. He then logs into a tool to view messages sent by the Nexx device. Sabetan closes the door with the app, and captures the data the device sends to Nexx’s server during this action.
Sabetan told Motherboard he could open doors “for any customer.”