Image: Sam Sabetan
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Nexx says it sells “Easy-to-use products that work with things you already own.” Its garage product connects to a person's existing garage door opener and allows them to activate it remotely through a smartphone app. “Life is complicated enough. Remembering whether or not you left your garage door open should be the least of your worries: Get peace of mind,” the company advertises on its website. Nexx has run campaigns on Kickstarter.Sabtean made a video proof-of-concept of the hack. It shows him fist opening his own garage door as expected with the Nexx app. He then logs into a tool to view messages sent by the Nexx device. Sabetan closes the door with the app, and captures the data the device sends to Nexx’s server during this action.With that, Sabetan doesn’t just receive information about his own device, but messages from 558 other devices that aren’t his. He is now able to see the device ID, email address, and name linked to each, according to the video.Sabetan then replays a command back to the garage through the software—rather than the app—and his door opens once again. Sabetan only tested this on his own garage door, but he could have remotely opened other users’ garage doors with this technique.Have you discovered any other serious vulnerabilities? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.
Advertisement